After the NSA Subverted Security Standards

Is protecting open processes possible?

I was somewhat surprised, despite my paranoia, by the extent of NSA data collection. I was very surprised, though, to find the New York Times reporting that NSA seems to have eased its data collection challenge by weakening security standards generally:

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

The Guardian tells a similar story. It’s not just commercial software, where the path seemed direct, but open standards and software where it seems like it should have been harder.

I was very happy to wake up to a piece from the IETF emphasizing their commitment to strengthening security. There’s one problem, though, in its claim that:

IETF participants want to build secure and deployable systems for all Internet users

Last week’s revelations make it sadly clear that not all IETF participants are excited about creating genuinely secure systems.

This isn’t new to standards processes, of course. Many of their battles are between participants with different interests, some of whom don’t want to see their existing projects overrun by new standards. Usually, though, organizations try to steer such contradictory incumbents away from control of the standards in question, despite whatever ‘finesse’ they might have.

While I have long voiced doubts about how smoothly standards organizations run, and whether they can provide neutral forums, my own long-ago experience with the IETF was largely positive. It did seem that an open process could address tricky technical and political questions even while dealing with a host of legacy challenges. The IETF’s famous openness seemed to me to work as well or better than more private standards processes.

Apparently, though, it may not be open enough. Cypherpunk John Gilmore offered his own ‘Speculation on “BULLRUN,”‘ and there’s been further speculation there as to what standards were subverted in what ways. (Distinguishing subversion from general challenges may be difficult, of course: “There were a lot of people working to foul it up!”)

Brandon Downey pushed harder in his open letter to Glenn Greenwald, asking what good was served by these articles not naming names, closing with:

By publishing the names of the companies and standards which have been compromised, you will be giving individuals the tools they need to protect themselves.

Without more detail, it’s hard to know what tools and community members to trust and what not to trust. As the ACLU’s Chris Soghoian put it bluntly, “the N.S.A. cannot be trusted on the issue of cyber security.” Cryptography’s position as a specialty, and the involvement of so many cryptographers with the NSA, makes it hard to know where to start.

The relationship between encryption and trust is complicated, but it seems painfully clear that eroding trust in encryption also means eroding our trust in communications technology generally. While I try to live my life as publicly as I can—my opinions may be a little too obvious—I’m also not eager to spread my credit card numbers across the Internet. I don’t enjoy the card replacement dance. I have enough to worry about with the people who are supposed to get the card numbers, never mind people who are eager to scoop them up off the wire.

Worse, that eroding trust strikes directly at how we’ve created these tools. Expertise is one piece of the technology standards conversation, but it isn’t enough. Standards organizations rely on at least a minimal level of trust to function at all, to ease the difficulty of having experts from competing (or simply different) organizations work together toward a common goal.

I loved Bruce Schneier’s call for engineers to fix the pieces that have been broken and hope the IETF can move forward with improvements quickly. The hard question for me is whether we can successfully come together in the forums where we had been building, now that we have to look at each other sideways and wonder “who really sent you?”

Somehow, we have to.

Update: Is NIST reopening public comment on some of the standards a start? There’s more here. Ed Felten looks at the possibly introduced weakness, and concludes that “As long as the NSA has a license to undermine security standards, we’ll have to be suspicious of any standard in which they participate.”.

tags: , , ,