[Congressional Record Volume 160, Number 96 (Thursday, June 19, 2014)]
[House]
[Pages H5514-H5555]


             DEPARTMENT OF DEFENSE APPROPRIATIONS ACT, 2015

[...]

                    Amendment Offered by Mr. Grayson

  Mr. GRAYSON. Mr. Chairman, I have an amendment at the desk.
  The Acting CHAIR. The Clerk will report the amendment.
  The Clerk read as follows:

       At the end of the bill (before the short title), insert the 
     following:
       Sec.__. None of the funds made available by this Act may be 
     used to ``consult'', as the term is used in reference to the 
     Department of Defense and the National Security Agency, in 
     contravention of the ``assur[ance]'' provided in section 
     20(c)(1)(A) of the National Institute of Standards and 
     Technology Act (15 U.S.C. 278g-3(c)(1)(A).

  The Acting CHAIR. Pursuant to House Resolution 628, the gentleman 
from Florida and a Member opposed each will control 5 minutes.
  The Chair recognizes the gentleman from Florida.
  Mr. GRAYSON. Mr. Chairman, this is an amendment that is substantially 
similar to an amendment that passed by unanimous voice vote among 
Democrats and Republicans on the House Science and Technology Committee 
a couple of weeks ago.
  My amendment, the Grayson-Holt-Lofgren amendment, seeks to address a 
serious problem. Recently, it was revealed that the National Security 
Agency has been recklessly subverting American cryptographic 
standards--and deliberately so.
  Cryptographic standards for the national security community and the 
commercial software industry are developed by the National Institute of 
Standards and Technology, or NIST. That is an agency within the House 
Science and Technology jurisdiction.
  These standards are intended to protect Americans from foreign 
intelligence agencies, from cyber criminals, from industrial espionage, 
and from privacy violations by those who wish us harm. They are 
embedded in software products which are used and sold widely--in fact, 
almost universally in this country and elsewhere.
  Unfortunately, recent media reports indicate that the National 
Security Agency successfully and deliberately weakened encryption 
standards promulgated by NIST to further NSA surveillance goals at the 
cost of the privacy of ordinary U.S. citizens--in fact, universally 
throughout the United States.
  This is extremely dangerous. It leaves users of these standards 
vulnerable to anybody who is familiar with these weaknesses.
  We can recall that, just a few weeks ago, millions of Americans were 
told that they had to change their user IDs and their passwords. That, 
Mr. Chairman, was because of this.
  The NSA apparently is doing this as part of its domestic spying 
program, but as World Wide Web inventor Tim Berners-Lee put it:

       It's naive to imagine that, if you deliberately introduce 
     into a system a weakness, you will be the only one to use it.

  My amendment would seek to address this issue by prohibiting the 
intelligence community from subverting or interfering with the 
integrity of any cryptographic standard that is proposed, developed, or 
adopted by NIST.
  It is only common sense that we should not want taxpayers' dollars 
that are appropriated to one agency being used to deliberately and 
actively subvert the work of another agency and, at the same time, 
destroy the privacy and the liberty and the personal property of our 
own citizens.
  I urge support for this amendment on both sides of the aisle, and I 
reserve the balance of my time.
  Mr. FRELINGHUYSEN. Mr. Chairman, I claim the time in opposition to 
the amendment.
  The Acting CHAIR. The gentleman from New Jersey is recognized for 5 
minutes.
  Mr. FRELINGHUYSEN. Mr. Chairman, I am not actually opposed to the 
amendment, but I would like to talk about some of the assertions or 
allegations made by the gentleman, and I do that respectfully. I am not 
in opposition to the amendment, but I think there are some things that 
have been said that need to be replied to.
  The National Security Agency has participated in standards setting 
with the National Institute of Standards and Technology, known as NIST. 
Of course, they would participate.
  Wouldn't we want our Nation's best cryptographers to help strengthen 
and secure the Internet?
  Their participation in setting standards is a no-brainer. You want 
the standards to be designed by the people who best understand the 
threat. They recommended the standards that they themselves use.
  As the National Security Agency stated on September 30 of last year:

       NSA is responsible for setting the security standards for 
     systems carrying and transporting the Nation's most sensitive 
     and classified information. We use cryptography and standards 
     that we recommend, and we recommend the cryptographic 
     standards we use.
       We do not make recommendations that we cannot stand behind 
     for protecting national security systems and data. The 
     activity of NSA in setting standards has made the Internet a 
     far safer place to communicate and to do business.
       Indeed, our participation in standards development has 
     strengthened the core encryption technology that underpins 
     the Internet.

  The idea that NSA has deliberately sabotaged security is ridiculous. 
These folks know the threat we face and are helping to secure the 
Internet we all rely on so heavily.
  Again, I don't oppose the amendment, but the assertions need to be 
rebutted.
  I reserve the balance of my time.
  Mr. GRAYSON. Mr. Chairman, I want to, in some respects, associate 
myself with the remarks of the gentleman from New Jersey.
  Obviously, we have a difference of agreement about the facts, but I 
think we agree that the NSA should actually be helping to establish the 
best possible standards for privacy in this country, regardless of 
whether the published reports that have been widely reported in the 
media are true or not.
  I appreciate the gentleman's allegiance to the underlying principle 
that Americans deserve privacy.

                              {time}  2100

  How much time do I have remaining, Mr. Chairman?
  The Acting CHAIR. The gentleman from Florida has 2\1/4\ minutes 
remaining.
  Mr. GRAYSON. Mr. Chairman, I yield 2 minutes to the gentleman from 
New Jersey.
  Mr. HOLT. I thank my friend from Florida for offering this amendment. 
It should go a long way toward recovering the lost reputation of the 
National Institute of Standards and Technology.
  Mr. Chairman, this came about because the National Security Agency

[[Page H5541]]

has a dual role of developing encryption standards and breaking 
encryption. The reports widely circulated and, I think, generally 
verified show that these two dual roles caused real problems for 
American standards and, hence, for American technology and American 
companies.
  It is unfortunate that NIST, which is supposed to be an impartial 
arbiter of national and of even global standards for technology, was 
effectively used to propagate defective encryption standards, and this 
amendment, I think, will help correct that. It is important that we 
keep high standards and that everyone knows it. This is an important 
amendment, and I thank the gentleman for offering it. I also appreciate 
the comments of the chair of the committee.
  Mr. FRELINGHUYSEN. Mr. Chairman, I think the National Institute of 
Standards and Technology, aka NIST, has always enjoyed a good 
reputation. I served on the committee as a ranking member, and we 
heavily invested in the work they do. They enjoy an incredible 
reputation, and the suggestion that somehow they have lost their luster 
and their reputation is totally inappropriate, but let's move on.
  I support the bill with the reservations that I have made about some 
of the earlier assertions that have been basically within the media 
that have been pumped up, maligning not only NIST but the National 
Security Agency, which I think does an incredible job of protecting 
national security and all of us.
  I yield back the balance of my time.
  Mr. GRAYSON. Mr. Chairman, I join in the gentleman's desire to move 
on, and I appreciate the gentleman's fair consideration of this 
amendment on the merits.
  I yield back the balance of my time.
  The Acting CHAIR. The question is on the amendment offered by the 
gentleman from Florida (Mr. Grayson).
  The amendment was agreed to.

[...]