Letter from Reps. Goodlatte and Boucher to Rep. Armey Re Computer Security Division, 7/17/02.

Letter from Rep. Bob Goodlatte (R-VA), Rep. Rick Boucher (D-VA), and others.
To: Rep. Dick Armey (R-TX).
Date: July 17, 2002.
Re: Opposition to the provision in HR 5005 moving the Computer Security Division (CSD) of the National Institute of Standards and Technology (NIST) to the new Department of Homeland Security (DHS).
Source: Office of Rep. Goodlatte.

July 17, 2002

Chairman Richard Armey
House Select Committee on Homeland Security
H329 Capitol
Washington, D.C. 20515

Dear Chairman Armey:

As members who are concerned about technology issues, we are writing regarding the Administration's proposal to move the Computer Security Division (CSD) of the National Institute of Standards and Technology (NIST) from the Department of Commerce to the proposed new Department of Homeland Security.

While we support the Administration's efforts to make our country more secure in the face of terrorist threats, we are concerned that this provision would unravel years of collaboration between the CSD and the private sector to enhance the level of confidence in computer security practices. We are concerned that this reduced collaboration would be counterproductive to the Administration's goals by reducing confidence in American made IT systems thereby making our critical infrastructure more vulnerable to terrorist attack.

The credibility and success of the NIST's CSD depends on effective independence from and appropriate collaboration with law enforcement and national security agencies in the U.S. and abroad. We believe that this independence could not be maintained in the new Department of Homeland Security. In the past, it has proven to be a challenge for the CSD to strike this balance. We have been frustrated by past indications of inappropriate influence of law enforcement and national security in the development of standards for "sensitive, unclassified" information, which delayed the development of computer security standards. Too often, the CSD deferred to military and intelligence agency needs to the exclusion of other vital national interests.

In one example, the CSD's lack of responsiveness to the IT community led to a proposed encryption standard that was overbroad and unduly burdensome to American companies and completely unworkable. There is a strong national interest in ensuring that strong encryption software is available to protect our critical infrastructure from attack. The widespread use of encryption promotes our national security and prevents crime by ensuring the security, confidentiality and authenticity of electronic networks, information and users. We were pleased to finally see the announcement late last year of the new much improved Advanced Encryption Standard -- the result of 4 long years of public private partnership with the CSD, the private sector, and national security agencies.

We have serious concerns that transferring the CSD from the Commerce Department would upset the balance that we have attempted to achieve in protecting our sensitive information and critical infrastructure in a way that doesn't disadvantage American industry or limit the availability of strong encryption.

As you know, the House Science Committee wisely removed this provision during its markup of H.R. 5005. We urge the Select Committee to promote strong encryption by maintaining the CSD within NIST rather than taking the inevitably counterproductive step of moving this vital office into the Department of Homeland Security. Based on the demonstrated ability of NIST to work effectively with the private sector, while ensuring effective collaboration with other governmental agencies, we urge that the new Department focus on continued interagency coordination with NIST's CSD.

Moreover, we are concerned about provisions that would unnecessarily give the new Department authority to impose technical measures, duplicative testing requirements and unproductive certification requirements. We urge the Select Committee to reconsider inclusion of such provisions before giving the new Department this broad authority.

Thank you for your attention to this important matter and for your efforts and those of the Select Committee to protect this nation from terrorism.

Sincerely,

_____________________
Bob Goodlatte, Co-Chair
Congressional Internet Caucus

_____________________
Rick Boucher, Co-Chair
Congressional Internet Caucus

cc: Ranking Member Nancy Pelosi, House Select Committee on Homeland Security, Members of the House Select Committee on Homeland Security

The letter was signed by Representives Bob Goodlatte (R-VA), Rick Boucher (D-VA), Sherwood Boehlert (R-NY), Howard Coble (R-NC), John Conyers (D-MI), Tom Davis (R-VA), Vernon Ehlers (R-MI), Anna Eshoo (D-CA), Bob Etheridge (D-NC), Barney Frank (D-MA), Bart Gordon (D-TN), Gene Green (D-TX), Mike Honda (D-CA), Steve Horn (R-CA), Sheila Lee (D-TX), Zoe Lofgren (D-CA), Ed Markey (D-MA), Jim Moran (D-VA), Connie Morella (R-MD), Ileana Ros Lehtinen (R-FL), James Sensenbrenner (R-WI), Pete Sessions (R-TX), Adam Smith (D-WA), Lamar Smith (R-TX), Billy Tauzin (R-LA), Mark Udall (D-CO), Gerry Weller (R-IL), and others whose signatures are illegible.