[Congressional Record Volume 161, Number 88 (Wednesday, June 3, 2015)]
[House]
[Pages H3781-H3817]


 COMMERCE, JUSTICE, SCIENCE, AND RELATED AGENCIES APPROPRIATIONS ACT, 
                                  2016

[...]

                    Amendment Offered by Mr. Massie

  Mr. MASSIE. Madam Chair, I have an amendment at the desk regarding 
the National Institute of Standards and Technology.
  The Acting CHAIR. The Clerk will report the amendment.
  The Clerk read as follows:

       At the end of the bill (before the short title), insert the 
     following:
       Sec. 543.  None of the funds made available by this Act may 
     be used by the National Institute of Standards and Technology 
     to consult with the National Security Agency or the Central 
     Intelligence Agency to alter cryptographic or computer 
     standards, except to improve information security (in 
     accordance with section 20(c)(1)(A) of the National Institute 
     of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)(A))).

  The Acting CHAIR. Pursuant to House Resolution 287, the gentleman 
from Kentucky and a Member opposed each will control 5 minutes.
  The Chair recognizes the gentleman from Kentucky.
  Mr. MASSIE. Madam Chair, In December of 2013, news broke--and this 
was in a Reuters article--that, as a key part of a ``campaign to embed 
encryption software that it could crack into widely used computer 
products, the U.S. National Security Agency arranged a secret $10 
million contract with'' a private company--in fact, ``one of the most 
influential firms in the computer security industry.''
  It was further disclosed that ``an algorithm called Dual Elliptic 
Curve . . . was on the road to approval by the National Institute of 
Standards and Technology as one of four acceptable methods for 
generating random numbers.''
  The company adopted this algorithm, knowing that it would be used as 
a standard, and it was, as expected, approved by the National Institute 
of Standards and Technology. But ``within a year, major questions were 
raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier 
wrote that the weakness in the formula `can only be described as a back 
door.' ''
  This is just one example of the NSA exploiting its relationship with 
NIST to weaken encryption standards.
  Look, NIST, we would like for them to set the highest standards for 
our country, particularly when it comes to encryption. Weakened 
encryption standards allow the NSA to snoop on Americans without a 
warrant.
  So these back doors in encryption products are bad for privacy. It 
makes it just way too easy to violate our Fourth Amendment.
  But back doors in encryption software are also bad for security. 
Think about this: Don't you want the best security available that the 
minds in this country can create, produce, to safeguard your health 
records, maybe to safeguard your gun records, maybe to safeguard your 
bank accounts and your credit cards.

[[Page H3794]]

  We are more safe when we have better security and better encryption. 
So it makes no sense for the National Institute of Standards and 
Technology to work with the NSA to weaken our encryption software.
  Finally, putting back doors in products is bad for business. It is 
bad for privacy. It is bad for security. And it is bad for business.
  Why is it bad for business? Why would somebody buy a product made in 
America if it is known that the standards in America are weaker than 
the standards elsewhere? You know, if there are back doors in products, 
it is not just the government that can use them: hackers will find 
them. In fact, once the weakness was exposed in this Dual Elliptic 
Curve, it made it very easy for people to hack into that, and the 
company had to say, Quit using this software. We found a weakness in 
it.
  So I would urge people to vote for this amendment. What it does is it 
prevents the spending of money at the National Institute of Standards 
and Technology to work with the NSA to weaken our encryption.
  The amendment does nothing to keep them from making better 
encryption, but they cannot weaken it. They cannot compromise it. They 
can't spend your tax dollars making American products and our 
government standards worse.
  I reserve the balance of my time.
  Mr. CULBERSON. Madam Chairman, I claim the time in opposition, 
although I support the amendment.
  The Acting CHAIR. Without objection, the gentleman from Texas is 
recognized for 5 minutes.
  There was no objection.
  Mr. CULBERSON. Madam Chair, we accept the amendment, agree with the 
reasoning that the gentleman from Kentucky (Mr. Massie) has laid forth. 
I believe the amendment is acceptable to the minority as well. So the 
amendment is agreed to unanimously.
  I reserve the balance of my time.
  Mr. MASSIE. What is the balance of my time remaining, Madam Chair?
  The Acting CHAIR. The gentleman from Kentucky has 1\1/2\ minutes 
remaining.
  Mr. MASSIE. Madam Chair, I will just summarize why this is an 
important amendment.
  We trust the National Institute of Standards and Technology to 
perform their constitutionally mandated responsibilities. That is one 
of the great things about NIST: its authorization is in the 
Constitution, to set the standards of weights and measures. So I 
appreciate the job they do. But we put a lot of trust into them when 
they set these standards. And a lot of people make business decisions. 
It is kind of like the Good Housekeeping seal of approval, if I may use 
that analogy.
  So, when we stamp something as a government-approved standard, we 
want to know it is the best in the world, that the United States has 
the best encryption in their products, the best encryption. We want the 
products that our government buys to be safe. So it would be wrong for 
NIST to spend money working to put back doors in our products. That is 
why I urge our colleagues to vote for this amendment.
  I yield back the balance of my time.
  Mr. CULBERSON. Madam Chairman, I yield such time as he may consume to 
the gentleman from Houston, Texas (Mr. Poe), my good friend and 
colleague.
  Mr. POE of Texas. I thank the chairman for yielding time to me.
  Madam Chair, I would like to try to interpret what has been said in a 
simpler way.
  Assume that the builders in the United States get together and they 
are given a new requirement: that when they build a new house, the 
Federal Government wants the option to have a master key to a back 
door--not only a back door but a secret back door so that at some time 
down the road, maybe the Federal Government would like to enter that 
secret back door for some purpose. And that is what this amendment is 
preventing.
  Just like we wouldn't let the Federal Government have a key to our 
back door or require builders to put a master key in all of the new 
homes that they build in the country and give the key to the 
government, we would never allow that. That would certainly be in 
violation of the Fourth Amendment of the Constitution.
  All this amendment does is it prevents technology--when technology is 
growing at a rapid rate--to prevent the Federal Government from 
requiring companies that make cell phones, for example, that there be 
an ability of the Federal Government to go in the cell phone and look 
around, even without the knowledge of the person who owns the cell 
phone. This is very similar to the bill that passed unanimously last 
night. So I urge the adoption to this amendment as well.
  I thank the chairman for allowing me to speak on the gentleman from 
Kentucky's amendment, since he ran out of time.
  Mr. CULBERSON. I am glad to do so.
  Madam Chair, again, the amendment is agreed to unanimously. I 
strongly support the gentleman from Kentucky's amendment.
  I yield back the balance of my time.
  The Acting CHAIR. The question is on the amendment offered by the 
gentleman from Kentucky (Mr. Massie).
  The question was taken; and the Acting Chair announced that the ayes 
appeared to have it.
  Mr. MASSIE. Madam Chair, I demand a recorded vote.
  The Acting CHAIR. Pursuant to clause 6 of rule XVIII, further 
proceedings on the amendment offered by the gentleman from Kentucky 
will be postponed.

[...]