Maybe it’s occasionally OK to shoot the messenger. You know, maybe one to the knee to help determine whether or not they can be trusted.
The NSA — which has undermined encryption standards in the past — says it won’t undermine the next strain of encryption, one being built to withstand the inevitable arrival of quantum computing.
The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.
The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.
“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview.
Pardon my cynicism, but that’s exactly the sort of thing someone planning to backdoor encryption would say. The NSA has backdoored encryption standards in the past, something exposed by the Snowden leaks. And while Snowden’s current residence in a country apparently desirous of instigating World War III looks extremely questionable in hindsight, it doesn’t take anything away from the factual revelations he delivered to the world.
While it’s true the NSA has spent less time agitating (at least publicly) for encryption backdoors than, say, the FBI, its troubling past strongly suggests it should not be taken at its word this time around.
But the threat is real. And if the NSA truly cares about national security, it will do nothing to undermine the new standard. Quantum computing has the capacity to be the pipe wrench that makes security efforts mostly irrelevant. The sooner a new standard can be put in place, the better. If the NSA can help achieve this more quickly, it should. But it should never be assumed the NSA’s intentions are pure.
The other concerning question is whether the new standard will arrive ahead of expected quantum encryption cracking efforts.
The Biden administration last week unveiled a plan to switch the entire US economy to quantum-resistant cryptography, which will rely on new NIST algorithms, as much “as is feasible by 2035.”
Joyce, of the NSA, said it was a question of “when, not if.” He is among those who worry U.S. adversaries are stealing and stockpiling encrypted data intended to remain secret for decades or more in anticipation of being able to unlock it when viable quantum computing arrives. China, for one, is pouring billions of dollars of investment into developing quantum computing, according to US researchers.
The tech arms race continues. If the NSA truly cares about the security of the nation, it will stick to its “no backdoors” promise. If it cares more about its own interests, it will find a way to subvert something intended to protect US interests from enemies. And it will justify its efforts by claiming national security is too important a job to be limited by encryption standards capable of withstanding even the NSA’s own encryption-breaking efforts.