Washington, D.C. – U.S. Senators Ron Wyden, D-Ore., Mike Lee, R-Utah, Cory Booker, D-N.J. and 13 members of the U.S. House asked Juniper Networks to explain how an NSA-designed algorithm, which leading cybersecurity experts believe contains an encryption backdoor, appeared in its products, and how the key to this backdoor was later changed by unknown parties.
Juniper first revealed a security breach in late 2015 in which unauthorized code was added to its products. Cybersecurity experts subsequently determined that Juniper had added an NSA-designed algorithm to its products as far back as 2008, and that the breach that Juniper revealed in 2015 involved an unknown entity changing the key to the existing backdoor. According to the experts, this backdoor could be exploited by sophisticated adversaries to decipher encrypted data transmitted between Juniper-manufactured equipment, which is widely used by the U.S. government and private sector. However, despite promising a full investigation, Juniper has never publicly accounted for the incident.
The letter is co-signed by Judiciary Committee Chairman Rep. Jerrold Nadler, D-N.Y., Homeland Security Chairman Rep. Bennie Thompson, D-Miss., Rep. Ted Lieu, D-Calif., Rep. Zoe Lofgren, D-Calif., Rep. Pramila Jayapal, D-Wash., Rep. Tom Malinowski, D-N.J., Rep. Anna Eshoo, D-Calif., Rep. Bill Foster, D-Ill., Rep. Ro Khanna, D-Calif., Rep. Suzan DelBene, D-Wash., Rep. Kathleen Rice, D-N.Y., Rep. Yvette Clarke, D-N.Y. and Rep. Cedric Richmond, D-La.
“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered. The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security,” the members wrote.
The letter comes in the midst of Attorney General William Barr’s efforts to pressure technology companies to weaken their encryption and assist government surveillance.
“Juniper’s experiences can provide a valuable case study about the dangers of backdoors, as well as the apparent ease with which government backdoors can be covertly subverted by a sophisticated actor,” the members continued.
The members asked Juniper to answer a list of detailed questions by July 10. A copy of today’s letter is available here.