NSA cryptography proposal rejected by allies

Distrust of the US National Security Agency has caused experts from allied nations to reject its proposals for new cryptography standards.

A “track record of subverting the standardisation process” has led to the intelligence agency losing much of the respect it once held, according to Dr Steven J Murdoch, a security researcher at University College London.

Emails and interviews with experts from Germany, Japan and Israel revealed widespread concern that the agency was proposing new encryption techniques which it knew how to break, Reuters reported.

Concern regarding the NSA follows a revelation from whistleblower Edward Snowden that the spy agency paid one encryption company $10m (£7.4m) to use a broken algorithm in its products.

An Israeli delegate to the standards meetings, Professor Orr Dunkelman of the University of Haifa, told Reuters: “I don’t trust the designers.

“There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”

After three years of arguments behind closed doors, the NSA has now agreed to drop its proposals for two proposed cryptographic algorithms – Speck and Simon – to be added to international standards.

The widespread use of encryption has drawn criticism from the British government recently, which has claimed that it is frustrating law enforcement and counter-terror investigations.

:: WhatsApp rejected Govt request to access encrypted messages

Video: What the tech companies say about encryption

The British delegation to ISO had no objection to the American proposals, delegate Chris Mitchell told Reuters, saying “no one has succeeded in breaking the algorithms.”

Following the Snowden revelations, he acknowledged that “trust, particularly for US government participants in standardisation, is now non-existent.”

Dr Murdoch told Sky News he agreed with those delegates who rejected the NSA proposal because of the intelligence agency’s “track record of subverting the standardisation processes in order to facilitate surveillance at the cost of security.”

He noted that similar conflict of interest also existed in the UK, as publicised in the Royal Society’s Cybersecurity Report, for which Dr Murdoch was a steering committee member.

The report recommended that the National Cyber Security Centre be independent of GCHQ.

It said “based on the trends and evidence available today this arrangement (of NCSC as a part of GCHQ) is unlikely to be ideal in the longer term” because of the conflict between the defensive role required for NCSC and the offensive activities of GCHQ.


Leave a comment

Your email address will not be published.