As Law To Backdoor Encryption Stalls, Congress Tries Backup Stupid Plan To Backdoor Encryption

from the bad-ideas-all-around dept

Wed, Jan 20th 2016 9:39am — Mike Masnick

Late last year, Senator Richard Burr, who is painfully wrong on encryption, announced that he and Senator Dianne Feinstein were working on new legislation that would mandate backdoors to encryption. Most people recognized that such a bill had little-to-no chance of actually passing Congress, as there are at least enough folks up on Capitol Hill who realize that such a law is incredibly stupid. Given that, it's little surprise that reporter Jenna McLaughlin from The Intercept is reporting that such legislation "has been delayed."

But, fear not, foes of strong encryption, because there's always a plan B. Late last year, we also noted that Rep. Michael McCaul, the head of the House Homeland Security Committee, was going to propose legislation that would create a "commission" bringing tech companies and law enforcement together to work on a way to undermine encryption. While, at the very least, he noted concerns about backdooring encryption (and later noted how backdoors could weaken everyone's security), it hasn't stopped him from moving forward with this commission, and making some fairly ridiculously ignorant statements about all of this.

McCaul, together with Senator Mark Warner (who should know better), has announced that they're moving forward with legislation to set up this commission, and still ridiculously claims that "going dark" is a real problem that needs to be "solved."

McCaul said the group would be given “a tight time frame” to develop “recommendations to the Congress as to what can be done to solve this urgent, and I think very challenging threat to our national security.”

But, as if to underline how little McCaul really seems to understand about the issue, during a press conference about this, he claimed that the "going dark debate" was started by Ed Snowden's use of encryption, leading to a rather sarcastic reply from Snowden himself:

Chairman McCaul on "going dark": "It’s ironic that Edward @Snowden really sort of created all this when he started using encryption."
— Kaveh Waddell (@kavehewaddell) January 19, 2016

Other things Chairman McCaul thinks I created: famine, climate change, bieber. https://t.co/eJ8JWyDy1K
— Edward Snowden (@Snowden) January 19, 2016

It's troubling that the guy who thinks Snowden started the debate on going dark is now apparently going to lead this commission to deal with the "problem" of going dark. Nor is the whole "tight timeline" particularly encouraging. Because the whole thing is based on a false premise that if we just "get smart people in the room," they'll figure out "a solution."

But how many times does it need to be said before law enforcement and politicians understand the rather basic facts: you can undermine encryption, but it makes everyone significantly less safe. There is no way to build technology that says "only the pure of heart may use this technology, while ISIS may not." The second you try to do that, all you end up doing is opening up serious vulnerabilities that will put everyone at risk.

Meanwhile, another report on this planned commission claims that it will "be tasked with developing a solution that doesn’t require a 'backdoor' into encrypted communications." That's obviously better than being tasked with backdooring encryption... but what does that even mean? The whole setup of the discussion and the debate is falsely framed around the idea that strong encryption is a "problem" that needs to be "solved." Saying "but we don't mean backdoors," feels like a semantic game, such as James Comey's ridiculous attempt a few months back, where he insisted that the FBI wants "front doors" instead of backdoors.

If Rep. McCaul and Sen Warner were serious about "Homeland Security," they'd both get on the bandwagon supporting strong encryption because that, and that alone, is the best way to protect computer security for Americans.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, commission, congress, dianne feinstein, ed snowden, encryption, going dark, mark warner, michael mccaul, richard burr

32 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 20 Jan 2016 @ 9:49am

Most people recognized that such a bill had little-to-no chance of actually passing Congress, as there are at least enough folks up on Capitol Hill who realize that such a law is painfully stupid.

I am seriously wondering, what makes you says this? There are more than enough painfully stupid laws being enacted that you might want to retract that statement!

Never over/underestimate how stupid anything is, because its the trail of money that determines things... not their sanity levels! Have you even looked at politics at any single point since 2000? I accuse you of living under a rock sir!
[ link to this | view in chronology ]
- Anonymous Coward, 20 Jan 2016 @ 10:10am
  
  Re:
  ...There are more than enough painfully stupid laws being enacted...
  
