Standardization of cryptographic techniques –The influence of the security agencies

Abstract

This paper is inspired by the global debate emerging after the release by Edward Snowden in 2013 of many documents describing the policy and practice of the US National Security Agency (NSA) and some of its collaborating partners in other countries, GCHQ in the UK and FRA in Sweden. This paper gives five examples from 1989–1995 on how security experts from Norway, Denmark and Sweden were put under pressure by actions from NATO and various security agencies during their work for the European standardization bodies, CEN and ETSI. Even after the cold war essentially ended by the fall of the Berlin Wall in 1989, the use of cryptographic techniques, today completely legal and an essential part of the information society, was highly sensitive at least through 1996. The security experts were put under strong pressure to favour weak encryption algorithms that would facilitate eavesdropping by the national security agencies.