Small Victory Against NSA: Amendment Says NIST No Longer Has To Consult NSA On Standards
from the it's-a-step dept
As you may recall, the NSA secretly took over an encryption standard, purposely weakened it, paid RSA to make it a "default" in one of its products and basically weakened everyone's security. NIST has been dealing with the consequences ever since.
The Amendment, authored by Rep. Alan Grayson, would mean that NIST can skip dealing with the NSA altogether. As Grayson noted in a statement:
These are serious allegations. NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given "the mission of developing standards, guidelines, and associated methods and techniques for information systems". To violate that charge in a manner that would deliberately lessen encryption standards, and willfully diminish American citizens' and business' cyber-security, is appalling and warrants a stern response by this Committee. Many businesses, from Facebook to Google, have lamented the NSA's actions in the cyber world; and some, such as Lavabit, have consciously decided to shut their doors rather than continue to comply with the wishes of the NSA. Changes need to be made at NIST to protect its work in the encryption arena.