Snowdon is a dummy

After the revelations of how the NSA basically authored a crypto standard surreptitiously with obligatory backdoors, plenty of people started exploring exactly which standard it was -- and called on the various reporters with access to Snowden's documents to come clean, mainly to protect people who were now using insecure crypto. Buried in a blog post that focuses more on the NIST's non-response to the news, the NY Times finally revealed both what standard it was, the Dual EC DRBG standard, and how Canadian intelligence basically was the cover, helping to hide the NSA's efforts:

But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.

Internal N.S.A. memos describe how the agency subsequently worked behind the scenes to push the same standard on the International Organization for Standardization. “The road to developing this standard was smooth once the journey began,” one memo noted. “However, beginning the journey was a challenge in finesse.”

At the time, Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control. “After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”

That same article notes that people inside NIST "feel betrayed by their colleagues at the NSA," but I wonder if NIST will ever be able to regain any real sense of trust with the crypto community.TechDirt

I haven't posted much about the back door that the NSA had inserted into at least one encryption standard. The crypto community is Very Unhappy (to put it mildly) and has been trying to figure out which standard was compromised.

Quote:

I haven't posted much about the back door that the NSA had inserted into at least one encryption standard. The crypto community is Very Unhappy (to put it mildly) and has been trying to figure out which standard was compromised.

No big deal as the standard that is being refer to is for one method out of three in that standard for pseudo random number generation that questions was raised about all the way back to the year 2007 shortly after the standard was make public.

No one is in fact using that method of creating pseudo random numbers due not only the question about it security, but that it is ten times slower then other means of doing the same thing.

just 08 all of those young people who got whipped up at Obama's revival meetings? how many of them are now pissed feeling that they got played for saps?

Intelligence services encased in a "wall of silence" must become more transparent, Germany's data privacy commissioner said on Wednesday. Only then could citizens comprehend their work instead of listening solely to "whistleblowers."

Peter Schaar, whose office oversees whether German firms and state entities uphold data privacy law and citizens' rights to information from institutions, said secret services should "not avoid transparency."

Citizens must be given opportunities to comprehend governmental actions, said Schaar.
"That is decisive for trust in democracy, which is damaged when this transparency just does not exist," he said.

... ... ...

http://timesofindia.indiatimes.com/world/us/Brazil-President-snubs-Obama-over-NSA-spying-cancels-US-visit/articleshow/22684153.cms

WASHINGTON: Brazil's President Dilma Rousseff has delivered a stunning rebuke to the United States, scrubbing a much-anticipated state visit to Washington DC to express her country's anger over American spying activities including monitoring her personal communications.

The resounding snub sent President Obama, whose international stature is evaporating as quickly as his domestic approval, scrambling to the phone to mollify her. White House officials said the US President told Rousseff that he ''understands and regrets the concerns (that) disclosures of alleged US intelligence activities have generated in Brazil'' and made clear that he is committed to working together with the Brazilian President and her government in diplomatic channels "to move beyond this issue as a source of tension" in the bilateral relationship.

''As the President previously stated, he has directed a broad review of U.S. intelligence posture, but the process will take several months to complete,'' White House spokesman Jay Carney said, while indicating the visit, which was scheduled for October 23, would be rescheduled once the dust settles down. However, in an indication of how serious the matter has become, Carney maintained that the visit, when it happens, ''celebrates our broad relationship and should not be overshadowed by a single bilateral issue, no matter how important or challenging the issue may be.''

Brazilia is not as sanguine. In fact, it is mad as hell over the spying episode and has made no secret of it. It has even gone to the extent of rolling out changes to its cyber laws and Internet infrastructure regulations to prevent American snooping. Under a bill called Marco Civil being debated in the country's legislature, the Brazilian government is seeking to get a better handle over local Internet data, including storing it locally. In effect, the bill will require companies such as Google and Facebook to physically store data about Brazilians in Brazil.

and made clear that he is committed to working together with the Brazilian President and her government in diplomatic channels "to move beyond this issue as a source of tension" in the bilateral relationship.

What else would you expect the German data privacy commissioner to say once you have got one.

The first meeting with the members of the Surveillance Review Board was actually two meetings -- one for tech firm reps and one for privacy advocate groups like the People's Front of Judea ACLU and EPIC.

The meeting with the tech firm reps was held in the White House's Truman Room, and went down something like this, according to Spencer Ackerman:
Facebook, Google, Microsoft, Apple and Yahoo sent representatives to the inaugural hearing, chaired by Swire. Also in attendance were Alan Davidson of MIT; Atkinson; and Meinrath. There was also representatives of the Information Technology Industry Council, Rackspace, and the Software and Information Industry Association...

The meeting itself struck Meinrath as bizarre. Representatives from the technology firms were identified around the table not by their names, but by placards listing their employers. There was minimal technical discussion of surveillance mechanisms despite the presence of technology companies; Meinrath took the representatives to be lawyers, not technologists.

When it appeared like the meeting would discuss a surveillance issue in a sophisticated way, participants and commissioners suggested it be done in a classified meeting. Meinrath interpreted that as a maneuver to exclude his more-critical viewpoint.

So, essentially pointless. Many of the tech companies are currently engaged in legal battles in hopes of making reporting on government requests for data more transparent. Others, like Microsoft, have been more cooperative with the NSA's requests in the past, but seem a bit more hesitant to do so in the future.

Meinrath's assessment of the tech meeting is pretty damning.
Meinrath said he was surprised by the circumscribed discussion: "I didn't find anyone saying the bulk surveillance is horrendous and bad for our democracy." He declined to discuss specifics. "The companies are concerned that it impacts their bottom line. My concern is they're looking to preserve the function of the NSA," Meinrath said.

Asked if that was the perspective of the government or the companies, Meinrath replied: "I'm not sure you can separate the two."

Granted, this was the first set of meetings by the Surveillance Review Board, but based on what was observed here, it appears Meinrath's initial feeling that these administration moves will amount to nothing more than a "simulacrum of meaningful reform" is spot on.

This feeling isn't alleviated at all by the details of the second meeting.

One group included civil libertarian organizations such as the ACLU and the Electronic Privacy Information Center. It met in a conference room on K and 20th Streets. Morrell and Clarke did not attend.

That's right. The civil libertarians weren't even allowed into the White House, much less given a chance to speak to the entire board. This would seem to indicate that the Board (which operates at the behest of the administration and reports to the Director of National Intelligence) believes tech companies require full attention while safeguarding constitutional rights should be granted no more than half-measures. It would also appear that the government's main concern is winning over the tech companies in order to continue the bulk surveillance unimpeded. The concerns of the public were relegated to a separate, underattended conference room blocks away from the White House.

Finally, there's no escaping the fact that any efforts towards reforming the surveillance system will still be routed through James Clapper. Much like every corporate participant, the administration had no comment.
The White House deferred comment to the Office of the Director of National Intelligence, which did not respond.

So, a pair of inauspicious moments for two groups ostensibly aimed at achieving the near-mythical "balance" between security and privacy. If anything's going to be achieved, the Surveillance Review Board will have to start viewing the rights of Americans as equally important as the opinions of tech companies.Source

We haven't just got one (it's one department at federal level) but each state, district, city, town, ... got them as well. (Even the Evangelical/Protestant and Catholic churches have such departments.)
The main (and largest) professional association of privacy commissioners has 1.400 members.

Obvious from the beginning that Obama can't be trusted to uphold the Constitution. The oonly mystery is why the conservatives are giving him a free pass.