Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Cryptographers Call For UK and US To Out Weakened Products

Posted by Unknown on from the instead-they-disappear dept.

Trailrunner7 writes "A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries' intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ 'have been acting against the interests of the public that they are meant to serve.' The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products."

4 of 105 comments (clear)

  1. Likely outcome by return+42 · · Score: 5, Insightful

    I suspect the agencies will make a great show of reluctance, then reveal what they did to some protocols and algorithms -- those where the backdoors are most likely to be noticed, or have already been found, such as Dual_EC_DRBG. The crown jewels, those least likely to be noticed, will remain secret. Nothing to see here folks, move along.

    NSA and GCHG couldn't care less about the public interest. They have a mandate to spy on as much as possible on the off chance that it may prevent some terrorist act. They will continue to do so in any way they can unless the legislative bodies or courts in their respective nations rein them in. This seems moderately likely in the US, quite unlikely in the UK.

    1. Re:Likely outcome by FriendlyLurker · · Score: 5, Insightful

      on the off chance that it may prevent some terrorist act. .

      Oh, that must mean those terrorist organizations like Occupy Wall Street, - or any other community based activist group trying to agitate for improved conditions for the people. Must be why we are treated as the enemy.

    2. Re:Likely outcome by Walterk · · Score: 5, Interesting

      Interesting you raise the point about the "mandate to spy on as much as possible on the off chance that it may prevent some terrorist act".

      There is a very interesting article on the BBC blogs indicating just how useless MI5 has been at any sort of intelligence gathering, even the sort that's been painfully obvious over it's entire existence. It's opening gambit: "Maybe the real state secret is that spies aren't very good at their jobs and don't know very much about the world".

      http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER

      --

      "If anyone needs me, I'm in the angry dome."
  2. Re:hahhaha by TheRaven64 · · Score: 5, Interesting

    The problem is that the NSA and GCHQ have dual mandates. They are responsible for both ensuring their respective countries are not vulnerable to attacks and for ensuring that they have techniques for attacking others. This means that when they discover a vulnerability in a piece of widely deployed software, they have conflicting requirements. If they publish it, then the systems that they're defending will be safer because it will be fixed, but if they don't publish it then the systems that they're attacking will remain vulnerable. This gets even worse when they start introducing intentional back doors (given how many Russian spies there were in these institutions during the Cold War, it's pretty much expected that there will be some Chinese spies in there now, so those back doors are almost certainly not secret).

    --
    I am TheRaven on Soylent News