By Brendan Sasso - 09/10/13 03:21 PM EDT
A Commerce Department agency that sets technical standards is denying that it helped the National Security Agency "deliberately weaken" encryption.
"We want to assure the [information technology] cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place," the National Institute of Standards and Technology (NIST) said in a statement on Tuesday.
Documents leaked by Edward Snowden last week showed that the NSA has been waging an aggressive campaign to break Internet encryption technologies.
The Guardian and The New York Times, which obtained the documents, reported that the NSA successfully got NIST to adopt its version of a security standard in 2006.
That standard included vulnerabilities that NSA hackers could later exploit to spy on private communications, the papers reported.
NIST is not a regulatory agency — it only helps private groups agree on voluntary standards and guidelines. If outside groups stop trusting the NIST, it could undermine the agency's usefulness.
"NIST would not deliberately weaken a cryptographic standard," the agency said in the statement. "We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large."
But NIST acknowledged that it is legally required to consult with the NSA and that the NSA helps develop security codes "because of its recognized expertise."