« Updated SSL/TLS Deployment Best Practices deprecates RC4 | Main | Introducing the SSL Client Test »

Open letter from UK security researchers

September 20, 2013

A group of UK security researchers recently published an open letter to address some of the recent discoveries related to computer security. Because their blog post does not appear to be accepting comments, I decided to join the open letter by posting here.

Here is the crucial part of the letter:

However, the documents released show that NSA and GCHQ worked to weaken international cryptographic standards, and to place "backdoors" into security products; such backdoors could of course be potentially exploited by others than the original creators. One of the prime missions of the security services is to protect citizens and corporations from Cyber Attack. By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies.

We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use.

Read the full letter here.