• Revision ID 67814 REVISION
  • 2018-04-26 11:46:27
  • by Jack Barton (talk | contribs)
  • Note: Filled out with quotes etc
 
   
Title Title
International encryption project will move forward without 'black cloud' of the NSA International encryption project will move forward without 'black cloud' of the NSA
Summary Summary
Cyber-security experts told WikiTribune why suspicion of the NSA continues to hold back international cooperation on encryption  
Highlights Highlights
Cyber-security relies on testing your allies, but Snowden showed the NSA went too far , Delegates at meeting in Wuhan were suspicious of the US's motives , Encryption project will proceed, but some delegates see it as incompatible with aims of government agencies  
Content Content
<b>After a plan to increase global standardization in encryption for the internet of things was dealt a setback this week, experts including people involved in the debate told </b><b><i>WikiTribune </i></b><b>why suspicion toward the U.S. National Security Agency (NSA) is holding back cooperation in this field.</b> <b>After a plan to increase global standardization in encryption for the internet of things was dealt a setback this week, experts including people involved in the debate told </b><b><i>WikiTribune </i></b><b>why suspicion toward the U.S. National Security Agency (NSA) is holding back cooperation in this field.</b>
<span style="font-weight: 400;">On April 24, delegates to the International Organization for Standardization (ISO) met in Wuhan, China, and </span><a href="https://www.wikitribune.com/story/2018/04/20/internet/67004/67004/"><span style="font-weight: 400;">voted to end a program</span></a><span style="font-weight: 400;"> to adopt two forms of encryption, in a setback for a plan championed by the NSA but which had </span><a href="https://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV"><span style="font-weight: 400;">already been reduced</span></a><span style="font-weight: 400;"> due to delegates’ suspicions towards the agency.</span> <span style="font-weight: 400;">On April 24, delegates to the International Organization for Standardization (ISO) met in Wuhan, China, and </span><a href="https://www.wikitribune.com/story/2018/04/20/internet/67004/67004/"><span style="font-weight: 400;">voted to end a program</span></a><span style="font-weight: 400;"> to adopt two forms of encryption, in a setback for a plan championed by the NSA but which had </span><a href="https://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV"><span style="font-weight: 400;">already been reduced</span></a><span style="font-weight: 400;"> due to delegates’ suspicions towards the agency.</span>
The agency has a track record of trying to install vulnerabilities, or backdoors, into security tools, including forms of encryption. The dispute over adopting its preferred algorithms, Simon and Speck, at the ISO, showed the agency still lacks the trust of its allies.  The agency <a href="https://www.atlasobscura.com/articles/a-brief-history-of-the-nsa-attempting-to-insert-backdoors-into-encrypted-data" rel="external">has a track record</a> (<i>Atlas Obscura</i>) of trying to install vulnerabilities, or backdoors, into security tools, including forms of encryption. The dispute over adopting its preferred algorithms, Simon and Speck, at the ISO, showed the agency still lacks the trust of its allies.
<span style="font-weight: 400;">[contribute-c2a text="You can edit or expand this story" buttons="edit"]</span> <span style="font-weight: 400;">[contribute-c2a text="You can edit or expand this story" buttons="edit"]</span>
<h2>In cyber-security, the rules are different</h2> <h2>In cyber-security, the rules are different</h2>
<span style="font-weight: 400;">“In the cyberspace, alliances are quite different than in the conventional strategic spaces,” said Dr Nicolas Mazzucchi, from the Foundation for </span><span style="font-weight: 400;">Strategic</span><span style="font-weight: 400;"> Research in Paris.</span> <span style="font-weight: 400;">“In the cyberspace, alliances are quite different than in the conventional strategic spaces,” said Dr Nicolas Mazzucchi, from the Foundation for </span><span style="font-weight: 400;">Strategic</span><span style="font-weight: 400;"> Research in Paris.</span>
<span style="font-weight: 400;">“In traditional military, having an alliance is, above all, sharing the strengths. In the cyberspace, on the contrary, alliances are made upon the sharing of vulnerabilities” said Mazzucchi, explaining that allied agencies test each other’s vulnerabilities and share solutions. They even sometimes test the strengths of their allies’ security, on the basis of mutual trust, and the understanding that one ally’s weakness makes them all potentially vulnerable.</span> <span style="font-weight: 400;">“In traditional military, having an alliance is, above all, sharing the strengths. In the cyberspace, on the contrary, alliances are made upon the sharing of vulnerabilities” said Mazzucchi, explaining that allied agencies test each other’s vulnerabilities and share solutions. They even sometimes test the strengths of their allies’ security, on the basis of mutual trust, and the understanding that one ally’s weakness makes them all potentially vulnerable.</span>
