US lawmaker: Next, we stop the NSA from weakening encryption

Encryption should stay strong, says one privacy-minded member of Congress.

Rep. Thomas Massie (R-KY, 4th), earlier this week (Image: Tom Williams/CQ Roll Call, AP Images)

NEW YORK -- With one surveillance reform package out the door, lawmakers are working the big "what's next."

Hot on the heels of President Barack Obama signing the Freedom Act into law Wednesday, a bipartisan congressional effort is now focusing their efforts on preventing the government from weakening encryption.

An amendment put forward by Rep. Thomas Massie (R-KY, 4th) to a recent appropriations bill passed by overwhelming majority of 383-43 late in the day Wednesday.

For iPhone, iPad privacy, here's how to turn on encryption in just one minute

Enabling encryption on your Apple smartphone or tablet is easier than you think.

Read More

Massie, a strong advocate for privacy and civil liberties, explained on the phone Thursday that his eight-line amendment will prevent the NSA, which remains an encryption expert, from working with the National Institute of Standards and Technology (NIST) to weaken or compromise encryption.

Reps. Zoe Lofgren (D-CA, 19th) and Ted Poe (R-TX, 2nd) also threw their weight behind the amendment.

The amendment follows a report which showed the NSA had a secret $10 million contract with security firm RSA Security, which led to the circulation of a deliberately flawed encryption product. RSA became the most prominent firm to offer the encryption in a mainstream product, called Bsafe. (While $10 million may seem paltry by today's standards, Reuters noted that this sum was more than a third of the company's revenue at the time.)

The NSA was able to point to the use of Bsafe - a widely successful encryption product at the time - within the government. The National Institute of Standards and Technology (NIST), which approves cryptographic products for the government's use and also gives its blessing for private industry use, accepted the flawed encryption without knowledge of the backdoor.

NIST later renounced the technology after documents leaked by whistleblower Edward Snowden detailed the collaboration.

"Our security is at risk," Massie said. "If the government promulgates a standard that is weak, then everyone that uses that standard is at risk of having their financial and medical records stolen, and being subject to hackers. Hackers will find these backdoors if they exist."

Massie's bipartisan amendment comes as Silicon Valley tech titans and the government are head-to-head in disagreement over the inclusion of encryption on consumer devices. iPhones and iPads running the latest software now come with encryption keys in the hands of its user, making it impossible for Apple to turn over its customers data.

Massie said weakening encryption is "bad for business" and has "diminished" America's reputation on the world stage. "The government doesn't like the fact that they can't crack the encryption that Apple wants to offer in its phone."

"If you give the government a shortcut into everyone's privacy, that opens up the possibility for Fourth Amendment rights to be violated," he said.

And Massie, along with a number of civil liberties and privacy-minded members of Congress, are not going to forget the remaining details of the Snowden cache any time soon. Later this year, Massie will offer similar limitations to prevent the NSA's domestic surveillance prowess, he said.

Further down the road, he's set on targeting the controversial PRISM surveillance program, which allows the NSA to demand technology companies into secretly handing over data on its users, including Americans.

For now, Massie's amendment is in the hands of the Senate.