Surveillance: Snowden NSA Controversy

The NSA Crypto Back Door(?)

By Paul Rosenzweig
Wednesday, September 25, 2013, 6:00 PM

By now, most readers will have heard of the New York Times story, alleging (based on disclosures from Edward Snowden) that the NSA has surreptitiously degraded a critical cryptography standard adopted by the National Institute for Standards and Technology.  The fall out from that allegation has been swift -- NIST has reopened the public comment period on the standard and one of the companies that uses the standard as their default cryptography rule has urged their customers to change the default settings.

It turns out, however, that the Times story may have been overstated.  The estimable Kim Zetter from Wired has the full story, but here are the critical paragraphs:

Early this month the New York Timesdrew a connection between their talk and memos leaked by Edward Snowden, classified Top Secret, that apparently confirms that the weakness in the standard and so-called Dual_EC_DRBG algorithm was indeed a backdoor. The Times story implies that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

The Times story has kindled a firestorm over the integrity of the byzantine process that produces security standards. The National Institute of Standards and Technology, which approved Dual_EC_DRBG and the standard, is now facing a crisis of confidence, having been forced to re-open the standard for public discussion, while security and crypto firms scramble to unravel how deeply the suspect algorithm infiltrated their code, if at all. On Thursday, corporate giant RSA Security publicly renounced Dual_EC_DRBG, while also conceding that its commercial suite of cryptographic libraries had been using the bad algorithm as its default algorithm for years.

But beneath the flames, a surprising uncertainty is still smoldering over whether Dual_EC_DRBG really is backdoored. The Times, crypto experts note, hasn’t released the memos that purport to prove the existence of a backdoor, and the paper’s direct quotes from the classified documents don’t mention any backdoor in the algorithm or efforts by the NSA to weaken it or the standard. They only discuss efforts to push the standard through committees for approval.

So what did the NSA actually do?  Turns out, nobody is quite sure.