How Dumb Is This?
I yield to nobody in my capacity to be surprised by Congress, but sometimes even I get a bit of a shock. I totally get the idea that everyone is angry at the NSA. And, indeed, I've spoken publicly about my particular disappointment that the NSA may have (if reports are accurate) deliberately degraded encryption standards. If true, it is probably the single greatest harm NSA can have done to the security of the network. But, if (as Matt reports) Congress is going to "prevent[] NIST from consulting with the Dep
Published by The Lawfare Institute
in Cooperation With
I yield to nobody in my capacity to be surprised by Congress, but sometimes even I get a bit of a shock. I totally get the idea that everyone is angry at the NSA. And, indeed, I've spoken publicly about my particular disappointment that the NSA may have (if reports are accurate) deliberately degraded encryption standards. If true, it is probably the single greatest harm NSA can have done to the security of the network. But, if (as Matt reports) Congress is going to "prevent[] NIST from consulting with the Department of Defense and National Security Agency when developing standards and guidelines for information systems," that's just foolish. NSA has more mathematicians and cryptographers than the entire rest of the government combined. And we are going to exclude this expertise from consultation simply because we can't figure out a way to manage ourselves better? If anything, this will systematically make our encryption less robust and less secure. Talk about throwing the baby out with the bathwater .....
UPDATE: My friend Julian Sanchez quickly points out that the summary above is incomplete. The Grayson amendment forbids consulting with NSA "in contravention of the assurance” in 15 U.S.C. 278g-3(c)(1)(A)," That provision says: "use of appropriate information security policies, procedures, and techniques, in order to improve information security and avoid unnecessary and costly duplication of effort." Less foolish than at first glance ....
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.