Comment by throwaway654329
3 years ago
This is part of a class division where we cannot practically exercise our rights which are clearly enumerated in public law. Only people with money or connections can even attempt to get many kinds of records.
It’s wrong and government employees involved should be fired, and perhaps seriously punished. If people at NIST had faced real public scrutiny and sanction for their last round of sabotage, perhaps we wouldn’t see delay and dismissal by NIST.
Delay of responding to these requests is yet another kind of sabotage of the public NIST standardization processes. Delay in standardization is delay in deployment. Delay means mass surveillance adversaries have more ciphertext that they can attack with a quantum computer. This isn’t a coincidence, though I am sure the coincidence theorists will come out in full force.
NIST should be responsive in a timely manner and they should be trustworthy, we rely on their standards for all kinds of mandatory data processing. It’s pathetic that Americans don’t have several IG investigations in parallel covering NIST and NSA behavior. Rather we have to rely on a professor to file lawsuits for the public (and cryptographers involved in the standardization process) to have even a glimpse of what is happening. Unbelievable but good that someone is doing it. He deserves our support.
> This is part of a class division where we cannot practically exercise our rights which are clearly enumerated in public law. Only people with money or connections can even attempt to get many kinds of records.
As someone with those resources, I'm still kind of annoyed because I think this state agency is playing chess accurately too. My request was anonymous through my lawyer and nobody would know that I have these documents, while if I went through the court - even if it was anonymous with the ACLU being the filer - there would still be a public record in the court system that someone was looking for those specific documents, so that's annoying
That’s a thoughtful and hard won insight, thank you.
Even though I broadly agree with what you've written here ... the situation in question isn't really about NIST/NSA response to FOIA requests at all.
It's about whether the US government has deliberately acted to foist weak encryption on the public (US and otherwise), presumably out of desire/belief that it has the right/need to always decrypt.
Whether and how those agencies respond to FOIA requests is a bit of a side-show, or maybe we could call it a prequel.
> the situation in question isn't really about NIST/NSA response to FOIA requests at all.
I disagree. To my mind, the issue is that a national standards agency with form for certifying standards they knew were broken, still isn't being transparent about their processes. NIST's reputation as been mud since the ECDRBG debacle.
People are not at liberty to ignore NIST recommendations, and use schemes that are attested by the likes of DJB, because NIST recommendations get built into operating systems and hardware. It damages everyone (including the part of NSA that is concerned with national security) that (a) NIST has a reputation for untrustworthiness, and (b) they aren't showing the commitment to transparency that would be needed to make them trustworthy again.
We are probably pretty much in agreement. It looks like they’ve got something to hide and they’re hiding it with delay tactics, among others.
They aren’t alone in failing to uphold FOIA laws, but they’re important in a key way: once the standard is forged, hardware will be built, certified, deployed, and required for certain activities. Delay is an attack that is especially pernicious in this exact FOIA case given the NIST standardization process timeline.
As a side note, the NIST FOIA people seem incompetent for reasons other than delay.