back to article Campaign to kick NSA man from crypto standards group fails

National Security Agency employee Kevin Igoe is to keep his position on the panel of an influential internet standards working group, the powers-that-be decided last weekend. Igoe, who co-chairs the Internet Research Task Force's Crypto Forum Research Group (CFRG), had been accused by those campaigning for his removal of …

COMMENTS

This topic is closed for new posts.
  1. alain williams Silver badge

    Better to have him where you can see him

    Remove him and the NSA will just put someone else into the standards group, but this time it won't be known who he is. Keep Kevin Igoe and at least we know to treat all his suggestions with a shovelfull of salt.

    1. Anonymous Coward
      Anonymous Coward

      Re: Better to have him where you can see him

      Unless he's the decoy.

      1. sabroni Silver badge

        Re: Nail, head.

        As Mary so rightly points out, the presence of a known NSA stooge doesn't make everyone else clean, they have many employees. For the standards group to have any credibility he surely has to go.

        1. This post has been deleted by its author

    2. G Mac

      Re: Better to have him where you can see him

      I note the strawman being used in the IRTF chair's argument - saying that removing him would be a loss for the group.

      What is being suggested is to remove him as a *co-chair* - just make him a regular member, therefore no loss.

      The strawman then continue's: "Co-chairs do not wield more power over the content of the ongoing work than other research group participants."

      Ok, so fine, if it doesn't have more power over content then remove him as a co-chair and make him a 'regular' research group participant. I suspect there are unmentioned power's for a co-chair - what are those and how do they impact the group with regard to the concerns being voiced?

  2. Valeyard

    Also in the news...

    ...Ian Watkins to decide on the judicial guidelines for sentencing sex fiends

    1. Wzrd1 Silver badge

      Re: Also in the news...

      Yeah, because he *really* sets NSA policy, right?

  3. sorry, what?
    Holmes

    Storm in a teacup?

    It seems reasonable to take note of his affiliation, but that is (to me) as far as it need go. He's only a co-chair. Are we saying that we don't trust the rest of the group to be considering security and privacy appropriately when listening to what he has to say?

    It also seems to me that someone outside the group could just as easily (if not more so, with some anonymity) have "discussions" with the other members of the group and attempt to influence them in some way.

    Makes no difference whether he is co-chair or not as far as I can see.

    1. This post has been deleted by its author

    2. Yes Me Silver badge
      Black Helicopters

      Storm in a RESEARCH teacup

      And in case nobody else has pointed it out, he isn't co-chair of a "standards group". He's co-chair of a research forum - admittedly one that offers advice to various standards working groups in need of a crypto algorithm. And he's co-chair because having more than one chair lowers the risk of biased chairing.

      Me, I think it's better to know that the NSA is interested in cryptography; but I didn't need Mr Snowden to tell me that.

  4. Anonymous Coward
    Anonymous Coward

    He should be removed

    Removing him would be of no practical benefit, but would make a statement that what the NSA has done and continues to do is unacceptable.

  5. nematoad

    Ah.

    Poacher turned gamekeeper, that will work out OK.

    1. Pen-y-gors

      Re: Ah.

      But in the case of the NSA it's more gamekeeper turned poacher. Presumably the agency was set up with (moderately) good intentions and they've now gone rogue.

  6. The Man Who Fell To Earth Silver badge
    Boffin

    The enemy you can see

    Isn't as dangerous as the enemy you don't see. The bottom line is that all processes should be open and transparent so that "trust" in any participant isn't a factor. In other words, the processes should be designed as if every participant is untrustworthy.

    1. John Sturdy
      Black Helicopters

      Re: The enemy you can see

      "every participant is untrustworthy", or just "each participant may be untrustworthy"? What if every member of the group is an NSA plant?

  7. VinceH

    Optional

    "David McGrew, the CFRG's other co-chair, has already posted a detailed timeline of events… and concluded that the research group process has been followed imperfectly. I share this conclusion. However, while unfortunate, the mistakes made were not of a severity that would warrant an immediate dismissal of Kevin Igoe as co-chair. It is also the first such occurrence that I am aware of."

    "And the NSA reminded me that they know where I live."

  8. Don Jefe

    Conflicts of Interest

    There's not one single internationally recognized standards governing body or one single international standard in any industry that's not weighted one way or the other by conflicts of interest and/or extreme bias. I don't care who the standards body is, none of them are balanced.

    The process isn't open at all and I've always found it incredibly disingenuous that any standards group claims it is transparent. The formal process is transparent, but it's a formality. The standards are actually worked out in many, many cycles of unofficial drafts that circulate among the voting members and details are decided long before any finished proposals are presented for voting. It's just like political issues, laws and such, but on a micro scale.

    It's all shady as shit. The actual functions of every standards project I've worked on was so far back in the shadows you couldn't see clearly with an aircraft landing light. It's openly corrupt and nobody cares because everyone is doing it.

    Granted, the NSA having a man on the committee looks awful, but the NSA would still have people they could lean on to get their way. There is always an outsized monster on standards committees and they always get their way, even if it doesn't look like that's the case.

