'RSA warns over NSA link to encryption algorithm' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on September 20, 2013 11:24 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-24173977

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Previous version 1 Next version

Version 0	Version 1
RSA warns over NSA link to encryption algorithm	RSA warns over NSA link to encryption algorithm
2013-09-20 11:28:17 UTC	2013-09-23 18:07:10 UTC (3 days later)
RSA, the internet security firm, has ~~warned~~ customers not to use ~~one~~ of ~~its~~ ~~own~~ encryption ~~algorithms~~ after fears it ~~can~~ be unlocked by the US National Security Agency (NSA).	RSA, the internet security firm, has advised its customers not to use a particular encryption algorithm after fears it could be unlocked by the US National Security Agency (NSA).
In an advisory note to its developer customers, RSA said that a ~~default~~ algorithm in one of its toolkits could contain a ~~"back~~ ~~door"~~ ~~that~~ ~~would~~ ~~allow~~ ~~the~~ ~~NSA~~ to ~~decrypt~~ ~~encrypted~~ ~~data.~~	In an advisory note to its developer customers, RSA said that a community-developed algorithm in one of its toolkits could contain a vulnerability.
~~It "strongly recommends" switching to other random number ~~generators.~~~~	It "strongly recommends" switching to other random number generators instead.
~~RSA~~ is ~~reviewing~~ ~~all~~ ~~its~~ ~~products.~~	The warning came from the US National Institute of Standards and Technology.
The advice comes in the wake of New York Times allegations that the NSA may have intentionally introduced a flaw into the algorithm - known as Dual Elliptic Curve Deterministic Random Bit Generation - and then tried to get it adopted as a security standard by the US National Institute of Standards and Technology.	The advice comes in the wake of New York Times allegations that the NSA may have intentionally introduced a flaw into the algorithm - known as Dual Elliptic Curve Deterministic Random Bit Generation - and then tried to get it adopted as a security standard by the US National Institute of Standards and Technology.
Privacy	Privacy
In the 1990s, the NSA tried to claim the right to unlock all encryption systems, but lost the battle after privacy rights and freedom of speech advocates objected.	In the 1990s, the NSA tried to claim the right to unlock all encryption systems, but lost the battle after privacy rights and freedom of speech advocates objected.
The NSA maintains that it needs to be able to decipher encrypted communications to protect the US against terrorism and organised crime.	The NSA maintains that it needs to be able to decipher encrypted communications to protect the US against terrorism and organised crime.
As the documents leaked by the former government security contractor Edward Snowden have demonstrated, the NSA has been intercepting communications data from all over the world through its Prism surveillance programme.	As the documents leaked by the former government security contractor Edward Snowden have demonstrated, the NSA has been intercepting communications data from all over the world through its Prism surveillance programme.
But it is locked in a continuous battle with cryptographers who are developing increasingly sophisticated security systems.	But it is locked in a continuous battle with cryptographers who are developing increasingly sophisticated security systems.
One of the NSA's tactics has been to persuade leading technology companies, such as Microsoft and Google, to co-operate with the security services in providing access to user data. Privacy rights campaigners have been concerned over how far this co-operation may extend.	One of the NSA's tactics has been to persuade leading technology companies, such as Microsoft and Google, to co-operate with the security services in providing access to user data. Privacy rights campaigners have been concerned over how far this co-operation may extend.
Under US law, service providers have to hand over user data to the NSA but are not allowed to publish how many security-related data requests they receive.	Under US law, service providers have to hand over user data to the NSA but are not allowed to publish how many security-related data requests they receive.
A growing number of providers are beginning to stand up to the government and demand more transparency.	A growing number of providers are beginning to stand up to the government and demand more transparency.
For example, the Digital Due Process Coalition, which is calling for reform of the 1986 US Electronic Communications Privacy Act (ECPA), includes companies such as Apple, Google, Facebook, Amazon, Linkedin and Microsoft.	For example, the Digital Due Process Coalition, which is calling for reform of the 1986 US Electronic Communications Privacy Act (ECPA), includes companies such as Apple, Google, Facebook, Amazon, Linkedin and Microsoft.
The coalition argues that the ECPA has been outpaced by the rapid rise of the internet and the explosion of digital data.	The coalition argues that the ECPA has been outpaced by the rapid rise of the internet and the explosion of digital data.