US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption
from the bangs-head-on-desk dept
Is it really that hard to expect officials representing law enforcement to understand basic concepts? Earlier this week, University of Michigan hosted a debate on the whole "going dark/encryption" fight with the EFF's Nate Cardozo (disclaimer: he has represented us on certain legal issues) and US Attorney for the Eastern District of Michigan Barbara McQuade. While the event was filmed and livestreamed, as I type this, they don't appear to have posted a recorded version. However, it appears that Cardozo (not surprisingly) raised a key point that has been raised many times before: a US law against allowing unbroken encryption would have little impact on bad people using encryption, since there are many open source and non-US encryption products worldwide. But McQuade had a response to that... and it was kind of insane:McQuade: "I think it would be reasonable to ban the import of open-source encryption software" #UMichTalks
— David Adrian (@davidcadrian) April 12, 2016
First off, the Open Technology Institute released a paper late last year showing that there was a ton of both open source and foreign encryption products that weren't subject to US regulations. Another paper, released earlier this year by the Berkman Center and written by Bruce Schneier (along with Kathleen Seidel and Saranya Vijayakumar), found that there were 865 encryption products from 55 different countries on the market when they wrote the paper (it could be more by now), with 546 of those from outside the US. In other words, there are a lot of these kinds of products. So, at the very least, they'd be used by people outside of the US.
But, more to the point, a ban on importing them? We already had that legal fight, though back then it was on the question of exporting encryption. In Bernstein v. the US Department of Justice, the government sought to block Daniel Bernstein from publishing his algorithm for his Snuffle encryption system, saying it violated export laws related to exporting weapons. Eventually, the 9th Circuit ruled that software source code was speech protected by the First Amendment and any regulations preventing publication would be unconstitutional.
So, for McQuade's "simple" solution to take hold, we'd have to first ignore the First Amendment and a ruling directly on point to the issue she thinks is an easy solution. To be clear, the court's ruling stated:
In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. If the government required that mathematicians obtain a prepublication license prior to publishing material that included mathematical equations, we have no doubt that such a regime would be subject to scrutiny as a prior restraint. The availability of alternate means of expression, moreover, does not diminish the censorial power of such a restraint-that Adam Smith wrote Wealth of Nations without resorting to equations or graphs surely would not justify governmental prepublication review of economics literature that contain these modes of expression.While it's true this technically only applies in the 9th Circuit (and McQuade's district is outside of that circuit), it's not like there's a competing ruling in another district and the ruling here would be a difficult one to overcome.
Second, even if she could get past it, it would be pointless and useless. At least in the Bernstein case, the argument would be to try to block an American citizen from publishing the content -- an "export" ban. An "import" ban would be an order of magnitude more futile, because anyone outside the US publishing such open source code would not be covered by US regulations, so they couldn't be blocked from doing anything by a US court. So then any "import" ban would come down to someone being forced to magically comb the entire global internet and make sure no one from the US could ever see or find that code -- which, of course, would bring us right back to questions of prior restraint and the First Amendment.
There may be reasonable arguments to be made about encryption and its impact on law enforcement, but if the argument includes such inane ideas as banning the import of strong encryption, it's difficult to take the speaker seriously, or to conclude that they have any useful or competent knowledge on the subject at all.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: banning encryption, barbara mcquade, encryption, free speech, going dark, import ban, open source encryption
Reader Comments
The First Word
“Actually, an import ban wouldn't be *that* difficult to enforce.
All you would need to do is sever all communications with the rest of the world, prevent anyone from entering or leaving the US (or at least, entering - if they want to leave they obviously don't deserve to return) and cease all trade of any kind. It wouldn't only prevent the import of encryption software, it would also go a long way to shutting Bernie up... And just think of the fugitives who would no longer be able to evade justice (well, the law or what passes for it in enforcement and prosecution minds...). A law and order utopia!Subscribe: RSS
View by: Time | Thread
Not for lack of trying. See DVDfab and Slyfox.
