Rep. Michael McCaul Proposes 'Commission' To 'Force' Silicon Valley To Undermine Encryption
from the well,-here-we-go... dept
Rep. Michael McCaul, the head of the House Homeland Security Committee has now given a speech in which he announced plans to introduce legislation that will create a committee to undermine encryption in the tech industry:The legislation "would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground," Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University. "This will not be like other blue ribbon panels, established and forgotten."Yes, the idea that it will include technologists and privacy and civil liberties folks sounds good, but it still seems like the key focus is going to be around undermining encryption. You don't need a special commission to do the only thing you really need to do: which is to keep making ever more secure encryption. And, of course, McCaul has been among the leading voices in seeking to blame encryption for everything. A few weeks ago he insisted that the Paris attackers used encryption and in the Q&A portion after his speech yesterday he went even further directly claiming the Paris attackers used the Telegram app -- something that no one else has claimed to date. He first admits that a "backdoor" to encryption is a bad idea, but then basically says, "but there must be some technological solution" before claiming that the Paris attackers definitely used encryption.
He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. "We cannot stop what we cannot see," he said in reference to recent attacks in San Bernardino, Calif., and Paris.
It's a very complex issue. I think initially lawmakers thought there was an easy legislative fix where we just amend the CALEA statute, until we found out that providing a backdoor into everybody's iPhone was not going to be a very good strategy. Not only would it provide a backdoor for the government, but also for hackers. So you've noticed that the language of the FBI director and the language of the Secretary of Homeland Security has shifted to trying to find a technology solution to this problem.This part is true, but that "shift" to finding a "technology solution" still involves creating backdoors to encryption -- and just not calling them backdoors. McCaul continues:
I will not tell you that it's an easy solution, but I've had very in-depth discussions that I do believe there are alternatives. There are some solutions to this problem. And I think the inherent problem, and the reason why I'm advocating the formation of this commission, is because of the reluctance of both parties to sit in the same room together. And so what this legislation provides -- in fact what it will mandate -- that all relevant parties sit in the same room together, and in a very short period of time, provide the Congress with solutions and recommendations for legislation to deal with what I consider to, as I said in my remarks, one of the most difficult challenges of this century, in dealing with counterterrorism and basically criminal behavior.First of all this is hogwash. People from both sides are more than willing to sit together, if there was some possible productive outcome from it, and compelling them to sit in the same room doesn't change the facts that what they're asking for is impossible. I don't now how many times it needs to be said, but full encryption makes us all much safer, and you can't magically create a technology that "only the good people" can use. No one's demanding that law enforcement and gunmakers get together to create bullets that only hit bad people. And no one's demanding that automakers and law enforcement get together to design cars that only nice people can drive. Why do people magically think that Silicon Valley can determine who's good and who's bad and set up technology so that only nice people can have their privacy protected?
McCaul then continues, falsely claiming the Paris attackers used encryption:
If we don't do anything. Title III wiretaps and FISAs will become a thing of the past. When we saw the encrypted apps on the on the Paris attackers' iPhone - it was Telegram. When eight attackers and numerous co-conspirators, foreign fighters from Syria, can do something like that and it's completely under the radar screen. We know why it went undetected. It went undetected because they were communicating in the dark space. In a space where we can't shine a light on to see these communications even if we have a court order.Of course, this is hogwash. No one else has claimed the Paris attackers used encryption. And in fact we now know that they communicated via unencrypted SMS and that they did a lot of their planning in plain sight, with the guy behind the plans bragging to an English-language ISIS publication about his plans, and the attackers booking hotels and guest houses in their own names.
Politico followed up with staffers on McCaul's committee to ask about this, and they admitted that McCaul was exaggerating -- saying he was talking "in general about terrorists' use of encryption" rather than specifically about the Paris attacks. Except, he said it pretty directly, which means he's either misinformed or lying. And, yet, now he's rushing to set up a special commission to help figure out a way to deal with this problem that he himself is exaggerating? That's not encouraging.
McCaul later went on to repeat the "this is a difficult problem" line which misses the point. It's not a difficult problem. It's not that smart people don't want to work on this, it's that law enforcement and McCaul are asking for the impossible: encryption that protects privacy, but only for good people. And, yet, he says he needs to "force people" to solve this problem (he literally uses the phrase "force them.")
While some have suggested that this commission could deal with many other issues unrelated to encryption (which could, potentially be a good thing), the timing of this, just as so many have been calling to undermine encryption by phrasing it as calling for "a conversation" between techies and law enforcement, combined with McCaul's incorrect statements on encryption is worrisome.
