Two NSA-related amendments have been passed by the US House of Representatives. One blocks the NSA from undermining encryption standards, while another is designed to block the NSA from conducting backdoor spying on Americans by querying databases of foreign intelligence.
The crypto amendment, sponsored by Rep. Alan Grayson (D-Fla.), blocks the NSA from using appropriation funds to consult with the National Institute of Science and Technology (NIST) on security standards. Right now, there is a requirement in federal law stating that NIST must consult or coordinate with the NSA when developing information security standards – but the amendment would effectively cut off its ability to do so.
Severing the tie between the spy agency and NIST is an effort to isolate cryptography development from the spy agency. About eight months ago, Edward Snowden leaked documents detailing a $250 million per year NSA project called “SIGINT Enabling,” whose goal is to secretly undermine encryption standards. The stated aim of that effort according to the documents is to “use the agency’s influence” within the peer-review process to weaken the encryption standards that NIST and other standards bodies around the world publish. Presumably, this makes it easier for NSA to gain access to sensitive information within the organizations that use those standards.
In the wake of this, NIST recommended that its elliptic curve specification no longer be used in light of how involved the NSA was in developing it, and has commenced a full review of its standards development process.
The amendment is part of an appropriations bill that the House is expected to approve; from there the Senate would have to get on board as well as the White House.
Meanwhile, the House also voted, by a margin of 293 to 123, to approve a proposal by Reps. James Sensenbrenner (R-Wisc.), Thomas Massie (R-Ky.), Zoe Lofgren (D-Calif.) and others that would limit so-called backdoor searches. Under the FISA Amendments Act (FAA), no individualized warrant is required for the government to gain approval for surveillance on US soil – as long as foreign intelligence targets are the ultimate goal.
The infamous PRISM program, also revealed by Snowden, was authorized under the FAA. That allegedly made use of direct links into the central servers of nine web companies to extract audio and video chats, photographs, emails, documents and connection logs. The idea is to allow intelligence analysts to track down foreign threats by monitoring the “chatter” that these represent. Any information collected on Americans is merely “incidental,” officials maintained.