[ link to this | view in chronology ]
At least...
Now it's just... a race to the bottom of who can get to have what when we say they can. Apparently with complete support of "The People" too!
[ link to this | view in chronology ]
if this goes anywhere...
"What encrypted messages are you talking about? I'm just posting Fistogram pictures of my lunch!"
[ link to this | view in chronology ]
Re: if this goes anywhere...
This is all part of the "Logic of Surveillance"
[ link to this | view in chronology ]
Re: Re: if this goes anywhere...
They have yet to prevent themselves from being hacked.
Plus they have to stop using 1234 as passwords.
[ link to this | view in chronology ]
Re: Re: Re: if this goes anywhere...
[ link to this | view in chronology ]
Re: Re: Re: Re: if this goes anywhere...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
That's because they're not very good at it and they resent those who are.
[ link to this | view in chronology ]
Re: Re: Re:
Law = Rights * 0
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Brilliant! We could solve all kinds of problems just by banning them.
Chinese air pollution? Banned.
Rising sea-level? Banned.
Poor folks? Banned.
Illegal Drugs? Double banned!
Morons in positions of authority? Whoops, never-mind that one.
[ link to this | view in chronology ]
Re: Re:
The Tau Manifesto
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
At last. A Plausible explanation for Common Core Math. Who new the US Government was capable of a long game?
[ link to this | view in chronology ]
Re: Re:
boy it'd be nice if we could edit comments :)
[ link to this | view in chronology ]
US Attorney Barbara L. McQuade
[ link to this | view in chronology ]
Re: US Attorney Barbara L. McQuade
I nominate this as hiring the next Dingo as your Babysitter!
Get on it John Oliver!
[ link to this | view in chronology ]
Re: Re: US Attorney Barbara L. McQuade
[ link to this | view in chronology ]
At least king Canute knew what he was doing when he told the wave to halt.
[ link to this | view in chronology ]
Playing Devil's Advocate by channeling John Yoo...
[ link to this | view in chronology ]
Re: Playing Devil's Advocate by channeling John Yoo...
Expanding the quote-in-blockquote above which contains ellipses—
Martin v City of Struthers (1943) (Footnote and citation omitted.)
[ link to this | view in chronology ]
Re: Re: Playing Devil's Advocate by channeling John Yoo...
[ link to this | view in chronology ]
Re: Playing Devil's Advocate by channeling John Yoo...
[ link to this | view in chronology ]
I watched this ego transformation in my sister who obtained a JD at Yale in her mid 30's -- presumably old enough to have a relatively stable personality. I also saw it occur in individuals who went straight to law school after their BA.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Here is how I see it could play out.
1) Make any encryption w/o a backdoor for LE illegal.
2) Have Apple/Google/MS/Etc... refuse to sign any applications that contain illegal content (which is in place today).
3) Make creation/possession of non-compliant encryption tools a crime.
4) Next step would be work closely between companies and govt. to monitor for devices out of compliance (jailbreak phones are now really incriminating). Jailbreak a phone, get put on the no-fly list.
The part that slays me about this debate is our lead in technology and the jobs/GDP it creates is staggering and right where we need to be to have a successful century as a nation. For anyone to be saying that we need to gut that business by backdooring everything for all international sales is just short sighted as hell.
The reality is the meta-data plus zero day exploits should be plenty for LE in the foreseeable future to find and convict evil-doers.
[ link to this | view in chronology ]
Re: Re:
Wikipedia background on United States of America v. Progressive, Inc., Erwin Knoll, Samuel Day, Jr., and Howard Morland (W.D. Wis. 1979) (Footnotes omitted.)
[ link to this | view in chronology ]
Re: Re:
It's not only OK, you can easily find those detailed equations not only on the internet, but in any reasonably comprehensive public library.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Click if you dare.
[ link to this | view in chronology ]
Googling the physics of nuclear technology will get you put onto a watch list
The problem studying nuclear technology is not so much the watch list, but the problem that someone who may be interested in making bombs could be studying what you study.
