You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Tech Standard Dropped Because of Suspected NSA Influence

Following an extensive public comment process, the National Institute of Standards and Technology has removed a cryptographic algorithm from its guidance for random number generators deployed by government vendors. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible. NIST cited in own evaluation and "a lack of public confidence in the algorithm." Last year the NY Times reported that the NSA had intentionally weakened cryptographic standards to enable surveillance, raising concerns about the reliability of key Internet standards. In February, NIST released new guidelines for the development of cryptographic standards. EPIC, joined by several organizations, urged the agency to explain the extent of NSA's role in the standards development process. EPIC previously recommended that NIST inform the public of the full extent of the NSA's involvement in the Cybersecurity Framework. The Computer Security Act of 1987 was passed explicitly to prevent NSA involvement in domestic computer security. For more information, see EPIC: Computer Security Act of 1987.


« Supreme Court to Hear Cell Phone Privacy Cases | Main | Report Reveals Rise in Teens' Desire for Online Privacy »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security