Donate for the Cryptome archive of files from June 1996 to the present

16 September 2013

UK Security Researchers: Disclose Faults


http://bristolcrypto.blogspot.co.uk/2013/09/open-letter-from-uk-security-researchers.html

Monday, September 16, 2013

Open Letter From UK Security Researchers

Posted by Nigel Smart

Dear Reader,

The first set of publications based on Edward Snowden’s files were concerned with surveillance of internet communication happening more indiscriminately and on a much larger scale than previously thought. The more recent publications, presenting the systematic undermining of cryptographic solutions and standards, are the cause of much more substantial worry. As some of the leading UK researchers in the field of cryptography and computer security we feel compelled to comment on the recent revelations.

The UK and US governments recently dramatically increased the funding available to various agencies to help protect our countries against Cyber Attack. Such attacks are now commonplace on both corporations, and individuals. We now all rely on cryptography to secure our mobile phones, credit cards, internet communications etc. and because of this we welcome the government’s prioritization of this area in an era of fiscal squeeze. As researchers in security we understand that the NSA and GCHQ are tasked with conducting operations for purposes of national security.

However, the documents released show that NSA and GCHQ worked to weaken international cryptographic standards, and to place "backdoors" into security products; such backdoors could of course be potentially exploited by others than the original creators. One of the prime missions of the security services is to protect citizens and corporations from Cyber Attack. By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies.

We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use.

Yours

Prof. Kenneth Paterson,
Prof. Mark Ryan,
Prof. Peter Ryan,
Prof. Vladimiro Sassone,
Prof. Steve Schneider,
Prof. Nigel P. Smart,
Dr Eerke Boiten,
Dr George Danezis,
Dr Jens Groth,
Dr Feng Hao.