As many privacy advocates have pointed out recently, it looks like some people in the federal government are intent on reviving the failed Crypto Wars of the 90s. And despite recent assurances, the National Institute of Standards and Technology (NIST) still hasn’t done enough to address NSA’s involvement in the creation of encryption standards. Fortunately, some lawmakers are taking security seriously.
You may remember that back in June, the House of Representatives voted overwhelmingly (293-123) to approve the Massie-Lofgren amendment to the 2015 Department of Defense Appropriations bill, which would have defunded the NSA’s attempts to build security backdoors into products and services. Although the amendment may have been stripped from the final appropriations bill, all’s not lost. On Thursday, Senator Ron Wyden introduced some of the same language from the amendment as the Secure Data Act of 2014 [pdf].
The Secure Data Act starts to address the problem of backdoors by prohibiting any agency from “mandate[ing] that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.” Representative Lofgren has introduced a companion bill in the House, co-sponsored by 4 Republicans and 5 Democrats.
The legislation isn’t comprehensive, of course. As some have pointed out, it only prohibits agencies from requiring a company to build a backdoor. The NSA can still do its best to convince companies to do so voluntarily. And sometimes, the NSA’s “best convincing” is a $10 million contract with a security firm like RSA.
The legislation also doesn’t change the Communications Assistance for Law Enforcement Act (CALEA.) CALEA, passed in 1994, is a law that forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap telephone calls. In 2006, the D.C. Circuit upheld the FCC's reinterpretation of CALEA to also include facilities-based broadband Internet access and VoIP service, although it doesn't apply to cell phone manufacturers.
That being said, this legislation is a good thing. First and foremost, it’s important to remind the incoming (and overwhelmingly Republican) Congress that NSA spying isn’t a partisan issue. The bipartisan Massie-Lofgren amendment garnered votes from Republicans, Democrats, and Independents. And like the Massie-Lofgren amendment, Democrats and Republicans are already supporting this legislation. While it’s not likely that Congress will touch the Secure Data Act this term, by introducing this legislation Senator Wyden and Representative Lofgren have made it clear that they will continue to push for privacy, civil liberties—and strong security.