Dueling over Dual_EC_DRGB: The Consequences of Corrupting a Cryptographic Standardization Process
By Nadiya Kostyuk and Susan Landau
In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards. But in 2013, Edward Snowden disclosed that the National Security Agency had subverted the integrity of a NIST cryptographic standard—the Dual_EC_DRBG—enabling easy decryption of supposedly secured communications. This discovery reinforced the desire of some public and private entities to develop their own cryptographic standards instead of relying on a U.S. government process. Yet, a decade later, no credible alternative to NIST has emerged. NIST remains the only viable candidate for effectively developing internationally trusted cryptography standards.
Cryptographic algorithms are essential to security yet are hard to understand and evaluate. These technologies provide crucial security for communications protocols. Yet the protocols transit international borders; they are used by countries that do not necessarily trust each other. In particular, these nations do not necessarily trust the developer of the cryptographic standard.
Seeking to understand how NIST, a U.S. government agency, was able to remain a purveyor of cryptographic algorithms despite the Dual_EC_DRBG problem, we examine the Dual_EC_DRBG situation, NIST’s response, and why a non-regulatory, non-national security U.S. agency remains a successful international supplier of strong cryptographic solutions.
Withdrawal from Afghanistan Marks Guantánamo’s Endpoint
By David Glazier
The United States has held 779 men and boys in Guantánamo during the two decades since the 9/11 attacks, justified by loose reliance on international law rules addressing prisoners of war; thirty-seven remained as of May 2022. The Supreme Court upheld the practice in its 2004 Hamdi v. Rumsfeld decision, holding that the congressional Authorization for the Use of Military Force against al-Qaeda and the Taliban included implied authorization of the “fundamental incidents” of war, including preventive detention and military trials. But it also explicitly noted that this authority ends at the close of “active hostilities.” The war ended in August, 2021, yet detention continues to this day.
Post-conflict use of military commission trials falling short of international and U.S. constitutional criminal procedure standards is also highly problematic. The Court’s 2006 Hamdan v. Rumsfeld decision recognized that military commissions depend on federal war powers for their existence. So these trials, too, cannot legitimately continue post-conflict.
While the Biden administration continues to pursue winding down Guantánamo via detainee transfers with “security assurances,” the law of war mandates prompt post-hostilities repatriation. There is no “bad dude” exception based on general threat perceptions—only an actual criminal sentence or pending charges can justify delay. The detainees must now be charged in federal courts, extradited to another country for prosecution, or promptly repatriated.
After demonstrating why the legal authority for Guantánamo detention and military commissions has expired, this Article provides recommended dispositions for each of the detainees remaining at Guantánamo consistent with residual law of war mandates. It concludes by arguing that this outcome actually serves larger overall U.S. national interests; Guantánamo’s fiscal, legal, moral, and political costs have long outweighed its benefits.
By Juan Zarate and Sarah Watson
There is a widespread belief within both the scholarly and policymaking community that there is no broadly accepted international definition of terrorism. It is indeed the case that the United Nations has not succeeded in finalizing a counterterrorism treaty, and that acts of violence are often followed by a debate over whether they constitute acts of terrorism. This Article argues, however, that the vast majority of nations have in fact committed to adopting a substantive definition of terrorism and are steadily incorporating that definition into their domestic law through their adherence to the standards promulgated by the Financial Action Task Force. The widespread commitment to this definition offers scholars and policymakers the opportunity to move beyond fundamental, longstanding debates over the nature of terrorism and focus on applying this definition on the global stage. With a definition of terrorism in effect, terrorist actors and their supporters can be identified and isolated more effectively, with more innocent lives protected, and terrorism itself met clearly with the international opprobrium of banned international practices like piracy and slavery.
By John Cook
In both the national security field and the legal profession, members are required to undergo significant background checks and appraisals before beginning work. While both lines of work involve significant amounts of trust, competence, and integrity, there is often far greater risk to the public at large from the unauthorized release of highly classified national security information than from a poorly performing, or even dishonest, attorney. Despite the heightened risk in the national security field, the information requirements for bar admission go beyond those of national security clearances. Given the higher stakes of national security clearances compared to attorney licensure, and that both processes currently seem to accomplish their respective goals effectively, there is no reason that the bar admission process should be more rigorous and extensive in scope than the national security clearance process.
This Article compares the two processes with this thesis in mind, examining the provisions of the National Conference of Bar Examiners Character and Fitness Application in comparison with the U.S. government’s Standard Form 86 (Application for National Security Positions of the United States Government) as well as other aspects of the two processes. Overall, this comparison leads to the conclusion that the bar admissions process should more closely parallel the procedures used for national security clearance decisions.