While the payments industry is far ahead of other industries such as health care in adopting encryption, choosing the right method is still a challenge.
A recent opinion column fromof all placesthe U.S. National Security Agency raises a troubling question: Can you even trust encryption that someone else creates?
The best that the security standards groups do is verify the apparent level of protection. But if were going to get paranoidand, yes, we really need to, in that we actually have to assume that everyone is really out to get our datathen the best assumption is organizations are proposing good encryption because they have already figured out a way to beat it, including having the equivalent of a master decryption key.
Security executives have to struggle with this issue, as it is hardly practical for everyone in payments to create a proprietary encryption protocol. But nowhere more than in encryption do we need to internalize "trust but verify" more.
Due to the Edward Snowden leaks, it is now widely known that the NSA tried pushing an encryption approach it had already broken. It wanted global businesses to use this method, called Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), in everything from processing payments to protecting trade secrets to military tactics. But one of the architects of this security backdoor now says he regrets the effort.
The nature of that regret, though, is telling. The NSA said it thought Dual_EC_DRBG was secure when it advocated it; its bad act was not immediately withdrawing its support once it became clear that it was weaker than first thought.
"With hindsight, NSA should have ceased supporting the Dual_EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable," penned NSA Research Director Michael Wertheimer in the upcoming February issue of Notices Of The AMS (the American Mathematical Society). "The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm."
Wertheimer argues the NSA's motives were honorable.
"We realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to undermine Internet encryption. A fair reading of our track record speaks otherwise," he said. "Nevertheless, we understand that NSA must be much more transparent in its standards work and act according to that transparency."
That transparency will include far more of the NSA's encryption comments and suggestions being published for review. "With these measures in place, even those not disposed to trust NSAs motives can determine for themselves the appropriateness of our submissions and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android," Wertheimer wrote.
Part of the problem here is that the very nature of an organization charged with breaking codes from enemy organizations and learning secrets across the globe is to be less than revealing of its methods and tactics. Pointing out which approaches come from the NSA is helpful, but the idea of trusting a group of code-breakers to propose standards to thwart code-breaking seems a bad idea.
Evan Schuman is a freelance writer.