Some members of the U.S. House on Wednesday asked Juniper Networks to explain how an NSA-designed algorithm, which leading cybersecurity experts believe contains an encryption backdoor, appeared in its products, and how the key to this backdoor was later changed by unknown parties.
Juniper first revealed a security breach in late 2015 in which unauthorized code was added to its products. Cybersecurity experts subsequently determined that Juniper had added an NSA-designed algorithm to its products as far back as 2008, and that the breach that Juniper revealed in 2015 involved an unknown entity changing the key to the existing backdoor.
“According to the experts, this backdoor could be exploited by sophisticated adversaries to decipher encrypted data transmitted between Juniper-manufactured equipment, which is widely used by the U.S. government and private sector,” the lawmakers said in a statement.
“However, despite promising a full investigation, Juniper has never publicly accounted for the incident,” they added.
The letter comes in the midst of Attorney General William Barr’s efforts to pressure technology companies to weaken their encryption and assist government surveillance.
“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered. The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security,” the members wrote.
“Juniper’s experiences can provide a valuable case study about the dangers of backdoors, as well as the apparent ease with which government backdoors can be covertly subverted by a sophisticated actor,” the members continued.