NSA says it ‘finessed’ Canada, seizing control of global crypto


UPDATE: a response from CSEC appended.

Revelations from the Edward Snowden leaks continue, and we finally have some idea of the role that Canada’s Communications Security Establishment (CSEC) has played in the largest surveillance effort in human history.

Prior reporting has established that the NSA broke some of the Internet’s most widely used cryptography: the Dual
EC DRBG encryption standard created by the International Organization for Standardization, which includes 163 member countries. Millions have protected their data with the standard since it was established in 2006, unaware that the NSA had back-door access to unscramble their information the whole time.

A story posted last night by The New York Times, based on yet more leaked NSA memos from Edward Snowden, documents how the NSA seized control of the crypto standard from CSEC, which at the time was entrusted with overseeing the encryption standards process for the International Organization for Standardization.

According to the Times, the classified NSA memos read as follows:

“The road to developing this standard was smooth once the journey began… However, beginning the journey was a challenge in finesse … After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft … Eventually, N.S.A. became the sole editor.”

If the memos are accurate, then Canada betrayed its obligation to its partner countries around the world, handing the U.S. keys with which it could (and reportedly did) unlock and spy on foreign companies and governments, many of them supposed allies.

I’ve asked CSEC for comment on the revelations.  I’ll let you know what they say.

UPDATE: Here’s CSEC’s response.

To the question: did CSEC allow the NSA to ‘seize control’ of the draft for the Dual EC DRBG encryption standard in 2006, as the NSA reportedly claims in their memos? CSEC’s Director of Public Affairs and Communications Andy McLaughlin says:

“International Organization for Standardization (ISO) cryptographic standards are developed in an open and transparent way, with input from various international experts and stakeholders. As experts in IT security and cryptography, CSE participates in these processes and advises the Canadian ISO delegation. Development of the 2006 standard (Dual EC DRBG) was performed by a working group that included CSE, NSA, and other international members from academia and industry as equal participants.”

 To the question: what was the exact nature of the relationship between the NSA and
CSEC at this time with regards to the drafting of encryption standards? McLaughlin says:

“CSE is committed to developing the most secure cryptographic standards so that we can best support the Government of Canada in protecting its Information Technology infrastructure and information.”

For me the takeaway here is that I gave CSEC a chance to definitively deny what the NSA memos say happened, and they declined to do so.

Follow Jesse on Twitter @JesseBrown

Filed under:

NSA says it ‘finessed’ Canada, seizing control of global crypto

  1. “I’ve asked CSEC for comment on the revelations. I’ll let you know what they say.”

    Isn’t this futile? If CSEC is anything like NSA, whatever they say is probably a lie.

    I can understand why the US is so furious with Snowden. He betrayed their conspiracy to abuse the privacy rights of everyone on earth.

  2. Welcome to 1984.

  3. Given the ignorance about encryption displayed by a Canadian journalist in this article, I’m not surprised that CSEC handed this off the the Americans. The math that lies beneath Dual EC DRBG was invented by a Canadian company (Certicom) owned by RIMM, it’s patented and that NSA has licensed the patents for use in the US. Perhaps you should follow up with them as well. Think about that, Dual EC DRBG is based on a Canadian invention.

    Dual EC DRBG is a random number generator. It is not an encryption algorithm, however it could be used to generate random bits to be used for making encryption keys or digital signatures. Dual EC DRBG is based on mathematical problem that is similar to the dial on a combination lock. If someone gives you a lock after spinning the dial, it would be very difficult for you to figure out what number it was set to before it was spun. In Dual EC DRBG’s case it is possible for there to be a secret relationship between the default constants called “P” and “Q”, (supplied by NIST/NSA/CSEC) in the algorithm such that after seeing the dial spun twice, you could tell what the original setting was, and from that what all future settings will be.

    The algorithm itself itself is very strong, so long as nobody knows what the relation between P and Q is. This will be the case if P and Q are generated randomly which the standard allows for. Deducing the relationship could require more than 2^255 executions of Dual EC DRBG. This might not be the case if the default P and Q that are supplied by NIST/NSA/CSEC are used.

    In any case Dual EC DRBG is not widely used at all, because it generates random numbers of low statistical quality *and* it is literally thousands of times slower than competing algorithms (also available in the NIST specification) that are thought to be equally secure.

    The difference is Dual EC DRBG has a firm grounding in a hard mathematical problem vs competing algoritms which are based on the unproven assumption that certain ciphers or hash functions are secure.

    If you don’t trust that the American Encryption Standard (endorsed by NIST/NSA) or SHA hash functions (also invented by NSA) are secure, Dual EC DRBG (with randomly generated P & Q) is for you. Canadian ingenuity at its best.

    • From the NYT

      But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.


    • The NIST is now recommending against using Dual_EC_DRBG:

      “NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.”

  4. Thanks for staying on this story Jesse. The ROP (rest of the press) is studiously ignoring it. Perhaps due to that lack of coverage, most Canadians are not aware of the level of surveillance that CSE/NSA (same thing really) are under. Also due to the weak, if not disingenuous, ‘reporting’ of our controlled corporate “journalists” — most Canadians fail to understand the consequences and the danger total information awareness and the concomitant false positives. (see Maher Arar).

  5. I’d like to know what ‘behind-the-scenes finessing’ entails.

Sign in to comment.