End the Lie

NIST says it did not ‘deliberately weaken’ encryption standards to help NSA undermine Internet security

Decrease Font Size Increase Font Size Text Size Print This Page

By End the Lie

(Image credit: Another Print Please.../Flickr)

(Image credit: Another Print Please…/Flickr)

In response to last week’s widespread reports revealing that the National Security Agency (NSA) spends huge sums in an effort to “covertly influence” companies and crack encryption, the National Institute of Standards and Technology (NIST) has denied its reported role in the scheme.

The Guardian, The New York Times and ProPublica cited documents handed over by PRISM leaker Edward Snowden indicating that the NSA was able to get NIST to change their security standard in 2006.

The new standard, recommended by the NSA, reportedly included vulnerabilities that could later be exploited by NSA hackers in order to more easily spy on private communications.

Unsurprisingly, NIST now denies any such role.

“We want to assure the [information technology] cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” NIST said in a statement issued on Tuesday.

The Hill points out that a great deal is on the line with this allegation.

“NIST is not a regulatory agency — it only helps private groups agree on voluntary standards and guidelines,” The Hill notes. “If outside groups stop trusting the NIST, it could undermine the agency’s usefulness.”

“NIST would not deliberately weaken a cryptographic standard,” NIST said.

“We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large,” the agency said in their statement.

At the same time, NIST did acknowledge that they are required to consult with the NSA by law.

The ProPublica report cited classified NSA memos indicating that the encryption weakness, discovered in 2007 by two cryptographers working for Microsoft, was indeed engineered by the NSA.

“The NSA wrote the standard and aggressively pushed it on the international group, privately calling the effort ‘a challenge in finesse,’” ProPublica reported.

“Eventually, NSA became the sole editor,” the classified memo states.

NIST also acknowledged that the NSA does indeed help their “cryptography development process because of its recognized expertise.”

In response to the public’s concern, NIST reopened the public comment period for the cryptography standards.

“If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible,” the agency said in their statement.

I’d love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. I am also available for interviews on radio, television or any other format. Please email me at [email protected]

Please support alternative news and help us start paying contributors by donating, doing your shopping through our Amazon link or check out some must-have products at our store.

3 Responses to NIST says it did not ‘deliberately weaken’ encryption standards to help NSA undermine Internet security

  1. Nora September 12, 2013 at 8:23 AM

    I’m not buying it. There is clear evidence of collusion among these agencies, who have exploited their unfair advantage over the average schmoe who sends an email, who is clueless that in some poorly lit room somewhere, a person in real time is watching him form his thoughts. We have a God-given right to privacy, which is described in and protected by our constitution. This nonsense of us all being suspected of a crime is the usual baloney coming from the mouths of deceivers, who are clearly committing crimes by disregarding our constitutional right to privacy, themselves.

  2. Anonymous September 12, 2013 at 9:12 AM

    you’d have to be crazy or stupid or both to buy it at this point, Nora!

  3. Leo Buchner September 13, 2013 at 4:02 AM

    “We have a God-given right to privacy.”

    No, we do not. We have only those rights that we demand and defend.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>