Curious about what Sunlight and other transparency advocates are up to in the wake of recent revelations on domestic spying here in the US?
Here’s your chance to find out: Join Sunlight and other data policy advocates today on Reddit at 1 p.m. EST for an AMA (short for ‘Ask Me Anything’) about cryptographic encryption and two federal institutions now under scrutiny for their ties to the issue, the National Security Agency and the National Institute of Standards and Technology. We’ll talk about these intelligence interests and the ways in which they’ve secretly undermined the world’s ability to protect its communications — and what we’re doing to fight back.
Here’s the first question: Does this really involve the entire globe? The answer: absolutely.
NIST is the arm of the US government that develops and promulgates measurements and standards. One key revelation offered by the Snowden leaks involved the closed-door efforts by the NIST to promote deliberately weak encryption standards (the math that jumbles your password so that prying eyes can’t view it). And when NIST endorses something, it gets adopted across the world.
Why is that the case? The thinking goes that if it’s safe for the US government, it’s safe enough for virtually everyone else. Unfortunately, it turns out that part of the NSA’s surveillance strategy includes promoting (in this case, through NIST) standards that are built around weaknesses that only the NSA knows about. That is, until someone else also finds the security hole and uses it for their own benefit.
We joined our partners in this AMA and others to send a letter to NIST arguing that it needs vastly improved transparency in developing and promoting cryptographic standards.
The public deserves to know if someone or some entity, including the NSA, developed an algorithm or sought to have it modified. So long as the public, and even our representatives, are kept in the dark about such activities, America will not be able to have an informed discussion about what level of surveillance our security requires, what level we will tolerate, or even what the real costs of this surveillance are.
That’s why we sent the letter, why we’re working on transparency in the government, and why my colleagues and I will be talking to you on Reddit on Thursday. You can view the letter below.