The only other "positive" in all of this is that he's pushing this commission as an alternative to legislation that would mandate encryption backdoors admitting (correctly) that "a legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans...." That's absolutely true, but what, exactly, does he expect this new commission to do other than to undermine encryption and weaken those protections? And, as he made clear in his statements above, he's still expecting this commission to suggest a legislative solution in a fairly short time period. In other words, this may not be a "legislative knee-jerk" but it sure looks like a plan to lead to knee-jerk legislation, just one where McCaul can point to some committee's "recommendations" to cover up the fact that he's demanding the impossible.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: conversation, encryption, going dark, homeland security, michael mccaul, paris attacks, silicon valley
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
"Here's the carrot. Yes it's rotten, but trust me, you DON'T want to see the stick."
At this point they know that they're asking for the impossible, they're just trying to shift public opinion enough that they can force the tech companies to cripple encryption and make everyone less safe, and I imagine the 'commission' is nothing more than a bit of theater in that, designed ahead of time to 'fail' and hopefully make it looks like the tech companies, rather than the government and police, are the ones being unreasonable.
[ link to this | view in chronology ]
I read an article the other day on the same subject that also used the word "site". Makes me a little suspicious.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The Trurl's machine.
[ link to this | view in chronology ]
Re: The Trurl's machine.
Then Congress can trumpet that they tried every avenue, and encryption is the best way to keep people safe, and some alternatives that actually work can be trumpeted by law enforcement, and everyone else goes home feeling a bit safer.
Not saying this will happen, but at least it's a possibility.
[ link to this | view in chronology ]
Re: Re: The Trurl's machine.
why?
[ link to this | view in chronology ]
Re: Re: The Trurl's machine.
[ link to this | view in chronology ]
Re: The Trurl's machine.
- https://en.wikipedia.org/wiki/Indiana_Pi_Bill
This is what happens when you fail rudimentary mathematics.
[ link to this | view in chronology ]
Re: Re: The Trurl's machine.
[ link to this | view in chronology ]
E-Commerce, banking, ETC would be left wide open. Lets see how well that works out.
[ link to this | view in chronology ]
Re:
The actual crime is that of fraud and it is perpetrated upon the businesses not the consumer. This is simple fact and yet they attempt to hold others responsible for their own lack of security and utter contempt for anything but themselves.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
"They said they were you" ... "and you believed them"
[ link to this | view in chronology ]
Democrats and Republicans have all lost their minds and there is no way that such a resolution or law could ever withstand a court challenge, even if by some miracle they managed to squeeze this through both chambers of congress.
[ link to this | view in chronology ]
Re:
well they are just doing their jobs;
to control the sheeple via violence and taxation
[ link to this | view in chronology ]
If, tomorrow, landline telephone calls were suddenly strongly encrypted and police with a warrant couldn't listen in, would we be instantly safer? I'm pretty sure that tapping phone conversations has been used effectively in the past and I don't hear a lot of people bemoaning the fact that our easily intercepted telephone system is harming people daily.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
well...
[ link to this | view in chronology ]
Re:
So yes, we would be instantly safer, just in a different way than you describe. A way that would affect a significantly larger portion of people than your scenario.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
Landline telephones don't have the ability to control things remotely, or won't be used to make cars by themselves (as they are already testing).
This isn't like 20 years ago. Hack someone's computer, email and social networks and you get a lot of shit about him that can fuck his life forever.
And even if there isn't that shit in it, you even have the ability to create it, and fuck him forever.
Internet stopped being part of some sort of harmless virtual world and is part of our everyday lives now. Either we start taking things seriously, or the mess will be monumental.
[ link to this | view in chronology ]
Re: Re:
Ever seen a hacking movie from the '80s or '90s? It's not that telephone calls themselves keep information about you, it's that the telcos keep logs of the routing data, and anyone can listen in on the line during the call and record what they hear. Furthermore, TO THIS DAY modems are hooked up to landlines that don't verify the user who is calling in, or verify that they're the only one on the line. It's somewhat trivial to monitor a phone call being made to, say, a hydroelectric dam gate sensor, then drop the caller part way through and pick up the communication where they left off (after the password was sent for verification).
The fact that nobody's bothered to do this is a different issue: the Internet just makes things so much more convenient by providing one packet to rule them all: you don't need specialized tools and knowledge if everything is speaking the same language over the same lines.
Ironically, the Internet has consolidated our data and data control/transmission mechanisms into a one-stop-shop for both law enforcement and terrorists. There is no more physical segregation of data.
And that, of course means that physical segregation will no longer prevent against abuse of that data, which is why encryption is absolutely necessary, despite the negative impact it has on those who want to do good with (legally or illegally) pilfered data.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The government isn't my adversary in any way. It's made up of other citizens and does a pretty good job of serving me.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
You haven't been following the news much, have you?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
So what is their point again?
