Today, a coalition of civil society organizations and companies sent a letter to the Obama Administration asking it to set strong guiding principles for the establishment of encryption standards. The full letter can be accessed here.
Encryption standards are the basis for all secure interactions on the internet, from banking transactions to personal communications. Weakened standards have broad impact that could make all users less secure and leave them open to potential attack by governments and malicious actors.
“All users rely on the same standards to ensure the security of their communications, many of which have been developed by NIST,” said Access Senior Policy Director Amie Stepanovich. “It is vital to ensure the continued integrity and openness of the internet, to ensure that these standards are sound, and that all future standards can be trusted.”
In 2013, it was revealed that the National Security Agency had undermined encryption standards in order to preserve its surveillance capabilities. In response to public outcry, the federal government initiated a process to establish guiding principles to preserve NIST’s reputation and the integrity of its standards. In April, Access led a coalition of groups providing initial recommendations on the draft principles.
In today’s letter, a larger coalition reiterated the original recommendations and added several new ones. The recommendations are intended to increase the independence of the National Institute of Standards and Technology (NIST) the federal agency that establishes the standards, which is legally required to consult with the NSA on the establishment of encryption standards. A review board of experts recently appointed by NIST’s Visiting Committee on Advanced Technology highlighted the need for increased independence. Today’s letter echoed many of the experts’ recommendations.
The final guidance document setting forth NIST’s standards-setting principles is scheduled for release in December.