NSA should stop undermining encryption standards, Obama panel says

Encryption technology has come a long way since the Enigma machine.

A presidential advisory committee today recommended that the US government stop any efforts to undermine encryption standards or attack commercial software.

The panel's report (full text at Whitehouse.gov) comes in response to the National Security Agency leaks of Edward Snowden and makes 46 recommendations. Number 29 should please IT security researchers:

We recommend that, regarding encryption, the US Government should:

(1) fully support and not undermine efforts to create encryption standards;

(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and

(3) increase the use of encryption, and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.

We reported in September on the NSA's uneasy relationship with encryption researchers, detailing how the agency has helped improve the encryption standards that secure Internet communications while in other cases undermining them. Government officials have routinely joined security researchers at technology conferences—this year, they were asked to stay away from DefCon, one of those annual events.While the White House isn't obligated to accept the advisory panel's recommendations, doing so could end any current or future efforts to insert backdoors into encryption standards. Security experts, including Bruce Schneier, have warned that the NSA's work has undermined the security of the Internet.

Read 5 remaining paragraphs | Comments