[ link to this | view in chronology ]
Okay, new proposal:
[ link to this | view in chronology ]
Re: Okay, new proposal:
[ link to this | view in chronology ]
Re: Okay, new proposal:
[ link to this | view in chronology ]
LOTS OF MONEY GOING NOWHERE
There is NO MAGIC KEY to encryption.
You dont need hardware to make it.
You dont need software to make it..
the only use of Software/hardware is making it easier, faster to transmit.
And if you GUT it out of the hardware, computers cellphones, and all the rest, they can make up their OWN software to do it...if they want.
But if you REALLY want down and dirty...DONT encrypt it..Even if the NSA scans all the signals and collects all the Forms/fashions of communication...It will take DAYS/MONTHS/YEARS to weed thru it all, to find the 1 communication you wanted...AFTER THE FACT.
[ link to this | view in chronology ]
They will move to encrypted networks (as if you could prevent that, lol) while on our "enlightened" networks, they will find the backdoor to fuck us like:
- Messing with your bank account: lots of illegal purchases and maybe stealing your money. Sure, banks themselves might keep that encryption, but nobody talked about that iPhone that is also used as an electronic wallet or that computer that you use to check your accounts online.
- Messing with your private information to blackmail you. No need to say much about this, do I? Emails have a lot of things in them and maybe they got what you need to make that guy do what you want, or look the other way...
- Kids. This is an important point and one that should be stretched: people tend to share pics of their family (or of sports events or whatever, like many schools do), pics that potentially, could be fap material for pedophiles if found out. You just now have put the kids of all the country in a silver platter, because now, most social networks would be ripe for them to farm pics.
- Important services: dams, traffic, electric networks... Sure, some might be hard to attack (I hope that you aren't idiot enough to force shitty encryption on a dam, but you never know), but traffic might be not that secure (and you never know what you can do with the credentials taken from someone's mobile phone or computer, like 1234 passwords...). Imagine what a terrorist might do if suddenly, he could control the traffic lights of an important city in a rush hour for just 10 seconds... the potential mess might leave Paris strikes as purely anecdotical.
Terrorism? No need to do that. Now they get cyberterrorism! And without having to spend a single penny.
I bet that Ali the Terrorist is already celebrating this with champagne. Even if he shouldn't drink it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
3 year olds
If they're going to act like three-year-olds, then let's start treating them like three-year-olds. Ok, we'll put back doors in every facet of the government's systems. Period.
Or do they also believe that every time a three-year-old sticks a fork in a light socket, the entire population of the entire planet should get zapped?
[ link to this | view in chronology ]
Re: 3 year olds
They're not talking to the technically literate, by design.
Every Congress critter has to line up for airtime to remind their voters that they are:
1/ Doing Something Very Important and Serious
2/ Being Somebody Very Important and Serious
3/ On Top Of The Very Serious Issue
4/ On Top Of The Very Serious Crisis Of The Day-Century-Forever
5/ Not Let "Them" Get Away With Anything
6/ Awake
[ link to this | view in chronology ]
Re: Re: 3 year olds
The recently passed transportation bill is the first productive thing I've seen from Congress in awhile.
[ link to this | view in chronology ]
What you want is mathematically impossible.
[ link to this | view in chronology ]
Re: Mathematically impossible?
And you thought elections were about voters picking politicians, didn't you? It's the OTHER way around, with phools like McCaul picking their voters first!
[ link to this | view in chronology ]
Reasons for why not
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Even if they pull it off
Strong encryption is out of the bag, and short of major evolutions in quantum computing or solving the whole P vs NP thing, there's no getting around it.
The oldies have (re)fallen into the trap of thinking technology comes from a place invented by a guy named "Head of Technology". Technology is sometimes messy and organic in its evolution, it defies control.
Even if they get Apple and Google and Microsoft and, and, and to backdoor encryption, the motivated will use (and evolve) OSS crypto tools, and the motivated include the bad guys. Those "common folk" not skilled enough to leverage this will be left with their asses in the wind.
[ link to this | view in chronology ]
Re: Even if they pull it off
by strong encryption they mean: not backdoored by us
and by weak encryption the mean: totally backdoored
[ link to this | view in chronology ]
Let's kill the US tech industry.
The only purpose of this is to spy on American Citizens. Just like in the movie Sneakers.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Rep. Michael McCaul says "we can't stop what we can't see".
I wonder if 'breaking encryption' applies to his laptop containing a VAST amount of illegal pornography?
[ link to this | view in chronology ]
On one hand they scream about being hacked because their databases are open to be read and on the other hand scream about the one thing that could save them the indignity.
It's time for some serious spring cleaning in the political houses as well as in government employment.
[ link to this | view in chronology ]
Process flow
[ link to this | view in chronology ]
Re: Process flow
You have to ask?