    Now, that's all OK (I guess) because if you're aware of who is weighting the process you have options and chances to put things in that work in your favor, but you've got to know who is skewing everything. As others Commentards and GI-Joe have said: 'Knowing is half the battle'. If you bump the openly biased group off the committee you can never be sure how they'll impact things. That's doubly true with intelligence agencies. They thrive in the shadows. It's foolish in the extreme to chase dangerous things into their natural habitat. You not only lose sight of them, you increase their power. Pushing them into the shadows is like setting your kitchen on fire and hoping it will extinguish itself if you don't look at it. It's Peril Sensitive Sunglasses for real.

    1. Anonymous Coward
      Anonymous Coward

      Re: Conflicts of Interest

      I think the problem is Jefe, that while I accept pretty much all of what you say (I've been partially involved in standards bodies over decades) I can't see any real way to do it much differently. Often it takes a lot of work behind the scenes to validate a proposal and no one is going to put that out in public because it's often done using techniques that are not known to competitors (or the details of the techniques are not known to them).

      Is there another answer? Maybe, but standards already take forever to crystallize and adding to the time taken won't be popular with the people who want to sell products based on the standard and make money from them.

      1. Don Jefe

        Re: Conflicts of Interest @Brian

        That's just it isn't it. I don't have any good ideas for doing it differently. Standards, all standards, have opponents and supporters. If there weren't two or more differing views something would be terribly wrong.

        I'm in manufacturing, as such, standards are crucial to us and our clients. And I have to admit I've been involved with lobbying standards bodies for my own advantage. That being said, nobody is harmed or made vulnerable if the standard for non-destructive testing of welds on thin wall titanium components calls for a test that a kit manufactured by a company in which I'm a partner. I mean, that kind of sucks for others who wanted their kits to be standards compliant, but that's just business. I outmaneuvered my competitors and I reap the spoils. Next time things may not go in my favor, but still, no harm was done.

        But everything changes when a standard which is pushed as 'safe' is fundamentally, and deliberately, broken and it's done in secret. Saying something is safe but knowing it isn't is a huge betrayal. In any other industry it's called fraud and conspiracy to commit fraud and people go to prison. Maybe critical standards need a second review panel like is often done in scientific papers covering highly important and/or controversial subjects. It's a really shitty situation right now.

        1. Anonymous Coward
          Anonymous Coward

          Re: Conflicts of Interest @Brian

          > Removing Igoe would be take the first step down a "slippery slope" of preventing individuals with certain affiliations from participating in internet standards work and therefore ought to be resisted, Eggert concludes.

          I think we all accept that members of standards boards from industry have their own agendas and in some ways that is good: a standard that does not fulfil the needs of their potential users stands to be useless.

          However, in this case, the obvious suspicion is that a member of the NSA might seek to subvert the very aim of encryption itself in an attempt to keep decryptability within the grasp of the NSA. That's almost like having someone on the IETF who is idealogically opposed to the idea of a fast Internet.

    2. Yes Me Silver badge

      Re: Conflicts of Interest

      As usual, you don't understand the IETF, and in particular you don't understand that the IRTF is not a standards body.

      Of course, all standards bodies consist of people with opinions, some of whom work for organisations with opinions. Of course, people communicate outside the official sessions and of course, rough drafts of documents exist before more polished drafts are made public. Of course,people try to influence the work in accordance with their opinions. How could it possibly be otherwise?

      But I suspect we agree that making conflicts of interest as visible as possible is a Good Thing.

      1. Don Jefe

        Re: Conflicts of Interest

        Standards adoption and standards development are two sides of the same coin. It's often even the same people.

        There's nothing wrong with opinions, or attempting to get others to see things your way. As long as you're making those attempts aboveboard. It is absolutely and wholly unacceptable in any voting situation to circulate rough drafts of end products that reflect the closed door horse trading between two or more parties if the drafts aren't made available to everyone at the same time.

        The horse trading and private discussions between two or more parties are fine, as you say, how could it be otherwise. However, not giving everyone acces to the same information at the same time is outright fraudulent behavior.

        That sort of behavior isn't considered acceptable anywhere. Insider trading, price fixing, inventory manipulation, all those things are illegal because they are active efforts to create and exploit information disparity between select parties and everyone else.

        Besides, it's not only illegal, it creates a situation where not only do certain parties have an unfair advantage, other parties are incapable of meeting their obligations. Actively preventing others from meeting their obligations is outright shit behavior. It is entirely dishonorable to see your plans realized if you do it through deceit. That is not a victory, that is theft. Where's the fun in that?

  9. phil dude
    WTF?

    mod up don...

    I modded you up Don, because this is the problem. It is also, I may suggest the reason why the behaviour of the NSA, GCHQ etc has really been a disservice to all of humanity.

    Basically, take any technical field. It takes years to have sufficient experience to be a credible expert. The pool of "experts" for many fields are diverse, and so conflicts of interest can be diffused e.g. different institutions etc..