  Many of which are part of gigantic "omni-bus" bills that have to be passed/failed all-or-nothing, and the President has to sign/veto all-or-nothing.
  [ link to this | view in chronology ]
  - Anonymous Coward, 20 Jan 2016 @ 10:19am
    
    Re: Re:
    This is why people need to stop treating these overly elaborate government shutdowns as terrible things.
    
    This omnibus bill is going to cause more problems than a government shutdown could ever cause.
    [ link to this | view in chronology ]
- Anonymous Coward, 20 Jan 2016 @ 5:22pm
  
  Re:
  Since 2000?
  As if this has not been going on like forevar.
  [ link to this | view in chronology ]
- Mike Masnick (profile), 20 Jan 2016 @ 5:52pm
  
  Re:
  
  I am seriously wondering, what makes you says this? There are more than enough painfully stupid laws being enacted that you might want to retract that statement!
  
  True, but over the summer last year, there were some Congressional hearings on this issue, and it was amazing to see that almost every Congressional Rep pointed out how dumb it would be to backdoor encryption.
  [ link to this | view in chronology ]
Anonymous Coward, 20 Jan 2016 @ 9:50am

Fort Knox could do with some more windows.
[ link to this | view in chronology ]
- PRMan (profile), 20 Jan 2016 @ 10:51am
  
  Re:
  Yeah... It's too "dark" in there.
  [ link to this | view in chronology ]
ThatFatMan (profile), 20 Jan 2016 @ 10:23am

Going Dark is not a problem, and it does not need to be solved.

What Going Dark is, is the new buzzword that some government officials are throwing around to bring new life to the increasingly stale "terrorism" phrase they've used to drive the Surveillance State.
[ link to this | view in chronology ]
Anonymous Coward, 20 Jan 2016 @ 10:24am

Edward @Snowden really sort of created all this when he started using encryption.
We've got a bigger problem than 'going dark'. If Snowden only started using encryption during his whistleblowing, then he wasn't using it with his normal NSA duties. That means the NSA might not have the most robust of security policies.
[ link to this | view in chronology ]
Anonymous Coward, 20 Jan 2016 @ 10:24am

These stupid Republicans have no care how Democracy is supposed to work. If it doesn't get voted in, try the slimy way is the Republican way. Damn the democratic process.
[ link to this | view in chronology ]
- Anonymous Coward, 20 Jan 2016 @ 10:30am
  
  Re:
  So much fail in this post.
  
  We are a republic, not a democracy. The 'democratic' process is a meaningless term. The 'stupid' democrats are no better.
  
  Both parties have had their chance to clean things up... neither one does it. Why can you not see that both parties are the same, they just go about accomplishing their tyranny a little bit different from each other.
  [ link to this | view in chronology ]
  - Anonymous Coward, 20 Jan 2016 @ 10:53am
    
    Re: Re:
    It's a republic run through representative democracy. Republic just means, "Not a monarchy."
    
    "We are a republic, not a democracy," is just a talk-radio host smarmy pun masquerading as something clever. We're both a republic and a democracy, but the democracy is the important bit.
    
    This isn't to undermine your second point about both parties being essentially the same.
    [ link to this | view in chronology ]
    - Anonymous Coward, 20 Jan 2016 @ 5:23pm
      
      Re: Re: Re:
      No two things are exactly the same.
      [ link to this | view in chronology ]
    - Anonymous Coward, 20 Jan 2016 @ 6:58pm
      
      Re: Re: Re:
      "We are a republic, not a democracy," is just a talk-radio host smarmy pun masquerading as something clever.
      James Madison, under his “Publius” byline, was a talk-radio host? Who knew?
      
      Federalist #10: “The Same Subject Continued The Union as a Safeguard Against Domestic Faction and Insurrection”, New York Packet, Nov 23, 1787
      . . . [A] pure democracy, by which I mean a society consisting of a small number of citizens, who assemble and administer the government in person, can admit of no cure for the mischiefs of faction. . . .
      
      A republic, by which I mean a government in which the scheme of representation takes place, opens a different prospect, and promises the cure for which we are seeking. Let us examine the points in which it varies from pure democracy, and we shall comprehend both the nature of the cure and the efficacy which it must derive from the Union.
      
