Lawmakers Seek to Prevent NSA from Weakening Online Encryption via Reform Bill Amendment

Sunday, May 18, 2014
(AP photo)

Members of the U.S. Congress want to be sure that the National Security Agency (NSA) will never again use “back doors” to crawl into Americans’ computers.


Among the many revelations that have emerged from secret documents leaked by Edward Snowden is the fact that the spy agency had engaged in weakening of encryption programs to facilitate its access to computers for its surveillance operations. Only last month it was revealed that hundreds of thousands of email and web servers around the world were infected by a virus labeled Heartbleed. When that news hit, many wondered if the NSA was the source of the malware, using it to fish for data. The NSA denied those allegations.


However, a number of lawmakers don’t want to take any chances.


Zoe Lofgren (D-California) and other representatives hope to attach an amendment to the USA Freedom Act, which is supposed to put some restrictions on the NSA’s ability to collect U.S. citizens’ phone data. The amendment would prevent the NSA from exploiting “zero-day” flaws, or inherent vulnerabilities in software, to peek into computers. The amendment would also restrict the agency from weakening encryption programs.


However, it won’t be easy for Lofgren to amend the bill. It was difficult getting the USA Freedom Act through the House Judiciary and Intelligence committees and leadership is loath to do anything that might cause the bill to lose support. “We’re not going to be given permission by [the House Rules Committee] to offer a dozen amendments,” Lofgren told The Guardian. “What we’re sorting through is what handful of items could we offer that Rules would permit that have the best chance of passing that would make the most difference. We’re going to be pragmatic.”


Other changes to the bill on civil libertarians’ wish lists are a ban on warrantless searches by the NSA through its foreign-focused communications content for Americans’ information; clarifying a Patriot Act prohibition on collecting content from Americans’ phone calls and email; and permitting more transparency for telecommunication and internet companies to disclose what kind of national-security orders they receive for customers’ data.


The USA Freedom Act is the most likely of four data privacy plans under consideration to be passed into law. Thanks to Democratic and Republican members of the house working together on the bill, it has at least qualified support on both sides of the aisle. The bill is “probably the best we can do now,” Rep. Jerrold Nadler (D-New York) has said. Will Adams, chief of staff for Michigan Republican Justin Amash, said: “We’re very pleased that the Judiciary and Intelligence committees have moved reform legislation.”


In its current form, the USA Freedom Act would still allow the NSA to track phone records two degrees removed from someone suspected to have links to an agent of a foreign power, without there necessarily being a tie to terrorism.


The NSA was accused last year of paying internet security firm RSA $10 million to create a vulnerability in its security system. RSA denied the allegation.

-Steve Straehley


To Learn More:

NSA Reform: Lawmakers Aim To Bar Agency From Weakening Encryption (by Spencer Ackerman, The Guardian)

Two Competing House Bills to Restrict NSA Phone Data Collection Jockey for Lead (by Noel Brinkerhoff, AllGov)

4 Proposals to Reform NSA Human Rights Violations: Feinstein=Worst; Leahy-Sensenbrenner=Best (by Steve Straehley, AllGov)

Computer Security Firm Accepted $10 Million Payoff to Give NSA Backdoor Access (by Noel Brinkerhoff, AllGov)

NSA Teamed with U.K. and Tech Companies to Override Global Internet Privacy (by Danny Biederman and Noel Brinkerhoff, AllGov)


Leave a comment