Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Vodacom’s Maziv deal gets makeover ahead of crucial hearing

      18 July 2025

      Cut electricity prices for data centres: Andile Ngcaba

      18 July 2025

      Takealot taps Mr D to deliver toys, pet food and future growth

      18 July 2025

      ‘Oh, Ani!’: Elon’s edgy bot stirs ethical storm

      18 July 2025

      Trump U-turn on Nvidia spurs talk of grand bargain with China

      18 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Samsung’s bet on folding phones faces major test

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      OpenAI to launch web browser in direct challenge to Google Chrome

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025
    • In-depth

      The 1940s visionary who imagined the Information Age

      14 July 2025

      MultiChoice is working on a wholesale overhaul of DStv

      10 July 2025

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025
    • TCS

      TCS+ | Samsung unveils significant new safety feature for Galaxy A-series phones

      16 July 2025

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025
    • Opinion

      A smarter approach to digital transformation in ICT distribution

      15 July 2025

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » NSA ducks questions about back doors in tech products

    NSA ducks questions about back doors in tech products

    By Agency Staff28 October 2020
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    NSA headquarters

    The US National Security Agency is rebuffing efforts by a leading congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, in a controversial practice that critics say damages both US industry and national security.

    The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

    These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant. Agency advocates say the practice has eased collection of vital intelligence in other countries, including interception of terrorist communications.

    At the NSA, it’s common practice to constantly assess processes to identify and determine best practices. We don’t share specific processes and procedures

    The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials said. But aides to senator Ron Wyden, a leading Democrat on the senate intelligence committee, say the NSA has stonewalled on providing even the gist of the new guidelines.

    “Secret encryption back doors are a threat to national security and the safety of our families – it’s only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security,” Wyden said in an interview. “The government shouldn’t have any role in planting secret back doors in encryption technology used by Americans.”

    Rebuilding trust

    The agency declined to say how it had updated its policies on obtaining special access to commercial products. NSA officials said the agency has been rebuilding trust with the private sector through such measures as offering warnings about software flaws.

    “At the NSA, it’s common practice to constantly assess processes to identify and determine best practices,” said Anne Neuberger, who heads the NSA’s year-old Cybersecurity Directorate. “We don’t share specific processes and procedures.”

    Three former senior intelligence agency figures told Reuters that the NSA now requires that before a back door is sought, the agency must weigh the potential fallout and arrange for some kind of warning if the back door gets discovered and manipulated by adversaries.

    Whistle-blower Edward Snowden on a video link in 2015. Image: Gage Skidmore

    The continuing quest for hidden access comes as governments in the US, the UK and elsewhere seek laws that would require tech companies to let governments see unencrypted traffic. Defenders of strong encryption say the NSA’s sometimes-botched efforts to install back doors in commercial products show the dangers of such requirements.

    Critics of the NSA’s practices say they create targets for adversaries, undermine trust in US technology and compromise efforts to persuade allies to reject Chinese technology that could be used for espionage, since US gear can also be turned to such purposes.

    In at least one instance, a foreign adversary was able to take advantage of a back door invented by US intelligence, according to Juniper Networks, which said in 2015 its equipment had been compromised. In a previously unreported statement to members of the US congress in July seen by Reuters, Juniper said an unnamed national government had converted the mechanism first created by the NSA. The NSA told Wyden staffers in 2018 that there was a “lessons learned” report about the Juniper incident and others, according to Wyden spokesman Keith Chu.

    “NSA now asserts that it cannot locate this document,” Chu said.

    The NSA and Juniper declined to comment on the matter.

    Manipulating standards

    The NSA has pursued many means for getting inside equipment, sometimes striking commercial deals to induce companies to insert back doors, and in other cases manipulating standards — namely by setting processes so that companies unknowingly adopt software that NSA experts can break, according to various media reports.

    The tactics drew widespread attention starting in 2013, when Snowden leaked documents referencing these practices.

