Congress Finally Put a (Really Obscure, But Important) Limit on NSA Power

The Citizen's Guide to the Future
May 23 2014 6:18 PM

Congress Blocks the NSA From Meddling With Encryption Standards. Finally.

nist
NIST sets encryption standards, and it's kind of crucial that that process exclude the NSA.

Photo from Commerce.gov.

The House passed a toothless NSA reform bill yesterday, and VC Marc Andreessen says that meetings about privacy and surveillance between tech companies and the Obama administration haven't been very productive. But the news isn't all depressing for privacy advocates. One consolation prize: a new amendment that says the NSA can no longer be involved in determining encryption standards.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

The National Institute of Standards and Technology is the federal agency that determines standards for measured quantities, like the length of a second. But NIST also holds competitions to get the best cryptographers in the world to solve security problems and evaluate new encryption techniques. The agency considers the results of its competitions as it forms new encryption standards. Once those standards are published, government agencies, subcontractors, and vendors must adhere to them for digital communications and hardware/software purchases. That means they influence manufacturers, government vendors, and tons of people.

Advertisement

Until now, the NSA has been allowed to influence decisions about encryption standards. And the NSA, presumably, is interested in finding ways to circumvent the standards so it can intercept communications and data that the senders think are secure. The agency even prevailed upon NIST to publish a standard which many in the cryptography community warned had been weakened and probably contained a backdoor for easy NSA access.

Now, finally, the House Science and Technology Committee passed an amendment to the Frontiers in Innovation, Research, Science, and Technology Act this week that will keep the NSA from getting involved in NIST's encryption-standard evaluation process. As the Huffington Post points out, this may be the first time a body of Congress has approved legislation that limits the NSA's power.

Before the vote on the amendment, Rep. Alan Grayson (D-Fla.) wrote the following in a letter to the committee:

These are serious allegations. NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given "the mission of developing standards, guidelines, and associated methods and techniques for information systems." To violate that charge in a manner that would deliberately lessen encryption standards, and willfully diminish American citizens' and business' cyber-security, is appalling and warrants a stern response by this Committee. Many businesses, from Facebook to Google, have lamented the NSA's actions in the cyber world; and some, such as Lavabit, have consciously decided to shut their doors rather than continue to comply with the wishes of the NSA. Changes need to be made at NIST to protect its work in the encryption arena.

Internally, NIST has also been working to cleanse itself by eliminating the faulty, NSA-backed encryption component from its standard. And the amendment is an important victory and a good reminder for people who may not think about cryptography every day. Weakened encryption has been one of the NSA's reliable backdoors for collecting data, and the NSA's involvement at NIST was preventing citizens and people worldwide from making informed choices about how to protect their data.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Alabama’s Insane New Abortion Law Gives Fetuses Lawyers and Puts Teenage Girls on Trial

Tattoo Parlors Have Become a Great Investment

A Year Ago I Decided to Never Fly Again. It’s One of the Best Decision I’ve Ever Made.

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?
Politics

Big Problems With the Secret Service Were Reported Last Year. Nobody Cared.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

The Secret Service’s Big Problems Were Reported Last Year. Nobody Cared.

  News & Politics
Politics
Oct. 2 2014 11:01 AM It Wasn’t a Secret A 2013 inspector general report detailed all of the Secret Service’s problems. Nobody cared.
  Business
Moneybox
Oct. 2 2014 12:58 PM Why Can’t States Do More to Protect Patients From Surprise Medical Bills? It’s complicated.
  Life
Lexicon Valley
Oct. 2 2014 1:05 PM What's Wrong With "America's Ugliest Accent"
  Double X
The XX Factor
Oct. 2 2014 12:37 PM St. Louis Study Confirms That IUDs Are the Key to Lowering Teen Pregnancy Rates
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 2 2014 1:29 PM Want to Know What Makes David Fincher Great? Focus on What He Doesn’t Do.
  Technology
Future Tense
Oct. 2 2014 1:22 PM If Someone Secretly Controlled What You Say, Would You Notice? What cyranoid experiments reveal about how people act.  
  Health & Science
Science
Oct. 2 2014 12:53 PM The Panic Virus How public health officials are keeping Americans calm about the Ebola threat.
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?