Congress Finally Put a (Really Obscure, But Important) Limit on NSA Power

Future Tense
The Citizen's Guide to the Future
May 23 2014 6:18 PM

Congress Blocks the NSA From Meddling With Encryption Standards. Finally.

nist
NIST sets encryption standards, and it's kind of crucial that that process exclude the NSA.

Photo from Commerce.gov.

The House passed a toothless NSA reform bill yesterday, and VC Marc Andreessen says that meetings about privacy and surveillance between tech companies and the Obama administration haven't been very productive. But the news isn't all depressing for privacy advocates. One consolation prize: a new amendment that says the NSA can no longer be involved in determining encryption standards.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

The National Institute of Standards and Technology is the federal agency that determines standards for measured quantities, like the length of a second. But NIST also holds competitions to get the best cryptographers in the world to solve security problems and evaluate new encryption techniques. The agency considers the results of its competitions as it forms new encryption standards. Once those standards are published, government agencies, subcontractors, and vendors must adhere to them for digital communications and hardware/software purchases. That means they influence manufacturers, government vendors, and tons of people.

Advertisement

Until now, the NSA has been allowed to influence decisions about encryption standards. And the NSA, presumably, is interested in finding ways to circumvent the standards so it can intercept communications and data that the senders think are secure. The agency even prevailed upon NIST to publish a standard which many in the cryptography community warned had been weakened and probably contained a backdoor for easy NSA access.

Now, finally, the House Science and Technology Committee passed an amendment to the Frontiers in Innovation, Research, Science, and Technology Act this week that will keep the NSA from getting involved in NIST's encryption-standard evaluation process. As the Huffington Post points out, this may be the first time a body of Congress has approved legislation that limits the NSA's power.

Before the vote on the amendment, Rep. Alan Grayson (D-Fla.) wrote the following in a letter to the committee:

These are serious allegations. NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given "the mission of developing standards, guidelines, and associated methods and techniques for information systems." To violate that charge in a manner that would deliberately lessen encryption standards, and willfully diminish American citizens' and business' cyber-security, is appalling and warrants a stern response by this Committee. Many businesses, from Facebook to Google, have lamented the NSA's actions in the cyber world; and some, such as Lavabit, have consciously decided to shut their doors rather than continue to comply with the wishes of the NSA. Changes need to be made at NIST to protect its work in the encryption arena.

Internally, NIST has also been working to cleanse itself by eliminating the faulty, NSA-backed encryption component from its standard. And the amendment is an important victory and a good reminder for people who may not think about cryptography every day. Weakened encryption has been one of the NSA's reliable backdoors for collecting data, and the NSA's involvement at NIST was preventing citizens and people worldwide from making informed choices about how to protect their data.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
The World
Oct. 22 2014 2:05 PM Paul Farmer Says Up to Ninety Percent of Those Infected Should Survive Ebola. Is He Right?
  Business
Business Insider
Oct. 22 2014 2:27 PM Facebook Made $595 Million in the U.K. Last Year. It Paid $0 in Taxes
  Life
The Eye
Oct. 22 2014 1:01 PM The Surprisingly Xenophobic Origins of Wonder Bread
  Double X
The XX Factor
Oct. 22 2014 10:00 AM On the Internet, Men Are Called Names. Women Are Stalked and Sexually Harassed.
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Brow Beat
Oct. 22 2014 10:39 PM Avengers: Age of Ultron Looks Like a Fun, Sprawling, and Extremely Satisfying Sequel
  Technology
Future Tense
Oct. 22 2014 2:59 PM Netizen Report: Twitter Users Under Fire in Mexico, Venezuela, Turkey
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.