      The two great points of difference between a democracy and a republic are: first, the delegation of the government, in the latter, to a small number of citizens elected by the rest; secondly, the greater number of citizens, and greater sphere of country, over which the latter may be extended. . . .
      [ link to this | view in chronology ]
      - Anonymous Coward, 20 Jan 2016 @ 7:59pm
        
        Re: Re: Re: Re:
        … Federalist #10…
        And on the Anti-Federalist side, “Brutus” is believed to have been Robert Yates.
        
        “To the People of the State of New-York”, Oct 18, 1787
        . . . In a pure democracy the people are the sovereign, and their will is declared by themselves; for this purpose they must all come together to deliberate, and decide. This kind of government cannot be exercised, therefore, over a country of any considerable extent; it must be confined to a single city, or at least limited to such bounds as that the people can conveniently assemble, be able to debate, understand the subject submitted to them, and declare their opinion concerning it.
        
        In a free republic, although all laws are derived from the consent of the people, yet the people do not declare their consent by themselves in person, but by representatives, chosen by them, who are supposed to know the minds of their constituents, and to be possessed of integrity to declare this mind. . . .
        Robert Yates, talk-show radio host? Who knew?
        [ link to this | view in chronology ]
    - Anonymous Coward, 20 Jan 2016 @ 9:42pm
      
      Re: Re: Re:
      Republic just means, "Not a monarchy."
      Letter from John Adams to Roger Sherman, 17 July 1789
      . . . England is a Republic; a monarchical Republic it is true: but a Republic Still: because the Sovereignty, which is the Legislative Power, is vested in more than one Man: it is equally divided indeed between the one, the few, and the many: or in other Words between the three natural Divisions of Mankind in every Society; the monarchical, the Aristocratical and the Democratical. it is essential to a monarchical Republic, that the Supream Executive Should be a Branch of the Legislature, and have Negative on all the laws.—I Say essential because, if Monarchy were not an essential Part of the Sovereignty the Government would not be a monacharical Republic. Your Position therefore is clearly and certainly an Error . . .
      Letter from John Adams to Roger Sherman, 18 July 1789
      In my letter of yesterday I think it was demonstrated that the English government is a republic, and that the regal negative upon the laws is essential to that republic. . . .
      [ link to this | view in chronology ]
- That One Guy (profile), 20 Jan 2016 @ 10:51am
  
  Re:
  First attempt:
  Feinstein, Dianne - Democrat
  Burr, Richard - Republican
  
  Second attempt:
  McCaul, Michael - Republican
  Warner, Mark - Democrat
  
  This is not an R vs D issue, both have plenty of members that care nothing for the rights of the public and are more than willing to undermine public safety if that's what it takes to protect the government's ability to engage in mass spying.
  [ link to this | view in chronology ]
Zangetsu (profile), 20 Jan 2016 @ 11:09am

Maybe I'm being silly, but ..
OK, I may be a little out of touch with reality, but don't the "bad guys" have access to compilers and IDEs? Can't they just write their own encryption and use that? Sure, the U.S. may mandate backdoors, but if they do, won't the "bad guys" just use someone else's encryption or write their own?
[ link to this | view in chronology ]
- Anonymous Coward, 20 Jan 2016 @ 11:30am
  
  Re: Maybe I'm being silly, but ..
  Why bother? That takes a lot of work and is hard to deploy successfully. You can just use simple codes without bothering to use encryption at all.
  
  If you know that the phrase, "We're ordering a brown desk with twelve brass fittings," means to go to place A and do thing B at time C, and there is no possible way for anyone else to know what those things are, then that is as unbreakable as you can get. It is possible to make coded messages that are able to pass through translation and be distributed broadly in the clear.
  
  Encryption is merely a convenience for the bad guys, it is not essential in the slightest. It's essential for the good guys. You can't use a coded message to communicate securely with your bank or a retailer; you have to use a cipher secured through algorithmic encryption.
  [ link to this | view in chronology ]
  - nasch (profile), 21 Jan 2016 @ 9:23am
    
    Re: Re: Maybe I'm being silly, but ..
    If you know that the phrase, "We're ordering a brown desk with twelve brass fittings," means to go to place A and do thing B at time C, and there is no possible way for anyone else to know what those things are, then that is as unbreakable as you can get.
    
