Cybersecurity

How Dumb Is This?

By Paul Rosenzweig
Monday, June 23, 2014, 12:08 PM

I yield to nobody in my capacity to be surprised by Congress, but sometimes even I get a bit of a shock.  I totally get the idea that everyone is angry at the NSA.  And, indeed, I've spoken publicly about my particular disappointment that the NSA may have (if reports are accurate) deliberately degraded encryption standards.  If true, it is probably the single greatest harm NSA can have done to the security of the network.  But, if (as Matt reports) Congress is going to "prevent[] NIST from consulting with the Department of Defense and National Security Agency when developing standards and guidelines for information systems," that's just foolish.   NSA has more mathematicians and cryptographers than the entire rest of the government combined.  And we are going to exclude this expertise from consultation simply because we can't figure out a way to manage ourselves better?  If anything, this will systematically make our encryption less robust and less secure. Talk about throwing the baby out with the bathwater .....

UPDATE:  My friend Julian Sanchez quickly points out that the summary above is incomplete.  The Grayson amendment forbids consulting with NSA "in contravention of the assurance” in 15 U.S.C. 278g-3(c)(1)(A),"  That provision says:  "use of appropriate information security policies, procedures, and techniques, in order to improve information security and avoid unnecessary and costly duplication of effort."   Less foolish than at first glance .... 

Topics: