Focusing public attention on emerging privacy and civil liberties issues

Tech Standard Dropped Because of Suspected NSA Influence

Following an extensive public comment process, the National Institute of Standards and Technology has removed a cryptographic algorithm from its guidance for random number generators deployed by government vendors. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible. NIST cited in own evaluation and "a lack of public confidence in the algorithm." Last year the NY Times reported that the NSA had intentionally weakened cryptographic standards to enable surveillance, raising concerns about the reliability of key Internet standards. In February, NIST released new guidelines for the development of cryptographic standards. EPIC, joined by several organizations, urged the agency to explain the extent of NSA's role in the standards development process. EPIC previously recommended that NIST inform the public of the full extent of the NSA's involvement in the Cybersecurity Framework. The Computer Security Act of 1987 was passed explicitly to prevent NSA involvement in domestic computer security. For more information, see EPIC: Computer Security Act of 1987.

Tags:

TrackBack

TrackBack URL for this entry:
http://epic.org/cgi-bin/mt/mt-tb.cgi/2738

« Supreme Court to Hear Cell Phone Privacy Cases | Main | Report Reveals Rise in Teens' Desire for Online Privacy »