The National Security Agency works to circumvent cryptography. In the abstract, that’s hardly objectionable—legitimate intelligence targets may adopt security measures. Concerns arise, however, when the NSA subverts the technologies that ordinary consumers and businesses rely upon. Longstanding conventional wisdom in the computer security community has been that the NSA works to insert backdoors into crypto standards and security products, and that the agency hoards vulnerabilities in popular crypto algorithms and implementations. Widely read reports recently confirmed these views.
The go-to recommendation among many security experts has been deployment of additional protective measures. That’s an appealing near-term option for sophisticated users and companies. It’s largely impractical for ordinary users, however. And adding more crypto won’t restore damaged trust, shut potentially risky backdoors, or patch vulnerable systems.
The law offers several possible long-term directions for reform. Consider the following example legislative proposals.
No crypto math backdoors. Prohibit misrepresentation of the security properties of a cryptographic algorithm or protocol that is undergoing NIST standardization.1
No compelled implementation backdoors. At present, there is ambiguity surrounding legal authority to compel a backdoor in a security system. Clarify that providers of secure hardware and software are not required to facilitate government access.2
No sneaking in wide-scale implementation backdoors. Prohibit inserting or suggesting surreptitious weaknesses in popular security technologies. For example, the NSA would be barred from introducing an exploitable flaw into OpenSSL.
Responsible vulnerability disclosure. Require the NSA to publicize vulnerabilities in security systems that are widely used by consumers and businesses. Details and timing of disclosure might vary by context-specific factors such as severity, likelihood of discovery by others, sensitivity of means of discovery, and immediate operational necessity.
Let me again emphasize, these are examples. There are many possible drawbacks and there is much room for improvement. I suggest them merely as a starting point: technology experts could, working with Congress, improve trust and reduce risk in secure systems. Deploying new security technology is an understandable first step. For a long-term fix, though, the security community should think carefully about law.
1. See 15 U.S.C. § 278g-3 for the basic legal framework of NIST computer security standards.
2. The Communications Assistance for Law Enforcement Act (CALEA) provides a possible starting point. Under 47 U.S.C. § 1002(b)(3): “A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.”