An amendment adopted by a House committee would, if enacted, take a step toward removing the National Security Agency from the business of meddling with encryption standards that protect security on the Internet.
As we reported with the Guardian and the New York Times last year, the NSA has for years engaged in a multi-front war on encryption, in many cases cracking the technology that is used to protect the confidentiality of intercepted communications. Part of the NSA’s efforts centered on the development of encryption standards by the National Institute of Standards and Technology, which sets standards that are adopted by government and industry.
Documents provided by Edward Snowden suggest that the NSA inserted a backdoor into one popular encryption standard, prompting NIST to launch an ongoing review of all its existing standards.
The amendment adopted this week by the House Committee on Science, Space, and Technology would remove an existing requirement in the law that NIST consult with the NSA on encryption standards.
In a “Dear Colleague” letter, the amendment’s sponsor, Rep. Alan Grayson (D-FL), quoted our story on the NSA from last year.
“NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given ‘the mission of developing standards, guidelines, and associated methods and techniques for information systems,’” Grayson wrote. “To violate that charge in a manner that would deliberately lessen standards, and willfully diminish American citizens’ and businesses’ cyber-security, is appalling and warrants a stern response by this Committee.”
Grayson’s amendment, which is part of a bill that funds NIST, was approved by a voice vote last week.
Grayson’s office says it is working on a broader reform package to address the problems with NIST and the NSA.
Even if the current bill makes it through the House and Senate and is signed into law, NIST is expected to continue to consult with the NSA on encryption issues. NIST itselfdoes not have a large staff of cryptographic experts. But advocates hope the amendment would signal to NIST that Congress expects the agency to be serious about protecting rather than undermining encryption standards.
“NIST is in no way precluded from interacting with NSA as a result of this amendment, but the message will be clear an agency that subverts the legitimate work of another agency will face consequences,” Grayson wrote in his letter to colleagues.
–Justin Elliott, ProPublica