Small Victory Against NSA: Amendment Says NIST No Longer Has To Consult NSA On Standards

from the it's-a-step dept

Thu, May 22nd 2014 2:59pm — Mike Masnick

Even as major NSA reform appears to have become a cruel joke, there are still some small wins happening elsewhere. As noted by Access, the House Science and Technology Committee adopted an amendment to the FIRST Act (Frontiers in Innovation, Research, Science, and Technology -- which is supposed to be about increasing funding in science and technology) that says the National Institute for Standards and Technology (NIST) no longer has to consult with the NSA on encryption standards.

As you may recall, the NSA secretly took over an encryption standard, purposely weakened it, paid RSA to make it a "default" in one of its products and basically weakened everyone's security. NIST has been dealing with the consequences ever since.

The Amendment, authored by Rep. Alan Grayson, would mean that NIST can skip dealing with the NSA altogether. As Grayson noted in a statement:

These are serious allegations. NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given "the mission of developing standards, guidelines, and associated methods and techniques for information systems". To violate that charge in a manner that would deliberately lessen encryption standards, and willfully diminish American citizens' and business' cyber-security, is appalling and warrants a stern response by this Committee. Many businesses, from Facebook to Google, have lamented the NSA's actions in the cyber world; and some, such as Lavabit, have consciously decided to shut their doors rather than continue to comply with the wishes of the NSA. Changes need to be made at NIST to protect its work in the encryption arena.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alan grayson, encryption, nist, nsa, standards, surveillance

9 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

silverscarcat (profile), 22 May 2014 @ 3:29pm

About bloody time
Even if it's not much, it's better than the bills in Congress that those noodle spined wimps passed.
[ link to this | view in chronology ]
Lurker Keith, 22 May 2014 @ 3:38pm

When will the government realize not knowing what both hands are doing is counterproductive?
At least there appear to be a few members of Congress who haven't sold their brains/ votes.

Though, we yet again have an instance of fallout from one part of the government not paying attention to the shadows of the other part of the government. We need to find a way to shine the Batsignal (a large spotlight, that gets a genius's attention -- it can also be moved, so the Bat in the middle won't be a place to hide either) on the entire Government to ferret out & highlight stuff that conflicts w/ the mandates the Government has... starting w/ their Oath to defend the Constitution, not the country like so many think/ say, rather than undermine it like they seem to keep doing.
[ link to this | view in chronology ]
sorrykb (profile), 22 May 2014 @ 3:48pm

FIRST Act
adopted an amendment to the FIRST Act (Frontiers in Innovation, Research, Science, and Technology -- which is supposed to be about increasing funding in science and technology)

Keyword there is "supposed". Do we really have to support this bad Act (bad for open access, bad for basic science research, bad for social science and economics research, etc.) in order to fix NIST?
[ link to this | view in chronology ]
Coyne Tibbets (profile), 22 May 2014 @ 5:58pm

An oversight
Overlooking the NIST independence clauses in the new bill was an oversight. (Details, details.) Likely, the Senate will correct that little glitch in its version of the bill.
[ link to this | view in chronology ]
Anonymous Coward, 22 May 2014 @ 6:00pm

So, this bill is going nowhere, right?
[ link to this | view in chronology ]
- That One Guy (profile), 23 May 2014 @ 12:35am
  
  Re:
  Or it'll immediately be gutted, with this amendment replaced with another pro-NSA one, yeah.
  [ link to this | view in chronology ]
Anonymous Coward, 22 May 2014 @ 7:43pm

Yeah...I don't know if that makes NIST trustworthy all of the sudden.
[ link to this | view in chronology ]
McCrea (profile), 23 May 2014 @ 12:14am

How do we know other NIST hasn't otherwise been comprimised?
[ link to this | view in chronology ]
Lawrence D�Oliveiro, 23 May 2014 @ 1:50am

Sad, In A Way
The NSA consultation was supposed to help strengthen the security of standards proposed by NIST, by taking advantage of the incredible pool of security knowledge available there.

What a pity they could not use that power for good, only for evil.
[ link to this | view in chronology ]