[Congressional Record Volume 160, Number 96 (Thursday, June 19, 2014)] [House] [Pages H5514-H5555] DEPARTMENT OF DEFENSE APPROPRIATIONS ACT, 2015 [...] Amendment Offered by Mr. Grayson Mr. GRAYSON. Mr. Chairman, I have an amendment at the desk. The Acting CHAIR. The Clerk will report the amendment. The Clerk read as follows: At the end of the bill (before the short title), insert the following: Sec.__. None of the funds made available by this Act may be used to ``consult'', as the term is used in reference to the Department of Defense and the National Security Agency, in contravention of the ``assur[ance]'' provided in section 20(c)(1)(A) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)(A). The Acting CHAIR. Pursuant to House Resolution 628, the gentleman from Florida and a Member opposed each will control 5 minutes. The Chair recognizes the gentleman from Florida. Mr. GRAYSON. Mr. Chairman, this is an amendment that is substantially similar to an amendment that passed by unanimous voice vote among Democrats and Republicans on the House Science and Technology Committee a couple of weeks ago. My amendment, the Grayson-Holt-Lofgren amendment, seeks to address a serious problem. Recently, it was revealed that the National Security Agency has been recklessly subverting American cryptographic standards--and deliberately so. Cryptographic standards for the national security community and the commercial software industry are developed by the National Institute of Standards and Technology, or NIST. That is an agency within the House Science and Technology jurisdiction. These standards are intended to protect Americans from foreign intelligence agencies, from cyber criminals, from industrial espionage, and from privacy violations by those who wish us harm. They are embedded in software products which are used and sold widely--in fact, almost universally in this country and elsewhere. Unfortunately, recent media reports indicate that the National Security Agency successfully and deliberately weakened encryption standards promulgated by NIST to further NSA surveillance goals at the cost of the privacy of ordinary U.S. citizens--in fact, universally throughout the United States. This is extremely dangerous. It leaves users of these standards vulnerable to anybody who is familiar with these weaknesses. We can recall that, just a few weeks ago, millions of Americans were told that they had to change their user IDs and their passwords. That, Mr. Chairman, was because of this. The NSA apparently is doing this as part of its domestic spying program, but as World Wide Web inventor Tim Berners-Lee put it: It's naive to imagine that, if you deliberately introduce into a system a weakness, you will be the only one to use it. My amendment would seek to address this issue by prohibiting the intelligence community from subverting or interfering with the integrity of any cryptographic standard that is proposed, developed, or adopted by NIST. It is only common sense that we should not want taxpayers' dollars that are appropriated to one agency being used to deliberately and actively subvert the work of another agency and, at the same time, destroy the privacy and the liberty and the personal property of our own citizens. I urge support for this amendment on both sides of the aisle, and I reserve the balance of my time. Mr. FRELINGHUYSEN. Mr. Chairman, I claim the time in opposition to the amendment. The Acting CHAIR. The gentleman from New Jersey is recognized for 5 minutes. Mr. FRELINGHUYSEN. Mr. Chairman, I am not actually opposed to the amendment, but I would like to talk about some of the assertions or allegations made by the gentleman, and I do that respectfully. I am not in opposition to the amendment, but I think there are some things that have been said that need to be replied to. The National Security Agency has participated in standards setting with the National Institute of Standards and Technology, known as NIST. Of course, they would participate. Wouldn't we want our Nation's best cryptographers to help strengthen and secure the Internet? Their participation in setting standards is a no-brainer. You want the standards to be designed by the people who best understand the threat. They recommended the standards that they themselves use. As the National Security Agency stated on September 30 of last year: NSA is responsible for setting the security standards for systems carrying and transporting the Nation's most sensitive and classified information. We use cryptography and standards that we recommend, and we recommend the cryptographic standards we use. We do not make recommendations that we cannot stand behind for protecting national security systems and data. The activity of NSA in setting standards has made the Internet a far safer place to communicate and to do business. Indeed, our participation in standards development has strengthened the core encryption technology that underpins the Internet. The idea that NSA has deliberately sabotaged security is ridiculous. These folks know the threat we face and are helping to secure the Internet we all rely on so heavily. Again, I don't oppose the amendment, but the assertions need to be rebutted. I reserve the balance of my time. Mr. GRAYSON. Mr. Chairman, I want to, in some respects, associate myself with the remarks of the gentleman from New Jersey. Obviously, we have a difference of agreement about the facts, but I think we agree that the NSA should actually be helping to establish the best possible standards for privacy in this country, regardless of whether the published reports that have been widely reported in the media are true or not. I appreciate the gentleman's allegiance to the underlying principle that Americans deserve privacy. {time} 2100 How much time do I have remaining, Mr. Chairman? The Acting CHAIR. The gentleman from Florida has 2\1/4\ minutes remaining. Mr. GRAYSON. Mr. Chairman, I yield 2 minutes to the gentleman from New Jersey. Mr. HOLT. I thank my friend from Florida for offering this amendment. It should go a long way toward recovering the lost reputation of the National Institute of Standards and Technology. Mr. Chairman, this came about because the National Security Agency [[Page H5541]] has a dual role of developing encryption standards and breaking encryption. The reports widely circulated and, I think, generally verified show that these two dual roles caused real problems for American standards and, hence, for American technology and American companies. It is unfortunate that NIST, which is supposed to be an impartial arbiter of national and of even global standards for technology, was effectively used to propagate defective encryption standards, and this amendment, I think, will help correct that. It is important that we keep high standards and that everyone knows it. This is an important amendment, and I thank the gentleman for offering it. I also appreciate the comments of the chair of the committee. Mr. FRELINGHUYSEN. Mr. Chairman, I think the National Institute of Standards and Technology, aka NIST, has always enjoyed a good reputation. I served on the committee as a ranking member, and we heavily invested in the work they do. They enjoy an incredible reputation, and the suggestion that somehow they have lost their luster and their reputation is totally inappropriate, but let's move on. I support the bill with the reservations that I have made about some of the earlier assertions that have been basically within the media that have been pumped up, maligning not only NIST but the National Security Agency, which I think does an incredible job of protecting national security and all of us. I yield back the balance of my time. Mr. GRAYSON. Mr. Chairman, I join in the gentleman's desire to move on, and I appreciate the gentleman's fair consideration of this amendment on the merits. I yield back the balance of my time. The Acting CHAIR. The question is on the amendment offered by the gentleman from Florida (Mr. Grayson). The amendment was agreed to. [...]