[Congressional Record Volume 161, Number 88 (Wednesday, June 3, 2015)] [House] [Pages H3781-H3817] COMMERCE, JUSTICE, SCIENCE, AND RELATED AGENCIES APPROPRIATIONS ACT, 2016 [...] Amendment Offered by Mr. Massie Mr. MASSIE. Madam Chair, I have an amendment at the desk regarding the National Institute of Standards and Technology. The Acting CHAIR. The Clerk will report the amendment. The Clerk read as follows: At the end of the bill (before the short title), insert the following: Sec. 543. None of the funds made available by this Act may be used by the National Institute of Standards and Technology to consult with the National Security Agency or the Central Intelligence Agency to alter cryptographic or computer standards, except to improve information security (in accordance with section 20(c)(1)(A) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)(A))). The Acting CHAIR. Pursuant to House Resolution 287, the gentleman from Kentucky and a Member opposed each will control 5 minutes. The Chair recognizes the gentleman from Kentucky. Mr. MASSIE. Madam Chair, In December of 2013, news broke--and this was in a Reuters article--that, as a key part of a ``campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with'' a private company--in fact, ``one of the most influential firms in the computer security industry.'' It was further disclosed that ``an algorithm called Dual Elliptic Curve . . . was on the road to approval by the National Institute of Standards and Technology as one of four acceptable methods for generating random numbers.'' The company adopted this algorithm, knowing that it would be used as a standard, and it was, as expected, approved by the National Institute of Standards and Technology. But ``within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weakness in the formula `can only be described as a back door.' '' This is just one example of the NSA exploiting its relationship with NIST to weaken encryption standards. Look, NIST, we would like for them to set the highest standards for our country, particularly when it comes to encryption. Weakened encryption standards allow the NSA to snoop on Americans without a warrant. So these back doors in encryption products are bad for privacy. It makes it just way too easy to violate our Fourth Amendment. But back doors in encryption software are also bad for security. Think about this: Don't you want the best security available that the minds in this country can create, produce, to safeguard your health records, maybe to safeguard your gun records, maybe to safeguard your bank accounts and your credit cards. [[Page H3794]] We are more safe when we have better security and better encryption. So it makes no sense for the National Institute of Standards and Technology to work with the NSA to weaken our encryption software. Finally, putting back doors in products is bad for business. It is bad for privacy. It is bad for security. And it is bad for business. Why is it bad for business? Why would somebody buy a product made in America if it is known that the standards in America are weaker than the standards elsewhere? You know, if there are back doors in products, it is not just the government that can use them: hackers will find them. In fact, once the weakness was exposed in this Dual Elliptic Curve, it made it very easy for people to hack into that, and the company had to say, Quit using this software. We found a weakness in it. So I would urge people to vote for this amendment. What it does is it prevents the spending of money at the National Institute of Standards and Technology to work with the NSA to weaken our encryption. The amendment does nothing to keep them from making better encryption, but they cannot weaken it. They cannot compromise it. They can't spend your tax dollars making American products and our government standards worse. I reserve the balance of my time. Mr. CULBERSON. Madam Chairman, I claim the time in opposition, although I support the amendment. The Acting CHAIR. Without objection, the gentleman from Texas is recognized for 5 minutes. There was no objection. Mr. CULBERSON. Madam Chair, we accept the amendment, agree with the reasoning that the gentleman from Kentucky (Mr. Massie) has laid forth. I believe the amendment is acceptable to the minority as well. So the amendment is agreed to unanimously. I reserve the balance of my time. Mr. MASSIE. What is the balance of my time remaining, Madam Chair? The Acting CHAIR. The gentleman from Kentucky has 1\1/2\ minutes remaining. Mr. MASSIE. Madam Chair, I will just summarize why this is an important amendment. We trust the National Institute of Standards and Technology to perform their constitutionally mandated responsibilities. That is one of the great things about NIST: its authorization is in the Constitution, to set the standards of weights and measures. So I appreciate the job they do. But we put a lot of trust into them when they set these standards. And a lot of people make business decisions. It is kind of like the Good Housekeeping seal of approval, if I may use that analogy. So, when we stamp something as a government-approved standard, we want to know it is the best in the world, that the United States has the best encryption in their products, the best encryption. We want the products that our government buys to be safe. So it would be wrong for NIST to spend money working to put back doors in our products. That is why I urge our colleagues to vote for this amendment. I yield back the balance of my time. Mr. CULBERSON. Madam Chairman, I yield such time as he may consume to the gentleman from Houston, Texas (Mr. Poe), my good friend and colleague. Mr. POE of Texas. I thank the chairman for yielding time to me. Madam Chair, I would like to try to interpret what has been said in a simpler way. Assume that the builders in the United States get together and they are given a new requirement: that when they build a new house, the Federal Government wants the option to have a master key to a back door--not only a back door but a secret back door so that at some time down the road, maybe the Federal Government would like to enter that secret back door for some purpose. And that is what this amendment is preventing. Just like we wouldn't let the Federal Government have a key to our back door or require builders to put a master key in all of the new homes that they build in the country and give the key to the government, we would never allow that. That would certainly be in violation of the Fourth Amendment of the Constitution. All this amendment does is it prevents technology--when technology is growing at a rapid rate--to prevent the Federal Government from requiring companies that make cell phones, for example, that there be an ability of the Federal Government to go in the cell phone and look around, even without the knowledge of the person who owns the cell phone. This is very similar to the bill that passed unanimously last night. So I urge the adoption to this amendment as well. I thank the chairman for allowing me to speak on the gentleman from Kentucky's amendment, since he ran out of time. Mr. CULBERSON. I am glad to do so. Madam Chair, again, the amendment is agreed to unanimously. I strongly support the gentleman from Kentucky's amendment. I yield back the balance of my time. The Acting CHAIR. The question is on the amendment offered by the gentleman from Kentucky (Mr. Massie). The question was taken; and the Acting Chair announced that the ayes appeared to have it. Mr. MASSIE. Madam Chair, I demand a recorded vote. The Acting CHAIR. Pursuant to clause 6 of rule XVIII, further proceedings on the amendment offered by the gentleman from Kentucky will be postponed. [...]