An amendment designed to bar the National Security Agency from undermining encryption standards was approved by the House late last week.
The move follows reporting last year by ProPublica, the Guardian, and the New York Times on the NSA's efforts to weaken encryption, including by influencing the development of standards by the National Institute of Standards and Technology. The stories were based on documents provided by Edward Snowden.
The amendment, sponsored by Representative Alan Grayson (D-Florida) and similar to one he advanced last month, bars the NSA from using appropriation funds to consult with NIST in a way that undermines security standards.
The amendment bars the NSA from using appropriation funds to consult with NIST in a way that undermines security standards.
It still has a way to go before becoming law: While the House is expected to approve the full appropriations bill that the amendment is a part of, the Senate would have to pass the same text, and ultimately President Obama would have to approve.
The amendment is separate from another one the House adopted that is designed to block the NSA from conducting "backdoor" spying on Americans by querying databases of foreign intelligence.
The voice vote on Grayson's amendment, co-sponsored by Representatives Rush Holt (D-New Jersey) and Zoe Lofgren (D-California), was preceded by a few minutes of interesting debate among Grayson, Holt, and Rodney Frelinghuysen (R-New Jersey), chairman of the defense appropriations subcommittee.
Noting that he did not oppose the amendment, Frelinghuysen nevertheless rejected what he called the "allegations" that NSA had meddled with encryption standards.
"The idea that NSA has deliberately sabotaged security is ridiculous," Frelinghuysen said. "These folks know the threat we face and are helping to secure the Internet we all rely on so heavily."
Grayson and Holt cited our reporting on the NSA's efforts to undermine encryption standards.
A Grayson spokesperson cautioned it's always possible that the NSA has a classified funding stream that could allow it to continue to meddle with encryption standards.
Here is video of the debate on the amendment:
And here's the full amendment itself:
SEC. None of the funds made available by this Act may be used to "consult", as the term is used in reference to the Department of Defense and the National Security Agency, in contravention of the "assur[ance]" provided in section 20(c)(1)(A) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)(A)).