Category Archives: Cryptography

US crypto researchers to NSA: If you must track, track responsibly

Posted on by

Technology

Nidhi Subbaraman NBC News

Jan. 27, 2014 at 3:23 PM ET

Jim Lo Scalzo / EPA, file

A Maryland State Trooper sits in an unmarked SUV outside the grounds of the National Security Administration just north of Washington, in Fort Meade, Md.

A group of cryptography researchers from universities around the country iscondemning the weakening of security infrastructure by the U.S. government and NSA, and warning against storing mass amounts of sensitive data.

In the open letter published Friday, the researchers write that data collection activities uncovered in the last 10 months stand to "chill free speech and invite many types of abuse, ranging from mission creep to identity theft."

The group hopes to improve the knowledge of privacy-preserving technology that already exists, that could aid legal surveillance proceed in a targeted manner. Should the NSA choose to use them, the cryptographic research community has and is developing tools and projects that can "protect civil liberties while enabling legit government searches,"Amit Sahai, a crypto researcher at UCLA who signed the letter, told NBC News. Though, "the exact ways in which they would fit together would very much depend on the precise questions that need to be addressed."

For example, Sahai noted that a kind of secure communication protocol would let phone companies rather than the government hold onto cell phone data, while allowing government entities to selectively search for information on a suspect. In this setup, the phone companies would not be privy to the exact searches, and the government would not have access to all available data.

In 2010, the FBI followed digital crumbs to track down a bank-robbing duo whod been involved in a spate of teller heists across Arizona and Colorado. After getting the greenlight from a judge, feds analyzed data from four Verizon cell towers near affected banks, and found one number that had accessed three of those towers on the days each of the banks was robbed.

Originally posted here:
US crypto researchers to NSA: If you must track, track responsibly

Cryptography experts sign open letter against NSA surveillance

Posted on by

Cybersecurity

When President Barack Obama announced future changes to the governments surveillance programs on Jan. 17, he mentioned nothing about the National Security Agencys efforts to undermine worldwide encryption standards.

While the president focused most of his efforts on curbing the NSAs bulk records collections on phone call metadata, a group of more than 50 leading cryptographers believes the NSAs intentional weakening of Internet security standards is equally important and should be done away with, too.

The cryptographers, including several former federal officials, signed an open letter to the U.S. government Jan. 24 calling for an end to the subversion of security technology, referring to revelations from top-secret documents leaked by former NSA contractor Edward Snowden.

Those documents revealed the NSA deliberately weakened international encryption standards adopted and promoted by the National Institute of Standards and Technology, damaging NISTs reputation and forcing it to publicly recommend against using its own adopted standard.

Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed, the open letter states.

The choice is not whether to allow the NSA to spy," the signatories argue in the letter. "The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. ... We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

Among the many cryptographers to sign the letter were two former Federal Trade Commission chief technology officers: Steven Bellovin and Ed Felten, now professors at Columbia and Princeton universities, respectively.

The cryptographers are not alone in their concerns about the NSAs subversion of Internet security standards. In December, the presidents own NSA review panel recommended the NSA be separated from the approval processes NIST uses to adopt encryption standards. Obama has yet to publicly address that recommendation.

About the Author

Read more:
Cryptography experts sign open letter against NSA surveillance

Obama Stays Silent on Reform of NSA’s Crypto Subversion

Posted on by

President Barack Obama in his State of the Union on Tuesday failed to address an issue that affects everyone on the internet the NSAs subversion of cryptographic standards and technologies.

Privacy advocates and business interests were crossing their fingers that Obama would announce he was following the recommendations of a presidential panel that recently urged a dramatic overhaul of the NSAs efforts to undermine encryption on a global scale.

It was the second public address to the nation this month, and both times Obama overlooked the cryptography debacle disclosed by NSA whistleblower Edward Snowden.

When Obama outlined a host of reforms to address the Snowden revelations in a Jan. 17 public address, the 44th president was also mum on whether he would accept the crypto recommendations of the Presidents Review Group on Intelligence and Communications Technologies.

There would have been no better time for Obama to address the global community about a hot-button issue that has sparked a cottage industry of crypto-product makersand one that is impacting the tech sectors ability to conduct business overseas.

The State of the Union offered President Obama an opportunity to clear the air on outstanding surveillance issues that were not addressed in his recent reform speech. Chief among these is the governments introduction of vulnerabilities in cryptographic standards and commercial products. Unfortunately, this did not occur, says Daniel Castro, an analyst with the Washington, D.C.-based Information Technology and Innovation Foundation. As long as these questions go unanswered, U.S. technology companies will face a disadvantage in global markets and lose market share to foreign competitors.

