The National Security Agency’s recently retired Director of Research, Michael Wertheimer, has written a fascinating article about the agency’s role in establishing cryptographic standards. It discusses allegations that have emerged in the wake of the Snowden disclosures that NSA undermines encryption standards and specifically introduced a “backdoor” into one widely used standard. The prospect that NSA might undermine such a standard is hugely important today because strong encryption tools are vital to defending against cyber threats and to protecting millions of Internet users.
The article is a bit dry and technical but noteworthy for several reasons. First, Wertheimer acknowledges that it was a mistake for NSA to continue to advocate for several years for an encryption standard that many security researchers believed was flawed: “With hindsight, NSA should have ceased supporting [the encryption standard] immediately after security researchers discovered the potential for a trapdoor.” This example stands out as a rare acknowledgement of error from the agency.
Second, it is surprising and encouraging that this article made it through NSA’s publication review process. Acknowledging error is hugely important for the agency if it intends to rebuild trust with the public. Acknowledgements like this should allow the public to make more informed judgments about what is and is not appropriate activity under NSA’s mission and should bolster faith in programs that are in fact appropriate.
Third, the article includes a lengthy section about NSA mathematicians’ efforts to create technology that collects data in a privacy sensitive ways. While those efforts are laudatory, the details in Wertheimer’s commentary actually support the analysis I published this week in Just Security, which found that NSA may be collecting some broad class of encrypted data under its FISA Section 702 program.
Photo: Kryptos, an encryption sculpture that sits on the grounds of the Central Intelligence Agency