Friday, January 10, 2014

IETF refuses to remove NSA employee from crypto task force chair

An NSA employee who is the co-chairman of a cryptography working group affiliated with the IETF will remain in that position despite calls from members to have him removed. The chairman of the Internet Research Task Force, the body that oversees the research group, rejected requests for the removal of Kevin Igoe of the NSA, saying that his position gave him little real power over the development of cryptographic standards and his removal would set a dangerous precedent.

The request for Igoe’s removal came on Dec. 20, in the aftermath of a fresh set of revelations about the NSA’s surveillance capabilities and efforts to undermine the development of cryptographic standards and algorithms. Throughout autumn, waves of stories about the agency’s  attempts–and perhaps successes–to compromise crypto standards had hit the news, including the allegation that the NSA had deliberately weakened a key NIST standard by inserting the compromised Dual_EC DRBG random number generator as the default choice. Security researchers and cryptographers assessing the damage of these revelations said that the implications may not be known for years to come.


On Jan. 5, Lars Eggert, chairman of the IRTF, formally rejected the request to remove Igoe, saying that his employment by the NSA should not disqualify him out of hand, and that his actions in the Dragonfly development process could have been seen as mistakes, but were not enough to support the idea that he was purposely subverting the process.
The next step is for other people to resign in protest.  I don't get the sense that this is over.

1 comment:

Old NFO said...

Nope, not over at all... Maybe just starting!