Sen. Lee Signs Bipartisan Letter Questioning Juniper Networks Over Secret Government Backdoors
June 11, 2020
WASHINGTON – Sen. Mike Lee (R-UT) joined Sens. Ron Wyden (D-OR) and Cory Booker (D-NJ), along with 13 members of the U.S. House, signing a letter asking Juniper Networks to explain how an NSA-designed backdoor appeared in its products and how the key to this backdoor was later changed by unknown parties.
Juniper first revealed a security breach in late 2015 in which unauthorized code was added to its products. Cybersecurity experts subsequently determined that Juniper had added an NSA-designed algorithm to its products as far back as 2008, and that the breach that Juniper revealed in 2015 involved an unknown entity changing the key to the existing backdoor.
According to the experts, this backdoor could be exploited by sophisticated adversaries to decipher encrypted data transmitted between Juniper-manufactured equipment, which is widely used by the U.S. government and private sector. However, despite promising a full investigation, Juniper has never publicly accounted for the incident.
“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered. The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security,” the members wrote.
The letter comes in the midst of Attorney General William Barr’s efforts to pressure technology companies to weaken their encryption and assist government surveillance.
“Juniper’s experiences can provide a valuable case study about the dangers of backdoors, as well as the apparent ease with which government backdoors can be covertly subverted by a sophisticated actor,” the members continued.
The members asked Juniper to answer a list of detailed questions by July 10. A copy of today’s letter is available here.
Juniper first revealed a security breach in late 2015 in which unauthorized code was added to its products. Cybersecurity experts subsequently determined that Juniper had added an NSA-designed algorithm to its products as far back as 2008, and that the breach that Juniper revealed in 2015 involved an unknown entity changing the key to the existing backdoor.
According to the experts, this backdoor could be exploited by sophisticated adversaries to decipher encrypted data transmitted between Juniper-manufactured equipment, which is widely used by the U.S. government and private sector. However, despite promising a full investigation, Juniper has never publicly accounted for the incident.
“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered. The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security,” the members wrote.
The letter comes in the midst of Attorney General William Barr’s efforts to pressure technology companies to weaken their encryption and assist government surveillance.
“Juniper’s experiences can provide a valuable case study about the dangers of backdoors, as well as the apparent ease with which government backdoors can be covertly subverted by a sophisticated actor,” the members continued.
The members asked Juniper to answer a list of detailed questions by July 10. A copy of today’s letter is available here.