Years ago, back when computer users were dialing up the Internet, civilian government scientists already were expressing concerns about the National Security Agency’s role in developing global communication standards, according to documents reviewed by The Associated Press. The records mirror new disclosures, based on classified files 24 years later, that the NSA sought to deliberately weaken Internet encryption in its effort to gather and analyze digital intelligence.
This week, the government’s National Institute of Standards and Technology sought to shore up confidence in the important behind-the-scenes role it plays in setting standards that are used by consumers to make purchases online, access their bank accounts, digitally sign legal documents or file their income taxes electronically. The agency said it “would not deliberately weaken a cryptographic standard” and would continue to work with experts “to create the strongest possible encryption standards for the U.S. government and industry at large.” It also noted that, under federal law, it was required to consult with the NSA on its computer standards.
Meanwhile, the Office of the Director of National Intelligence said that “it should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption.” And that office criticized recent disclosures — based on classified records revealed by NSA leaker Edward Snowden — that the NSA for years has used computing power, legal instruments and its role as adviser to NIST to undermine encryption technologies that protect consumers but also could make digital surveillance more difficult for the U.S. government.
Historical NIST records released under the U.S. Freedom of Information Act more than two decades ago show that tensions over security software arose in the early 1990s between the NSA and other scientists in the government who had been working together since 1989 to develop the Digital Signature Standard, a way to electronically sign documents and guarantee their authenticity.
That became a federal processing standard by 1994 and was most recently updated in July.