How do you create strong encryption standards when the organization tasked to build them finds itself absorbed into an organization that dedicates huge quantities of resources to break them? The recently announced reorganization of the National Security Agency this week brings this question to the forefront. As part of the reorganization, the defensive arm of the NSA (the Information Assurance Directorate, or IAD) will be subsumed by the intelligence-gathering program (which collects signals intelligence, or SIGINT). The IAD will effectively cease to exist, which raises questions about both the privacy and security of the nation’s data. We need to make sure that we have something that replaces it.
There’s always been an uneasy relationship between the two missions of the National Security Agency. On one hand, the organization is responsible for all of the US government’s foreign signals intelligence. The NSA gathers up a phenomenal amount of information on foreign targets (and, all too often, Americans’ information as well) through the networks and devices it subverts. As part of that process, it’s always looking for ways to get into a locked system. Often, that means developing ways to hack into targets’ computers or breaking encryption when it can. Sometimes that means subverting cryptographic standards before anyone even uses them.
On the other side of the Ft. Meade complex is IAD, whose mission is to protect US government networks and systems. There are, of course, foreign governments who are looking to do to the US what the US is trying to do to them. IAD works to see that they can’t. Among their many tools in that fight is modern and unbroken encryption. That’s one of the reasons why the National Institute of Standards and Technology (NIST) consults with them as they develop new cryptographic standards.
This conflict of interest extends outside of Ft. Meade as well. For example, NIST, which is responsible for developing and standardizing the newest and strongest cryptographic algorithms, by law must consult with the NSA. However, we know of at least one case in which the NSA used that relationship to undermine the standards NIST published for a random number generator. These sorts of incidents have caused some to question the wisdom of using NIST-designed encryption.
In 2013, a group of tech and intelligence community experts hand-picked by the president recommended that the IAD function within NSA should be spun out into its own agency within the Defense Department to avoid precisely this conflict of interest. Unfortunately, the NSA just roundly rejected that advice.
Some crucial changes should be made in light of this new decision and Congress is going to have to be involved. First, the statutory requirement that NIST consult with the NSA must be lifted. If NSA’s group dedicated to improving cryptography has been subsumed within a larger body dedicated to attacking computer systems, NIST should not be compelled to seek their input. This is not to say that NIST should be prohibited from doing so. It is always useful, when developing new cryptographic systems, to work with those whose job is finding the holes, but the relationship should be kept at an arm’s length and NIST should be in charge of deciding when (and how) to solicit advice from the NSA.
Congress should also follow the recommendation of the President’s Review Group — and go even further — to create a separate independent body whose role, as it applies to cryptography, is only to seek weaknesses in existing cryptographic systems and to develop new and more secure systems for the benefit of the government and the rest of the world. It could also act as a much needed “red team” — that is, it could serve as a group of internal attackers whose role is to test for holes in federal computers and networks and report what they find. This organization should be transparent, open source, and well-funded, and should focus on long-term security for everyone. In so doing, Congress would ensure that IAD’s vital work is not swallowed up within the larger NSA and allowed to wither away.
This just scratches the surface on the problems with the NSA’s proposed reorganization. Conflating the NSA’s offensive and defensive missions — or rather, subsuming defense into offense — will likely undermine expert cryptanalysis. It could also interfere with the needed disclosure of software vulnerabilities and exacerbate the fear and distrust that consumers and companies already feel when the NSA becomes involved in domestic cybersecurity efforts. But by allowing NIST to set the terms of consultation with the NSA on new cryptographic standards and by creating an organization like IAD separate from the offensive mission of the NSA, Congress could increase cybersecurity and pave the way for trustworthy cryptography.