Page 1 of 3
The Information Technology and Innovation Foundation (ITIF) is pushing for more transparency with NSA surveillance and encryption standards organizations, arguing that the U.S. government should heed the lessons of the first "crypto wars" in the 1990s.
Recent revelations allege that the NSA has introduced vulnerabilities and backdoors into commercial security products and national security standards. In an ITIF webinar last week, Daniel Castro, senior analyst at the Washington, D.C.-based research establishment, and others discussed and compared the current situation to the "crypto wars" in the mid-1990s, when a debate raged over the government's influence over private IT security companies and their cryptography technology.
"This is very disheartening in the perspective of what the U.S government's role should be in security, which is to make systems more secure and not to make them insecure," said Castro.
Typically organizations that implement standards for rules and regulations, like the National Institute of Standards and Technology (NIST), are established to set and raise the bar for innovation, competitiveness and security. However, the NSA's covert influence over NIST's IT security standards eludes trust, Castro said.
"This standard creating process is supposed to create the common good," said Castro. "However, the problem is that it is seen as the bidding of the NSA and potentially introduces weaknesses, which reduces their ability to be trustworthy in the future. If NIST can't play that role, then somebody else will have to."
Amie Stepanovich, director of the Electronic Privacy Information Center's (EPIC's) Domestic Surveillance Project, said during the webinar that the public's concerns during the first crypto wars are very much pertinent today.
"I think they're incredibly relevant, if not more relevant today," she said. "This is relevant because when we saw recently that NIST was consulting with the NSA to lower their security standards and make us all a little bit less secure, NIST's response was that they were doing it because they were statutorily required to consult with the NSA."
Alan B. Davidson, currently a visiting scholar at the Massachusetts Institute of Technology and a former director of public policy at Google, said the allegations of backdoors in commercial security products are debilitating for the IT industry.
"I think that is going to have a very damaging long-term effect on our industry here and on faith in the systems we build," he said. "And that is not good. It's not good for our economy, it's not good liberty, and it's not good for the very security interests that want to have access to those systems."