<span style="font-weight: 400;">The Snowden leak, and the allegation that the <a href="https://www.theguardian.com/world/2013/oct/24/nsa-surveillance-world-leaders-calls">NSA had tapped the phones</a> (<em>Guardian</em>) of 35 world leaders including both German Chancellor Angela Merkel and then-President of France Francois Hollande, undermined the good faith on which this relationship was built, said Mazzucchi.</span> <span style="font-weight: 400;">The Snowden leak, and the allegation that the <a href="https://www.theguardian.com/world/2013/oct/24/nsa-surveillance-world-leaders-calls">NSA had tapped the phones</a> (<em>Guardian</em>) of 35 world leaders including both German Chancellor Angela Merkel and then-President of France Francois Hollande, undermined the good faith on which this relationship was built, said Mazzucchi.</span>
<span style="font-weight: 400;">“Their distrust over the NSA-run ISO program could be regarded as a will to explore other ways to achieve a satisficing level of cybersecurity, avoiding [the risk of] communications [being] systematically intercepted by the US intelligence agencies,” said Mazzucchi.</span> <span style="font-weight: 400;">“Their distrust over the NSA-run ISO program could be regarded as a will to explore other ways to achieve a satisficing level of cybersecurity, avoiding [the risk of] communications [being] systematically intercepted by the US intelligence agencies,” said Mazzucchi.</span>
<span style="font-weight: 400;">[contribute-c2a text="Discuss or suggest changes to this story" buttons="talk"]</span><span style="font-weight: 400;"> <span style="font-weight: 400;">[contribute-c2a text="Discuss or suggest changes to this story" buttons="talk"]</span><span style="font-weight: 400;">
</span> </span>
<h2>The NSA still lives under a cloud of its own making</h2> <h2>The NSA still lives under a cloud of its own making</h2>
<span style="font-weight: 400;">“If those designs were not coming from NSA, they would not have received the attention they did,” Stefan Kölbl, who advised the Danish delegation to the ISO, told</span><i><span style="font-weight: 400;">WikiTribune</span></i><span style="font-weight: 400;">.</span> <span style="font-weight: 400;">“If those designs were not coming from NSA, they would not have received the attention they did,” Stefan Kölbl, who advised the Danish delegation to the ISO, told</span><i><span style="font-weight: 400;">WikiTribune</span></i><span style="font-weight: 400;">.</span>
<span style="font-weight: 400;">This suspicion is not entirely down to Snowden, he added, “there has been a long history of conflicts between the widespread application of strong cryptography and NSA, but it definitely brought the issue to a broader audience and also revealed the full scope to us on the effort being carried out to subvert secure systems.”</span> <span style="font-weight: 400;">This suspicion is not entirely down to Snowden, he added, “there has been a long history of conflicts between the widespread application of strong cryptography and NSA, but it definitely brought the issue to a broader audience and also revealed the full scope to us on the effort being carried out to subvert secure systems.”</span>
<span style="font-weight: 400;">Dr Tomer Ashur of KU Leuven in Belgium was the most ardent opponent of the plan, according to several people <em>WikiTribune</em> contacted who were at the meeting.</span> <span style="font-weight: 400;">Dr Tomer Ashur of KU Leuven in Belgium was the most ardent opponent of the plan, according to several people <em>WikiTribune</em> contacted who were at the meeting.</span>
<span style="font-weight: 400;">“Of course the NSA's history was looming over us like a black cloud, but I don't think this was a prime factor [in closing the programme],” Ashur told </span><i><span style="font-weight: 400;">WikiTribune</span></i><span style="font-weight: 400;">. </span> <span style="font-weight: 400;">“Of course the NSA's history was looming over us like a black cloud, but I don't think this was a prime factor [in closing the programme],” Ashur told </span><i><span style="font-weight: 400;">WikiTribune</span></i><span style="font-weight: 400;">. </span>
<span style="font-weight: 400;">“Many crypto experts both within and outside ISO had concerns about the security of the algorithms,” said Ashur. “The NSA tried to remain as obscure as it could about certain design decisions and parameter choices they have made. As this is out of line with what is perceived as best practices of cipher design, this alarmed some of the delegates including myself.”</span> <span style="font-weight: 400;">“Many crypto experts both within and outside ISO had concerns about the security of the algorithms,” said Ashur. “The NSA tried to remain as obscure as it could about certain design decisions and parameter choices they have made. As this is out of line with what is perceived as best practices of cipher design, this alarmed some of the delegates including myself.”</span>
<span style="font-weight: 400;">Specific requests for more detailed information were met with obfuscation, said Ashur.</span> <span style="font-weight: 400;">Specific requests for more detailed information were met with obfuscation, said Ashur.</span>