    But here is the rub. When the decisions after ALL of us, whether it is pharmaceuticals, medicine, engineering, or in this case security, technical competence comes at a price. I have a great deal of sympathy for the NSA employees who have had their honesty essentially , questioned by proximity to the scandalous politics. But with the massive amount of cash WE THE PUBLIC spend on the agencies, it is an utter disgrace if they cannot be trusted to provide technical assistance when required.

    This is the root of reason why politics is so dysfunctional. You can spend years become competent or you can spend years pursing power with out merit, i.e. politics.

    No-one is pure of heart, so how about we judge on their words and deeds?

    P.

  10. Anonymous Coward
    Anonymous Coward

    It doesn't matter anymore "Sieg Heil" NSA!!!!

    The fact of the matter is that anyone and everyone associated with any crypto group has had at least the last 15 years of information that has been gathered on them pulled up for review. Every mouse click every phone call, basically anything and everything you can imagine. I'm quite sure that they have the worst dirt they have on everyone at the top of their respective folders and will threaten anyone that starts to be a real threat to the NSA's ability to crack any crypto. Face it The Bill of Rights is no longer something that our government believes in at all. Sure sure they pay lip service to it but that is all. They do absolutely nothing concrete to support our right to privacy. The only way to fix it would be to replace everyone in government including the removal of every single intelligence employee, and start from scratch. But that won't happen. SO you can either start practicing your Sieg Heil or get out of the country and find some place remote to keep your head down. The NSA or SS they are the same thing. They use torture on anyone considered a combatant, intimidation on anyone with any kind of weakness and charm offensive to win the masses.

    Sieg Heil!!! Sieg Heil!!! NSA is here to save us and their "friends"

    1. Don Jefe

      Re: It doesn't matter anymore "Sieg Heil" NSA!!!!

      Jesus Fucking Christ man. I'm going to go ahead and give you the Dipshit of The Week award as the odds of someone saying something dumber in the next few days are so low that, for all intents and purposes, it's impossible.

    2. The Man Who Fell To Earth Silver badge
      Boffin

      Re: It doesn't matter anymore "Sieg Heil" NSA!!!!

      "I'm quite sure that they have the worst dirt they have on everyone at the top of their respective folders and will threaten anyone that starts to be a real threat to the NSA's ability to crack any crypto."

      All the more reason that when the Standards Bodies meet, all members should be required to wear these: http://www.thedailybeast.com/articles/2014/01/07/the-secret-world-of-men-who-dress-like-dolls.html

      Then, it would be impossible for any intelligence agency to have worse dirt on them which could embarrass them any further.

    3. Someone Else Silver badge
      WTF?

      Re: It doesn't matter anymore "Sieg Heil" NSA!!!!

      Well, I agree w/ your assertions in the first part of your rant/screed/whatever that was.

      Then you started proposing "solutions" as "the only way to fix it". At that point, you severely jumped the shark.

      But thanks for playing...I guess....

  11. Nanners

    Not that it really matters

    It's already too late. The best thing you can do at this point is teach your children how to live in a world where you are being constantly spied upon, even in your own home. Thank you again technology, for changing our world. By the way, I just hot linked this story and it was taken down for a few minutes...then reappeared.

  12. John Wilson
    Big Brother

    In a dark room somewhere

    Lars Eggert wakes up in a dark room somewhere. He's in a chair. In front of him, on a table, is a large dossier marked "Eggert. NSA".

    A man enters the room. The silhoute looks suspiciously like Kevin Igoe.

    "Any question?"

    The man leaves the room. Eggert turns the pages of the dossier.

    He does't have any questions.

  13. djb321

    In what respect is the headline 'NSA agent co-chairing key crypto standards body' inaccurate? The CFRG is a 'crypto standards body', Kevin Igoe is a co-chair, and Kevin Igoe works for the NSA. So what part of that headline is supposed to be inaccurate?

  14. Andy Enderby 1

    obvious answer....

    Both of 'em get the boot

  15. Someone Else Silver badge
    Facepalm

    Oh, Puh-LEEEZE!

    Removing Igoe would be take the first step down a "slippery slope" of preventing individuals with certain affiliations from participating in internet standards work and therefore ought to be resisted, Eggert concludes. There is also the matter of the most cutting edge, expensive research being government-sponsored, meaning that the best and brightest would be excluded if the panel chose to oust all those with state connections, he argued.

    My <sarcasm>dear</sarcasm> Mr. Eggert: Is it your assertion that the only people capable of creating, and/or managing a crypto standard are government spooks .. er ... employees? Or, do you propose to allow just anyone to participate in or manage such a development, for fear of offending said spook's participant's (or his/her sponsoring organization's) delicate sensibilities?

    Either way, sir, you are blithering, fucking idiot.

  16. Anonymous Coward
    Anonymous Coward

    Open letter

    Dear NSA,

    If you really are going to store all my data for free then give me a frigging login and password so I can cancel my crash plan account, and while you are at it since I have a bunch of zip files I can t remember the passwords too kindly ensure they are readable to me too.

    Regards

  17. Julian 1

    Conflict of Interests

    In other circumstances, this would be viewed as a conflict of interests and treated or viewed very seriously, as indeed it should be.

    Chairman's suport ????? Situation normal.

This topic is closed for new posts.

Other stories you might like