Ron Wyden’s Letter to NIST Re: Sensitive Data Transmission

Senator Ron Wyden (D-Oregon) wrote a letter (1 mb PDF) today to the National Institute of Standards and Technology asking them to create guidance for government workers on how to securely share sensitive data,

As you know, it is a routine practice in the government, and indeed the private sector, to send by email password-protected .zip files containing sensitive documents. Many people incorrectly believe that password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools. This is because many of the software programs that create .zip files use a weak encryption algorithm by default. While secure methods to protect and share data exist and are freely available, many people do not know which software they should use.

Expansive Interpretations of the Patriot Act

In May, Wired reported on the Obama administration’s apparently new, novel and very secret interpretation of the Patriot Act. The article focuses on Sen. Ron Wyden’s (D-Oregon) opposition to reauthorizing the Patriot Act as-is, with Wyden vaguely claiming that the Obama administration is interpreting the Patriot Act in a way that Americans would find shocking,

“We’re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says,” Wyden told Danger Room in an interview in his Senate office. “When you’ve got that kind of a gap, you’re going to have a problem on your hands.”

Wyden proposed an amendment to the Patriot Act reauthorization that would have required the administration to disclose its interpretation of the act, but withdrew his amendment after reaching a deal with Sen. Majority Leader Harry Reid that will allow Wyden to hold hearings on the secret interpretation.

Reading between the lines of Wyden and Sen. Mark Udall’s (D-Utah) similar criticism of the secret interpretation, it appears the government is likely using the Patriot Act’s business records provision to troll for massive amounts of data on Americans. As the ACLU’s Michelle Richardson told Wired,

No one has tipped their hand on this in the slightest. But we’ve come to the conclusion that this is some kind of bulk collection. It wouldn’t be surprising to me if it’s some kind of internet or communication-records dragnet.

At what point do we call what the Patriot Act and similar anti-terrorism legislation have created — a de facto police state in which the power of the executive is essentially unfettered with any clumsy checks and balances. We are fortunate that at the moment this de facto police state is relatively benign (well, unless you’re this guy or this guy).

Wyden is, by the way, an odd person to be carrying the torch for civil liberties given that he was one of only five Democrats who voted in favor of Sen. Lindsy Graham’s (R-South Carolina) bill that denied habeas corpus to unlawful enemy combatants — a practice narrowly rejected by the Supreme Court in 2008.