<span style="font-weight: 400;">“I can't speak for the other delegates but I believe it was these concerns together with the adversarial and aggressive behavior of the NSA that eventually led them to support the cancellation of the project,” he said.</span> <span style="font-weight: 400;">“I can't speak for the other delegates but I believe it was these concerns together with the adversarial and aggressive behavior of the NSA that eventually led them to support the cancellation of the project,” he said.</span>
<span style="font-weight: 400;">[contribute-c2a text="Something missing from the story? Say so" buttons="talk"]</span><span style="font-weight: 400;"> <span style="font-weight: 400;">[contribute-c2a text="Something missing from the story? Say so" buttons="talk"]</span><span style="font-weight: 400;">
</span> </span>
<h2>ISO encryption program will move forward, without the NSA</h2> <h2>ISO encryption program will move forward, without the NSA</h2>
Standardizing encryption for the internet of things is perfectly achievable, said <span style="font-weight: 400;">Kölbl, but the dispute with the NSA has convinced many developers that</span><span style="font-weight: 400;"> their mission might not be compatible with the aims of government intelligence agencies.</span> Standardizing encryption for the internet of things is perfectly achievable, said <span style="font-weight: 400;">Kölbl, but the dispute with the NSA has convinced many developers that</span><span style="font-weight: 400;"> their mission might not be compatible with the aims of government intelligence agencies.</span>
<span style="font-weight: 400;">“In general it is healthy to be very careful with cryptographic algorithms coming out of any intelligence agency, as there is often some sort of conflict of interests,” said Kölbl. “One group inside such an organization might have a general interest in providing strong cryptographic algorithms, however other parts will also have the goal to insert vulnerabilities into commercial encryption systems.”</span> <span style="font-weight: 400;">“In general it is healthy to be very careful with cryptographic algorithms coming out of any intelligence agency, as there is often some sort of conflict of interests,” said Kölbl. “One group inside such an organization might have a general interest in providing strong cryptographic algorithms, however other parts will also have the goal to insert vulnerabilities into commercial encryption systems.”</span>
<span style="font-weight: 400;">“I think in the end this whole controversy will be beneficial to the standardization process at ISO,” he said. “It showed that we need to have clearer rules stated which enforce transparency from the designers of a cryptographic algorithm before we consider them for standardization and there has been a lot of discussion going on, on how to improve this process.”</span> <span style="font-weight: 400;">“I think in the end this whole controversy will be beneficial to the standardization process at ISO,” he said. “It showed that we need to have clearer rules stated which enforce transparency from the designers of a cryptographic algorithm before we consider them for standardization and there has been a lot of discussion going on, on how to improve this process.”</span>
<span style="font-weight: 400;">The proposal to adopt Simon and Speck was only an amendment to existing standards, said Ashur, meaning there are ISO-approved standards for this type of encryption. The U.S. National Institute of Standards and Technology, which also contributed to the U.S. delegation, has made further recommendations for types of algorithms that Ashur said he expects the academics at the ISO to be more open to.</span> <span style="font-weight: 400;">The proposal to adopt Simon and Speck was only an amendment to existing standards, said Ashur, meaning there are ISO-approved standards for this type of encryption. The U.S. National Institute of Standards and Technology, which also contributed to the U.S. delegation, has made further recommendations for types of algorithms that Ashur said he expects the academics at the ISO to be more open to.</span>
<span style="font-weight: 400;">[contribute-c2a text="Know a fact to enhance this story? You can edit it" buttons="edit"]</span> <span style="font-weight: 400;">[contribute-c2a text="Know a fact to enhance this story? You can edit it" buttons="edit"]</span>
Categories Categories
Current Affairs, Diplomacy, Internet, North America, Politics, Science, Technology, United States, WikiProject, WikiProject  Current Affairs, Diplomacy, Internet, North America, Politics, Science, Technology, United States, WikiProject
Article type Article type
analysis  
Tags Tags
Edward Snowden, Encryption, Internet of Things, NSA, Simon and Speck Edward Snowden, Encryption, Internet of Things, NSA, Simon and Speck
Author byline Author byline
No No
Has hero Has hero
No No
Hero Alignment Hero Alignment
full  
Hero Image URL Hero Image URL
None None
Featured Image URL Featured Image URL
https://s3-eu-west-1.amazonaws.com/wikitribune-uploads-master/2017/12/2012_size_of_the_internet.png https://s3-eu-west-1.amazonaws.com/wikitribune-uploads-master/2017/12/2012_size_of_the_internet.png
Sources Sources

Subscribe to our newsletter

Be the first to collaborate on our developing articles

WikiTribune Open menu Close Search Like Back Next Open menu Close menu Play video RSS Feed Share on Facebook Share on Twitter Share on Reddit Follow us on Instagram Follow us on Youtube Connect with us on Linkedin Connect with us on Discord Email us