‘Subversive’ NSA forced to back down over cyber encryption techniques
US allies, distrustful of the NSA, have forced the agency to abandon some data encryption techniques it sought to set as the global standard, over fears the spy agency already knew how to bypass the security.
Trust in the NSA is at an all-time low following whistleblower Edward Snowden's revelations that, among other things, it had previously promoted technology it could penetrate and had plotted to manipulate international standards.
This mistrust has manifested itself in a series of closed-door meetings, held around the world over the last three years, Reuters reports. The NSA was trying to push through two encryption techniques, Simon and Speck, that it said were needed for defensive purposes.
Putin: Malware created by intelligence services can backfire on its creators https://t.co/t0aFkUzeeg— RT (@RT_com) May 16, 2017
However, during the meetings with the International Organisation of Standards (ISO), an independent organization with delegations from 162 countries, deep mistrust emerged. Allies pushed back against the NSA’s proposals, fearing that the agency was trying only to promote the techniques because they knew how to get around them.
Interviews and emails, seen by Reuters, confirm that academics and industry experts from a host of allied nations including Israel, Japan and Germany fought to have the NSA back down, though the agency didn’t give up their fight easily.
Citing a lack of peer-reviewed publications by the designers, the lack of adoption by industry and an unclear need for Simon and Speck, the ISO twice delayed the approval process. Questions over the NSA’s motives were clear.
“I don’t trust the designers,” Israeli delegate Orr Dunkelman, told Reuters. “There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”
NSA collected over 151mn phone records in 2016 having warrants for only 42 terrorist suspectshttps://t.co/17IAqkgn0p— RT America (@RT_America) May 3, 2017
Even former NSA employees doubted the need for the new ciphers. “There are probably some legitimate questions around whether these ciphers are actually needed,” said retired agent, and former head of the now-disbanded Information Assurance Directorate, Curtis Dukes.
Similar encryption techniques already exist and the need for new ones is theoretical, he added.
Even if it wasn’t a total victory, the NSA agreed to drop all but the most powerful versions of Simon and Speck, with the techniques now being put forward for the final stage of approval. The vote will be held next February.