[Congressional Record Volume 161, Number 88 (Wednesday, June 3, 2015)]
[House]
[Pages H3781-H3817]
COMMERCE, JUSTICE, SCIENCE, AND RELATED AGENCIES APPROPRIATIONS ACT,
2016
[...]
Amendment Offered by Mr. Massie
Mr. MASSIE. Madam Chair, I have an amendment at the desk regarding
the National Institute of Standards and Technology.
The Acting CHAIR. The Clerk will report the amendment.
The Clerk read as follows:
At the end of the bill (before the short title), insert the
following:
Sec. 543. None of the funds made available by this Act may
be used by the National Institute of Standards and Technology
to consult with the National Security Agency or the Central
Intelligence Agency to alter cryptographic or computer
standards, except to improve information security (in
accordance with section 20(c)(1)(A) of the National Institute
of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)(A))).
The Acting CHAIR. Pursuant to House Resolution 287, the gentleman
from Kentucky and a Member opposed each will control 5 minutes.
The Chair recognizes the gentleman from Kentucky.
Mr. MASSIE. Madam Chair, In December of 2013, news broke--and this
was in a Reuters article--that, as a key part of a ``campaign to embed
encryption software that it could crack into widely used computer
products, the U.S. National Security Agency arranged a secret $10
million contract with'' a private company--in fact, ``one of the most
influential firms in the computer security industry.''
It was further disclosed that ``an algorithm called Dual Elliptic
Curve . . . was on the road to approval by the National Institute of
Standards and Technology as one of four acceptable methods for
generating random numbers.''
The company adopted this algorithm, knowing that it would be used as
a standard, and it was, as expected, approved by the National Institute
of Standards and Technology. But ``within a year, major questions were
raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier
wrote that the weakness in the formula `can only be described as a back
door.' ''
This is just one example of the NSA exploiting its relationship with
NIST to weaken encryption standards.
Look, NIST, we would like for them to set the highest standards for
our country, particularly when it comes to encryption. Weakened
encryption standards allow the NSA to snoop on Americans without a
warrant.
So these back doors in encryption products are bad for privacy. It
makes it just way too easy to violate our Fourth Amendment.
But back doors in encryption software are also bad for security.
Think about this: Don't you want the best security available that the
minds in this country can create, produce, to safeguard your health
records, maybe to safeguard your gun records, maybe to safeguard your
bank accounts and your credit cards.
[[Page H3794]]
We are more safe when we have better security and better encryption.
So it makes no sense for the National Institute of Standards and
Technology to work with the NSA to weaken our encryption software.
Finally, putting back doors in products is bad for business. It is
bad for privacy. It is bad for security. And it is bad for business.
Why is it bad for business? Why would somebody buy a product made in
America if it is known that the standards in America are weaker than
the standards elsewhere? You know, if there are back doors in products,
it is not just the government that can use them: hackers will find
them. In fact, once the weakness was exposed in this Dual Elliptic
Curve, it made it very easy for people to hack into that, and the
company had to say, Quit using this software. We found a weakness in
it.
So I would urge people to vote for this amendment. What it does is it
prevents the spending of money at the National Institute of Standards
and Technology to work with the NSA to weaken our encryption.
The amendment does nothing to keep them from making better
encryption, but they cannot weaken it. They cannot compromise it. They
can't spend your tax dollars making American products and our
government standards worse.
I reserve the balance of my time.
Mr. CULBERSON. Madam Chairman, I claim the time in opposition,
although I support the amendment.
The Acting CHAIR. Without objection, the gentleman from Texas is
recognized for 5 minutes.
There was no objection.
Mr. CULBERSON. Madam Chair, we accept the amendment, agree with the
reasoning that the gentleman from Kentucky (Mr. Massie) has laid forth.
I believe the amendment is acceptable to the minority as well. So the
amendment is agreed to unanimously.
I reserve the balance of my time.
Mr. MASSIE. What is the balance of my time remaining, Madam Chair?
The Acting CHAIR. The gentleman from Kentucky has 1\1/2\ minutes
remaining.
Mr. MASSIE. Madam Chair, I will just summarize why this is an
important amendment.
We trust the National Institute of Standards and Technology to
perform their constitutionally mandated responsibilities. That is one
of the great things about NIST: its authorization is in the
Constitution, to set the standards of weights and measures. So I
appreciate the job they do. But we put a lot of trust into them when
they set these standards. And a lot of people make business decisions.
It is kind of like the Good Housekeeping seal of approval, if I may use
that analogy.
So, when we stamp something as a government-approved standard, we
want to know it is the best in the world, that the United States has
the best encryption in their products, the best encryption. We want the
products that our government buys to be safe. So it would be wrong for
NIST to spend money working to put back doors in our products. That is
why I urge our colleagues to vote for this amendment.
I yield back the balance of my time.
Mr. CULBERSON. Madam Chairman, I yield such time as he may consume to
the gentleman from Houston, Texas (Mr. Poe), my good friend and
colleague.
Mr. POE of Texas. I thank the chairman for yielding time to me.
Madam Chair, I would like to try to interpret what has been said in a
simpler way.
Assume that the builders in the United States get together and they
are given a new requirement: that when they build a new house, the
Federal Government wants the option to have a master key to a back
door--not only a back door but a secret back door so that at some time
down the road, maybe the Federal Government would like to enter that
secret back door for some purpose. And that is what this amendment is
preventing.
Just like we wouldn't let the Federal Government have a key to our
back door or require builders to put a master key in all of the new
homes that they build in the country and give the key to the
government, we would never allow that. That would certainly be in
violation of the Fourth Amendment of the Constitution.
All this amendment does is it prevents technology--when technology is
growing at a rapid rate--to prevent the Federal Government from
requiring companies that make cell phones, for example, that there be
an ability of the Federal Government to go in the cell phone and look
around, even without the knowledge of the person who owns the cell
phone. This is very similar to the bill that passed unanimously last
night. So I urge the adoption to this amendment as well.
I thank the chairman for allowing me to speak on the gentleman from
Kentucky's amendment, since he ran out of time.
Mr. CULBERSON. I am glad to do so.
Madam Chair, again, the amendment is agreed to unanimously. I
strongly support the gentleman from Kentucky's amendment.
I yield back the balance of my time.
The Acting CHAIR. The question is on the amendment offered by the
gentleman from Kentucky (Mr. Massie).
The question was taken; and the Acting Chair announced that the ayes
appeared to have it.
Mr. MASSIE. Madam Chair, I demand a recorded vote.
The Acting CHAIR. Pursuant to clause 6 of rule XVIII, further
proceedings on the amendment offered by the gentleman from Kentucky
will be postponed.
[...]
