Tuesday, November 12, 2013

NIST to Review Standards After Cryptographers Cry Foul Over NSA Meddling

Click here to access article by Jeff Larson from ProPublica
The federal institute that sets national standards for how government, private citizens and business guard the privacy of their files and communications is reviewing all of its previous recommendations.

The move comes after ProPublica, The Guardian and The New York Times disclosed that the National Security Agency had worked to secretly weaken standards to make it easier for the government to eavesdrop.
This is an excellent example of how one agency that was set up to serve the public interest gets undermined and overwhelmed by another highly secretive agency that serves the vital interests of a shadow government representing the ruling class. Notice the differences in resources between the two agencies, and how one collaborates with the other.
But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called "SIGINT Enabling" to secretly undermine encryption. One of the key goals, documents said, was to use the agency's influence to weaken the encryption standards that NIST and other standards bodies publish.

....The NSA is no stranger to NIST's standards-development process. Under current law, the institute is required to consult with the NSA when drafting standards. NIST also relies on the NSA for help with public standards because the institute doesn't have as many cryptographers as the agency, which is reported to be the largest employer of mathematicians in the country.

"Unlike NSA, NIST doesn't have a huge cryptography staff," said Thomas Ptacek, the founder of Matasano Security....