    I highlighted the hard part. I'm not a terrorist and don't play one on TV, but I'd bet that keeping the codes secure is harder than it sounds. Not so hard that it isn't worth doing of course, but I would think once you have more than two people needing to use the code it gets harder to manage securely.
    [ link to this | view in chronology ]
- Suomymona, 20 Jan 2016 @ 11:33am
  
  Re: Maybe I'm being silly, but ..
  "but don't the 'bad guys' have access to compilers and IDEs?"
  
  No. They're too stupid to know how to use them; that's how we know they're bad. Only the good guys can use compilers and interpreters; that's how we know they're good.
  
  Hey, that raises a good point: we need to add back doors to compilers/interpreters as well just in case the bad guys ever DO manage to go to class.
  
  I think our government needs to have it's own back door. We know they already have a back room.
  [ link to this | view in chronology ]
  - Digitari, 20 Jan 2016 @ 1:21pm
    
    Re: Re: Maybe I'm being silly, but ..
    Can you imagine the outcry if we (The People) Demanded a window for that "Back room"?
    [ link to this | view in chronology ]
aethercowboy (profile), 20 Jan 2016 @ 11:20am

I can just imagine future math courses if a stupid law like this makes any sort of headway.

Student: "Why do we have to show our work?"
Teacher: "To give it to the NSA in case you're a terrorist."
[ link to this | view in chronology ]
TechDescartes (profile), 20 Jan 2016 @ 11:23am

So…
...if only the Dark Side uses encryption, maybe that explains why they keep taking over the universe and the Light Side keeps getting subjugated and thus needs to rebel.

Again.
[ link to this | view in chronology ]
Ryunosuke (profile), 20 Jan 2016 @ 11:27am

again, trust..
[ link to this | view in chronology ]
Anonymous Coward, 20 Jan 2016 @ 1:32pm

Key in the Stone
Does no one ever think outside the box around here?

All we gotta do is contact this guy Merlin who can put the golden key in a stone and inscribe on said stone "Whoso pulleth out this key from this stone, is pure of heart and entitled to decrypt all communications"

The only difficult part in this plan is finding the person pure of heard who can access the key.
[ link to this | view in chronology ]
Anon, 20 Jan 2016 @ 1:38pm

Solves Nothing
Encryption backdoors solve nothing. Like satphones and cellular, like email - if the bad guys know the NSA is listening, they don't use it. Mandating that, say iPhone and Android be breakable, simply means the bad guys will set use an app to scramble any important messages going in and out of the device.
(I can see a simple app - copy and paste gobbledygook from text message into app, enter password, and like mime decode, here's your translation - plain-text which self-destructs in 5 minutes until you rerun the decrypt.)
[ link to this | view in chronology ]
Quiet Lurcker, 20 Jan 2016 @ 2:15pm

While we're at it, why don't we just give a master key to all the congressional offices to some bank to keep in a safe deposit box for anyone with a warrant to make use of.
[ link to this | view in chronology ]
Ninja (profile), 21 Jan 2016 @ 3:15am

you can undermine encryption

Indeed, use unencrypted connections, it's the same as backdoored 'encryption'.
[ link to this | view in chronology ]
- Almost Anonymous (profile), 21 Jan 2016 @ 8:43am
  
  Re:
  Yep, came here to say the same. I disagree with the statement "you can undermine encryption", because once it is undermined, it is no longer encryption.
  [ link to this | view in chronology ]
  - nasch (profile), 21 Jan 2016 @ 9:26am
    
    Re: Re:
    I disagree with the statement "you can undermine encryption", because once it is undermined, it is no longer encryption.
    
    Ugh, we already had that argument a couple of months ago...
    [ link to this | view in chronology ]
Anonymous Coward, 21 Jan 2016 @ 4:47am

I am paying you for this? I don't think so, You're Fired!
[ link to this | view in chronology ]