Given sufficient malice (did I mean incompetence?) any string of random bytes can be carefully decoded, in the right light, on a day with a y in the name and a year with 4 digits, as a SyNNIshTARr!-!misPeldedumled!,.b)(ignore 31673 bytes because we say so)EtErrorrysTpLotke*!
[ link to this | view in chronology ]
Re: Process flow
we just need to scan your 40 years of data and WE WILL find something to jail you.
[ link to this | view in chronology ]
Hard Work Ahead
Now reasonable people already know that at least in the Paris attacks encryption was not used (at least none found yet and plenty of unencrypted leads available) but the money hasn't been spent on creating an imaginary backdoor to fool them thar terrorists into believing that encryption is compromised and should not be used. If the money isn't spent, then there is no possible way that any backdoor could be created, imaginary or not. If enough money is spent the backdoor created can be imagined to be bigger, better, faster, and more far reaching. If you are looking right at the backdoor and can't see the backdoor, you just aren't imagining hard enough, or haven't been paid enough, whichever fits the current need.
I know, imagineering can be tough, which is why only Disney has succeeded at it so far, but with enough money, and little effort along with some group imagining from Congress, it can be accomplished. Think about it, back in the '70's Disney imagined a world where IP was meant to be purchased and repurchased and repurchased ad infinitum and here we are 40 or so short years later and they have almost achieved their goal. See, imagineering works.
So if there is a failure in achieving a backdoor it will be the fault of a lack of imagination, or a lack of faith that a backdoor can be imagined into reality, or not enough money spent in Silicon Valley to get them to drink the correct brand of cool-aid and imagine job accomplished.
Oh, and at the same time getting people to recognize only government approved terrorists which are the ones that exist because government says they do and not because government looked in a mirror. Imagine Up people!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Phrasing
What I hear is: "we want a problem for this technology solution"...
[ link to this | view in chronology ]
Re: Phrasing
[ link to this | view in chronology ]
“No one's demanding that law enforcement and gunmakers get together to create bullets that only hit bad people.”
I’m shocked—shocked, I tell you! Say it isn’t so!
[ link to this | view in chronology ]
Re: “No one's demanding that law enforcement and gunmakers get together to create bullets that only hit bad people.”
NO, it is not the argument of our "gun loving" FOUNDING FATHER... you should already know that.
but if YOU want to renounce the constitutional right to shoot back at the government, you are free to do so.
[ link to this | view in chronology ]
Re: constitutional right to shoot back at the government
The last 10,000 or so people who tried all got shot. And nobody saw it as a violation of their “rights”.
[ link to this | view in chronology ]
Compromise
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Common Ground
[ link to this | view in chronology ]
NOW
Stuff hidden away for 20-40 years..that even a FOIA form cant get..
[ link to this | view in chronology ]
Rep. Michael McCaul is a genius...
It's just a matter of finding the right group of people to put together in the same room.
Although I think even the good 'ol McCaul would be unable to;
[ link to this | view in chronology ]
Re: Rep. Michael McCaul is a genius...
[ link to this | view in chronology ]
McCaul is a worthless TOOL and a coward, too
McCaul's district was created for him in a massive gerrymandering about 12 years ago, but he is such a worthless piece of garbage that they had to repack it again a few years ago. He does NOT represent Austin, which is supposed to be the largest city in the country without a SINGLE actual Representative in the House. Neo-GOP partisan dictatorship at its worst.
(I should retract that statement, because whenever you say it's the worst, they go farther. Most recently, my own vote was disenfranchised by the new voter ID system created to solve the fake and nonexistent problem of voter fraud. Disenfranchising large numbers of voters certainly WILL influence actual elections, while a few double voters never could. If there were many fake voters, then the odds of getting exposed and arrested would rise rapidly. NO such problem.)
Never heard McCaul say anything that wasn't worthless or cowardly or both. He even contributed in his own typically minor way to my renunciation of my birthright Texian citizenship. I now regard myself as a stateless American.
[ link to this | view in chronology ]
Defective Group Think on Capitol Hill
Because these people are cretins and they believe in unicorns.
Maybe when Rep. Michael McCaul (R-Texas) is finished chasing unicorns he would be so good as to convene a 'Commission' To 'Force' the US government to obey the US Constitution?
[ link to this | view in chronology ]
Blind man complaining that the light is off...
True enough, particularly when you already can't stop what you can see.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
do you?
[ link to this | view in chronology ]
we will make a commission to torture John Galt until he fixes the Us economy...
(damn I have to read atlas shrugged again)
[ link to this | view in chronology ]
Telegram so easy (without jailbrake/root)
then it must be compromised,
otherwise Telegram would get the lavabit treatment
[ link to this | view in chronology ]
[ link to this | view in chronology ]