NIST Privacy Framework focuses on risks for users, can go even further to protect rights
Earlier this month, Access Now submitted comments to the U.S. National Institute of Standards and Technology (NIST) to argue for a stronger Privacy Framework that will better protect individuals’ data.
After Meltdown and Spectre, we need better vulnerability disclosure and a stronger U.S. cyber framework
Read our comments for NIST, a U.S. agency that creates technical standards, on its framework for cybersecurity.
A new report helps U.S. federal agencies protect your privacy. Companies should use it, too.
The new NIST report argues for a user-centric approach to privacy, a model industry should adopt.
New Crypto Guidance Draft Offers Brighter Path Forward
The U.S. National Institute of Standards and Technology (NIST) has released the second draft of its “Cryptographic Standards and Development Process,” a document intended to provide principles and guidance on the creation of cryptographic standards. Crypto standards developed by NIST serve as the basis for secure communications and interactions across the internet.
Access applauds NIST for the new draft — which expands upon and strengthens the language behind important principles first set out in the previous draft — and for actively and transparently engaging with the public on these important issues. We also encourage NIST to include specific language directed at the National Security Agency (NSA) before the text is finalized.
It’s not you, it’s me: committee of cryptographic experts tries to crack NIST/NSA relationship
In response to stories in the New York Times, ProPublica, and the Guardian that the National Security Agency (“NSA”) was undermining encryption standards, The Visiting Committee on Advanced Technology (VCAT) released a report that called for increased transparency and internal expertise at the National Institute for Standards and Technologies (“NIST”). The VCAT reviews and makes recommendations regarding general policy for the National Institute of Standards and Technology. The VCAT formed a Committee of Visitors (“COV”) in mid-April to review the relationship between NIST and the NSA.
Access and partners call on NIST to strengthen cryptography standards
Following revelations that the National Security Agency (NSA) deliberately weakened cryptographic standards put out by the U.S. National Institute of Standards and Technology (NIST), NIST recently proposed a series of principles to guide cryptography standards-setting going forward. Access, together with a coalition of eleven other digital rights, technology, privacy, and open government groups, submitted a letter today calling on NIST to strengthen cryptography principles, noting in particular that the principles must be “modified and amended to provide greater transparency and access.”
You wouldn’t leave your backdoor unlocked: the danger of intentional vulnerabilities
Among the many revelations to come out of this summer, The New York Times recently announced that the NSA has been conducting a systematic and well-funded effort to install “backdoors” in consumer electronic devices, known as “Project Bullrun.” To better understand their history, how they can work, and the risks associated, here are three things you ought to know about backdoors.