VPN Articles and News

Electronic Frontier Foundation Calls For NIST Reform

Monday, January 19th, 2015

The Electronic Frontier Foundation (EFF), along with a host of civil society and privacy groups, has called for a drastic overhaul of the functioning of National Institute of Standards and Technology (NIST), the body responsible for developing and certifying encryption standards used by the U.S. government as well as commercial organizations. In a letter sent to NIST, EFF has asked the body to free itself from the clutches of NSA and create secure and resilient encryption standards that are free from known security vulnerabilities and backdoors that could be exploited by the intelligence agencies.

NIST has been under intense scrutiny ever since Edward Snowden leaked documents showing that NSA had intentionally introduced backdoors into standards developed by the organization. As a result of Snowden’s revelations, NIST was forced to acknowledge that the practice of introducing vulnerabilities caused serious damage not only to the organization but also to the tech industry and the government. In a bid to restore the trust and confidence of its customers, the body undertook a thorough review of the crypto standards developed by it. The letter from EFF couldn’t have been sent at a better time since NIST is giving finishing touches to “Cryptographic Standards and Guidelines Development Process”, a roadmap document that will spell out how the organization would develop crypto standards in the future.

Highlighting the economic impact of NSA’s decision of introducing backdoors in algorithms and standards, the letter urged NIST to become more transparent in its operations and advised it to ensure security, integrity and independence of its standards. The letter also asked the body to establish a policy that will highlight the extent of NSA’s involvement in the development and modification of crypto standards and urged it to make such information available in the public domain. Since NIST’s encryption standards are used throughout the world and impact the lives of millions of internet users, the letter also advised NIST to expand its outreach and engage with the public in a meaningful way so that people’s trust and confidence in its products is restored.

Through the letter, EFF requested NIST not to heed to signal intelligence requests from NSA or other security agencies and ensure that the standards developed by it are not weaker than expected in real life situations. Urging the body to expand its technical expertise and decrease its reliance on the funding provided by NSA and other security agencies, the letter advised the organization not to become a part of government’s surveillance programs. The EFF further advised NIST to revisit the Memorandum of Understanding signed between the body and the NSA and limit the role of consultations provided by the intelligence agency and prohibit lowering of encryption standards for signal intelligence activities. The letter even suggested establishing a permanent advisory board that would be responsible for overseeing the development, implementation and auditing of crypto standards. EFF also urged NIST to make a public budget request and secure additional funding even if it required passing of a bill in the Senate.

January 19, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 4 =