The presidential panels two recommendations in that area were to fully support and not undermine efforts to create encryption standards and to not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.

Those recommendations were in response to classified documents Snowden obtained while an NSA contractor that suggested the agency engineered a backdoor into a random number generator standard promulgated by NIST..

The Snowden documents also highlighted that the NSA has worked with industry partners to covertly influence technology products. The documents also underlined that the NSA has vast crypto-cracking resources, a database of secretly held encryption keys used to decrypt private communications, and an ability to crack cryptography in certain VPN encryption chips.

See original here:
Obama Stays Silent on Reform of NSA's Crypto Subversion

Prominent cryptography and security researchers deplore NSA’s surveillance activities

Posted on by

Some of the most prominent cryptography and security researchers in U.S. academia have condemned the U.S. National Security Agencys surveillance practices and called for change.

Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features, the researchers said in an open letter published Friday. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed.

The letter was signed by 53 people, most of them professors at top U.S. universities and research institutions. The list includes some of the biggest names in computer science, technology policy and cryptography like Hal Abelson, professor at the Massachusetts Institute of Technology and founding director of Creative Commons and the Free Software Foundation; Edward Felten, the director of the Center for Information Technology Policy at Princeton University and former chief technologist for the U.S. Federal Trade Commission; MIT professor Ronald Rivest, a pioneer of modern public-key cryptography and of one the creators of the widely used RSA encryption algorithm; and renowned cryptographer Bruce Schneier.

Dutch cryptographer Niels Ferguson is also on the list. Ferguson was one of the two Microsoft employees who in 2007 reported that the Dual_EC_DRBG pseudorandom number generator standardized by the U.S. National Institute of Standards and Technology had a potential backdoor. According to media reports based on documents leaked by former government contractor Edward Snowden, the NSA pushed this flawed random number generator as a standard as part of its efforts to defeat encryption.

Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities, the letter said. The choice is not between allowing the NSA to spy or not, but between having a communications infrastructure thats vulnerable to attack at its core and one thats by default secure for all users, they said.

Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life, the researchers said in the letter. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

The letter also called for the U.S. government to subject all mass-surveillance activities to public scrutiny, saying that the threat they pose to privacy and democracy is evident, while the value they have in preventing terrorism is unclear. They noted that the five principles described on the reformgovernmentsurveillance.com website that was set up by AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo in response to the NSA surveillance revelations provide a good starting point for finding a way forward.

According to those principles, governments should, among other things, limit surveillance to specific, known users rather than collect Internet communications in bulk; set up an independent court review system that includes an adversarial process; allow companies to publish the number and nature of government demands for user information; and permit the transfer of data across borders, working with other governments to resolve conflicts of legislation governing lawful requests for data.

According to Matthew Green, a cryptography research professor at Johns Hopkins University in Baltimore and one of the people who signed the letter, the joint statement is indicative of the trust the NSA has lost among academics.

Up until 2013 if youd asked most US security researchers for their opinions on NSA, you would, of course, have heard a range of views, Green said Saturday in a blog post. But you also might have heard notes of (perhaps grudging) respect. This is because many of the NSAs public activities have been obviously in everyones interesthelping to fund research and secure our information systems.

Original post:
Prominent cryptography and security researchers deplore NSA's surveillance activities

50 top US cyber security experts write open letter calling for end to NSA ‘snoop-ops’

Posted on by

Washington, Jan. 25 : Experts in the fields of computer science, security and cryptography have reportedly published an open letter calling for an end to the National Security Agency's alleged mass surveillance programmes.

The letter states, 'every country must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life.'

According to Cnet, more than 50 big names, including former chief technologists for the Federal Trade Commission, Edward Felten, Bellovin, director of the International Association for Cryptologic Research, Shai Halevi and researchers from MIT, Georgia Tech, Carnegie-Mellon, Princeton, Yale, Harvard, and a raft of other respected universities have signed the letter.

The alleged programmes were exposed by a former contractor of the agency, Edward Snowden, who has been charged with espionage by the US for the revelations that brought forth the extent of indiscriminate government surveillance on innocent citizens.

The report said that the NSA bypassed common web encryption methods for carrying out its surveillance activities, including hacking into the servers of private companies to steal encryption keys.

In their letter, the security experts have pointed out the alleged snoop-ops have not only compromised privacy of citizens but it also poses a threat to the US technology sector.

The researchers have urged the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls, the report added.

--ANI (Posted on 26-01-2014)

<< Previous News

Next News >>

Read the original:
50 top US cyber security experts write open letter calling for end to NSA 'snoop-ops'