An amendment adopted by a House committee would, if enacted, take a step toward removing the National Security Agency from the business of meddling with encryption standards that protect security on the Internet.
As we reported with the Guardian and the New York Times last year, the NSA has for years engaged in a multi-front war on encryption, in many cases cracking the technology that is used to protect the confidentiality of intercepted communications. Part of the NSA’s efforts centered on the development of encryption standards by the National Institute of Standards and Technology, which sets standards that are adopted by government and industry.
In a “Dear Colleague” letter, the amendment’s sponsor, Rep. Alan Grayson (D-FL), quoted our story on the NSA from last year.
“NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given ‘the mission of developing standards, guidelines, and associated methods and techniques for information systems,’” Grayson wrote. “To violate that charge in a manner that would deliberately lessen standards, and willfully diminish American citizens’ and businesses’ cyber-security, is appalling and warrants a stern response by this Committee.”
Grayson’s office says it is working on a broader reform package to address the problems with NIST and the NSA.
Even if the current bill makes it through the House and Senate and is signed into law, NIST is expected to continue to consult with the NSA on encryption issues. NIST itself does not have a large staff of cryptographic experts. But advocates hope the amendment would signal to NIST that Congress expects the agency to be serious about protecting rather than undermining encryption standards.
“NIST is in no way precluded from interacting with NSA as a result of this amendment, but the message will be clear an agency that subverts the legitimate work of another agency will face consequences,” Grayson wrote in his letter to colleagues.