    Tech companies that were later exposed for having cut deals that allowed backdoor access, including security pioneer RSA, lost credibility and customers. Other US firms lost business overseas as customers grew wary of the NSA’s reach.

    All of that prompted a White House policy review.

    “There were all sorts of ‘lessons learnt’ processes,” said former White House cybersecurity coordinator Michael Daniel, who was advising then-president Barack Obama when the Snowden files erupted. A special commission appointed by Obama said the government should never “subvert” or “weaken” tech products or compromise standards.

    The White House did not publicly embrace that recommendation, instead beefing up review procedures for whether to use newly discovered software flaws for offensive cyber operations or get them fixed to improve defence, Daniel and others said. The secret government contracts for special access remained outside of the formal review.

    “The NSA had contracts with companies across the board to help them out, but that’s extremely protected,” said an intelligence community lawyer.

    RSA said publicly that it would not have knowingly installed a back door, but its reputation was tarnished and the company was sold

    The starkest example of the risks inherent in the NSA’s approach involved an encryption-system component known as Dual Elliptic Curve, or Dual EC. The intelligence agency worked with the US commerce department to get the technology accepted as a global standard, but cryptographers later showed that the NSA could exploit Dual EC to access encrypted data.

    RSA accepted a US$10-million contract to incorporate Dual EC into a widely used Web security system, Reuters reported in 2013. RSA said publicly that it would not have knowingly installed a back door, but its reputation was tarnished and the company was sold.

    Hot water

    Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of Internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool by altering Juniper’s version of Dual EC.

    Juniper said little about the incident. But the company acknowledged to security researcher Andy Isaacson in 2016 that it had installed Dual EC as part of a “customer requirement”, according to a previously undisclosed contemporaneous message seen by Reuters. Isaacson and other researchers believe that customer was a US government agency, since only the US is known to have insisted on Dual EC elsewhere.

    Juniper has never identified the customer, and declined to comment for this story.

    Likewise, the company never identified the hackers. But two people familiar with the case said that investigators concluded the Chinese government was behind it. They declined to detail the evidence they used.

    The Chinese government has long denied involvement in hacking of any kind. In a statement, the Chinese foreign ministry said that cyberspace is “highly virtual and difficult to trace. It is extremely irresponsible to make accusations of hacker attacks without complete and conclusive evidence. At the same time, we also noticed that the report mentioned that it was the US intelligence agency — the National Security Agency — that created this backdoor technology.”

    Wyden remains determined to find out exactly what happened at Juniper and what has changed since as the encryption wars heat up.

    Juniper does not and will not insert back doors into its products and we oppose any legislation mandating back doors

    This July, in previously unreported responses to questions from Wyden and allies in congress, Juniper said that an unidentified nation was believed to be behind the hack into its firewall code but that it had never investigated why it installed Dual EC in the first place.

    “We understand that there is a vigorous policy debate about whether and how to provide government access to encrypted content,” it said in a July letter. “Juniper does not and will not insert back doors into its products and we oppose any legislation mandating back doors.”

    A former senior NSA official told Reuters that many tech companies remain nervous about working covertly with the government. But the agencies’ efforts continue, the person said, because special access is seen as too valuable to give up.  — Reported by Joseph Menn, (c) 2020 Reuters



    Edward Snowden Juniper Networks National Security Agency NSA Ron Wyden top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleBitcoin faithful say this time is different after price surge
    Next Article MTN Nigeria sees massive growth in subscriber numbers

    Related Posts

    Edward Snowden warns of AI ‘werewolves’

    5 June 2024

    NSA chief accuses China of ‘very aggressive’ hacking strategy

    31 May 2024

    Microsoft under fire over ‘shambolic’ security practices

    15 April 2024
    Company News

    Vertiv to acquire custom rack solutions manufacturer

    18 July 2025

    SA businesses embrace gen AI – but strategy and skills are lagging

    17 July 2025

    Ransomware in South Africa: the human factor behind the growing crisis

    16 July 2025
    Opinion

    A smarter approach to digital transformation in ICT distribution

    15 July 2025

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.