You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Computer Security Act of 1987

In 1987, the U.S. Congress, led by Rep. Jack Brooks, enacted a law reaffirming that the National Institute for Standards and Technology (NIST), a division of the Department of Commerce, was responsible for the security of unclassified, non-military government computer systems. Under the law, the role of the National Security Agency (NSA) was limited to providing technical assistance in the civilian security realm. Congress rightly felt that it was inappropriate for a military intelligence agency to have control over the dissemination of unclassified information.

The law was enacted after President Reagan issued the controversial National Security Decision Directive (NSDD) 145 in 1984. The Reagan directive gave NSA control over all government computer systems containing "sensitive but unclassified" information. This was followed by a second directive issued by National Security Advisor John Poindexter that extended NSA authority over non-government computer systems.

Since the enactment of the Computer Security Act, the NSA has sought to undercut NIST's authority. In 1989, NSA signed a Memorandum of Understanding (MOU) which purported to transfer back to NSA the authority given to NIST. The MOU created a NIST/NSA technical working group that developed the controversial Clipper Chip and Digital Signature Standard. The NSA has also worked in other ways to weaken the mandate of the CSA. In 1994, President Clinton issued Presidential Decision Directive (PDD) 29. This directive created the Security Policy Board, which has recommended that all computer security functions for the government be merged under NSA control. In 2009, President Obama released the Administration's Cyberspace Policy Review. The report placed civil liberties and privacy protections at the center of the Administration's new approach to guarding the nation's digital infrastructure. Recognizing that privacy and security are complementary values, President Obama stressed privacy protections in every aspect of the new initiative. The Administration created a new National Security Council cybersecurity team that includes a privacy and civil liberties officer.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security