A bipartisan team of legislators have passed amendments with a goal of retaining privacy protections presumably lost with the passage of the USA Freedom Act.
Republican U.S. Reps. Thomas Massie of Kentucky and Ted Poe of Texas, and Democrat Zoe Lofgren of California attached an amendment to an appropriations bill to prevent the National Institute of Standards and Technology (NIST) from cooperating with NSA surveillance. The bill was for appropriations that cover the departments of Commerce and Justice.
According to a press release from Massie, Poe, and Lofgren:
“When our government weakens encryption software to spy on citizens, it puts everyone at risk. Hackers can exploit weak encryption to gain access to Americans’ confidential health records and financial information . . . The NIST charter is to establish dependable standards, not to compromise standards for the purpose of spying.”
Lofgren said the amendments are “all that we can do at this point,” but she also told the Guardian Thursday that they are important because “the USA Freedom Act did not end bulk collection of communications and data.”
The amendments, which now have to be taken up in the U.S. Senate, are significant due to documents leaked by former NSA contractor Edward Snowden. According to those documents, the NSA “worked with NIST to deliberately introduce flaws into cryptographic standards that NIST publishes.”
Thomas Massie later told ZDNet.com about the dangers of such defective programs:
“If the government promulgates a standard that is weak, then everyone that uses that standard is at risk of having their financial and medical records stolen, and being subject to hackers. Hackers will find these backdoors if they exist.”
He elaborated, “If you give the government a shortcut into everyone’s privacy, that opens up the possibility for Fourth Amendment rights to be violated.”urged a need “to build technological solutions to prevent encryption above all else.”
Steinbach’s testimony echoed FBI director James Comey’s March comments that there should be a technique for circumventing encryption. There, he compared complete encoding to a world “where pedophiles can’t be seen, kidnappers can’t be seen, drug dealers can’t be seen.”
The amendments also come at a time when Chinese actors hacked computers at the Office of Personnel Management in Washington, D.C. Although not directly tied to the collection of data, to privacy advocates, the breach serves as an illustration of the perils of allowing the government the responsibility of accessing and protecting data.
The appropriations bill and its amendments now move to the Senate.