[Congressional Record Volume 160, Number 96 (Thursday, June 19, 2014)]
[House]
[Pages H5514-H5555]
DEPARTMENT OF DEFENSE APPROPRIATIONS ACT, 2015
[...]
Amendment Offered by Mr. Grayson
Mr. GRAYSON. Mr. Chairman, I have an amendment at the desk.
The Acting CHAIR. The Clerk will report the amendment.
The Clerk read as follows:
At the end of the bill (before the short title), insert the
following:
Sec.__. None of the funds made available by this Act may be
used to ``consult'', as the term is used in reference to the
Department of Defense and the National Security Agency, in
contravention of the ``assur[ance]'' provided in section
20(c)(1)(A) of the National Institute of Standards and
Technology Act (15 U.S.C. 278g-3(c)(1)(A).
The Acting CHAIR. Pursuant to House Resolution 628, the gentleman
from Florida and a Member opposed each will control 5 minutes.
The Chair recognizes the gentleman from Florida.
Mr. GRAYSON. Mr. Chairman, this is an amendment that is substantially
similar to an amendment that passed by unanimous voice vote among
Democrats and Republicans on the House Science and Technology Committee
a couple of weeks ago.
My amendment, the Grayson-Holt-Lofgren amendment, seeks to address a
serious problem. Recently, it was revealed that the National Security
Agency has been recklessly subverting American cryptographic
standards--and deliberately so.
Cryptographic standards for the national security community and the
commercial software industry are developed by the National Institute of
Standards and Technology, or NIST. That is an agency within the House
Science and Technology jurisdiction.
These standards are intended to protect Americans from foreign
intelligence agencies, from cyber criminals, from industrial espionage,
and from privacy violations by those who wish us harm. They are
embedded in software products which are used and sold widely--in fact,
almost universally in this country and elsewhere.
Unfortunately, recent media reports indicate that the National
Security Agency successfully and deliberately weakened encryption
standards promulgated by NIST to further NSA surveillance goals at the
cost of the privacy of ordinary U.S. citizens--in fact, universally
throughout the United States.
This is extremely dangerous. It leaves users of these standards
vulnerable to anybody who is familiar with these weaknesses.
We can recall that, just a few weeks ago, millions of Americans were
told that they had to change their user IDs and their passwords. That,
Mr. Chairman, was because of this.
The NSA apparently is doing this as part of its domestic spying
program, but as World Wide Web inventor Tim Berners-Lee put it:
It's naive to imagine that, if you deliberately introduce
into a system a weakness, you will be the only one to use it.
My amendment would seek to address this issue by prohibiting the
intelligence community from subverting or interfering with the
integrity of any cryptographic standard that is proposed, developed, or
adopted by NIST.
It is only common sense that we should not want taxpayers' dollars
that are appropriated to one agency being used to deliberately and
actively subvert the work of another agency and, at the same time,
destroy the privacy and the liberty and the personal property of our
own citizens.
I urge support for this amendment on both sides of the aisle, and I
reserve the balance of my time.
Mr. FRELINGHUYSEN. Mr. Chairman, I claim the time in opposition to
the amendment.
The Acting CHAIR. The gentleman from New Jersey is recognized for 5
minutes.
Mr. FRELINGHUYSEN. Mr. Chairman, I am not actually opposed to the
amendment, but I would like to talk about some of the assertions or
allegations made by the gentleman, and I do that respectfully. I am not
in opposition to the amendment, but I think there are some things that
have been said that need to be replied to.
The National Security Agency has participated in standards setting
with the National Institute of Standards and Technology, known as NIST.
Of course, they would participate.
Wouldn't we want our Nation's best cryptographers to help strengthen
and secure the Internet?
Their participation in setting standards is a no-brainer. You want
the standards to be designed by the people who best understand the
threat. They recommended the standards that they themselves use.
As the National Security Agency stated on September 30 of last year:
NSA is responsible for setting the security standards for
systems carrying and transporting the Nation's most sensitive
and classified information. We use cryptography and standards
that we recommend, and we recommend the cryptographic
standards we use.
We do not make recommendations that we cannot stand behind
for protecting national security systems and data. The
activity of NSA in setting standards has made the Internet a
far safer place to communicate and to do business.
Indeed, our participation in standards development has
strengthened the core encryption technology that underpins
the Internet.
The idea that NSA has deliberately sabotaged security is ridiculous.
These folks know the threat we face and are helping to secure the
Internet we all rely on so heavily.
Again, I don't oppose the amendment, but the assertions need to be
rebutted.
I reserve the balance of my time.
Mr. GRAYSON. Mr. Chairman, I want to, in some respects, associate
myself with the remarks of the gentleman from New Jersey.
Obviously, we have a difference of agreement about the facts, but I
think we agree that the NSA should actually be helping to establish the
best possible standards for privacy in this country, regardless of
whether the published reports that have been widely reported in the
media are true or not.
I appreciate the gentleman's allegiance to the underlying principle
that Americans deserve privacy.
{time} 2100
How much time do I have remaining, Mr. Chairman?
The Acting CHAIR. The gentleman from Florida has 2\1/4\ minutes
remaining.
Mr. GRAYSON. Mr. Chairman, I yield 2 minutes to the gentleman from
New Jersey.
Mr. HOLT. I thank my friend from Florida for offering this amendment.
It should go a long way toward recovering the lost reputation of the
National Institute of Standards and Technology.
Mr. Chairman, this came about because the National Security Agency
[[Page H5541]]
has a dual role of developing encryption standards and breaking
encryption. The reports widely circulated and, I think, generally
verified show that these two dual roles caused real problems for
American standards and, hence, for American technology and American
companies.
It is unfortunate that NIST, which is supposed to be an impartial
arbiter of national and of even global standards for technology, was
effectively used to propagate defective encryption standards, and this
amendment, I think, will help correct that. It is important that we
keep high standards and that everyone knows it. This is an important
amendment, and I thank the gentleman for offering it. I also appreciate
the comments of the chair of the committee.
Mr. FRELINGHUYSEN. Mr. Chairman, I think the National Institute of
Standards and Technology, aka NIST, has always enjoyed a good
reputation. I served on the committee as a ranking member, and we
heavily invested in the work they do. They enjoy an incredible
reputation, and the suggestion that somehow they have lost their luster
and their reputation is totally inappropriate, but let's move on.
I support the bill with the reservations that I have made about some
of the earlier assertions that have been basically within the media
that have been pumped up, maligning not only NIST but the National
Security Agency, which I think does an incredible job of protecting
national security and all of us.
I yield back the balance of my time.
Mr. GRAYSON. Mr. Chairman, I join in the gentleman's desire to move
on, and I appreciate the gentleman's fair consideration of this
amendment on the merits.
I yield back the balance of my time.
The Acting CHAIR. The question is on the amendment offered by the
gentleman from Florida (Mr. Grayson).
The amendment was agreed to.
[...]