As someone else wrote, everything needed is on the internet. Besides which, it is not very interesting to study how to make nuclear bombs. It is MUCH more interesting to study, how we, by changes in the way we humans deal with each other, can change the world such that it does not need nuclear bombs.
A nuclear bomb basically has very few problems to solve, and anyone can find all those on the internet too.
However, making a nuclear bomb will not assist solving any of mankind's problems, which basically are of the nature of reducing our greed, and selfishness.
Those who made nuclear weapon and the few who used them, have not solved any problems with those bombs...
We have so many warheads, world wide, so we can blast the entire globe into an inferno of fire.
Besides which, I would never think that anyone are so petty (or stupid), that they cannot see / look right through what you are doing in very few days..
Some of the problems making a nuclear bomb are not related to the architecture, but to the fact that one needs some very pure Uranium 235 or 238.
The very handling of this Uranium is very very difficult....
What is your take?
[ link to this | view in chronology ]
Re: Googling the physics of nuclear technology will get you put onto a watch list
Hey that's an idea, let's detonate the entire worldwide nuclear arsenal and permanently solve the sea-level rise problem.
[ link to this | view in chronology ]
Re: Re: Re: Re:
If you are not blindly loyal you might be a threat.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Actually, an import ban wouldn't be *that* difficult to enforce.
[ link to this | view in chronology ]
Re: Actually, an import ban wouldn't be *that* difficult to enforce.
[ link to this | view in chronology ]
Re: Actually, an import ban wouldn't be *that* difficult to enforce.
It's enough. I find I agree with Trump here: secure all borders, don't let the lunatics out, and route the Internet around the U.S. so that the NSA can use their facilities on the U.S. to their heart's content.
This country had a good run with regard to liberty and decency, but if one wants to preserve the memory of that, one will do better never to hear from it again.
[ link to this | view in chronology ]
Re: Re: Actually, an import ban wouldn't be *that* difficult to enforce.
[ link to this | view in chronology ]
Utopia, is it?
[ link to this | view in chronology ]
No Problem
Just say the magic words: NATIONAL SECURITY. Poof! No problem. Nothing in The Constitution can withstand that!
[ link to this | view in chronology ]
Fascists are "all in"
you have not been paying attention.
For decades.
It is all about attacking FLOSS.
If all software is super-duper secret,
then all backdoors will exist for the
fascists.
[ link to this | view in chronology ]
What If Encryption Does Equal Weapons
[ link to this | view in chronology ]
Re: What If Encryption Does Equal Weapons
Police can arrest you for anything and fuck your life over and you do not even need to go to court or be convicted by judge or jury for that to happen.
[ link to this | view in chronology ]
Re: Re: What If Encryption Does Equal Weapons
I personally believe as long as there is a second amendment the 3rd world police state those in charge seem to desire for America's future will not come to pass.
[ link to this | view in chronology ]
You sir have discovered the whole purpose of the bill. To give the government justification for snooping on all in ternet traffic.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Hmm.
[ link to this | view in chronology ]
Re: Hmm.
But that raises a really good point. If you can't import encryption, how are people in the US supposed to read the encrypted files sent to them by non-USians?
Linux distributions use GPG (currently maintained in Europe) to manage and validate packages. This means that if importing was banned, any Linux distro based on Debian (such as Ubuntu) and even RedHat (CentOS) would effectively be banned in the US.
[ link to this | view in chronology ]
Re: Re: Hmm.
Simples. Ms McQuade thinks open-source software is the problem. Import closed-source software and everything will be fine.
ps If you want to receive anything from non-USians, you are automatically suspect and watchlists exist just for such un-American traitors. So there's that.
[ link to this | view in chronology ]
Re: Hmm. Cats napping or "engrypted griminal dingz"
The place where I stand is very simple: If I can produce a ciphertext which can be read in the other intended end, then whether or not the algorithm is in public or not, it works.
If I was a codebreaker, and I received a picture of a beautiful meadow, and the lowest bit of every 30th blue colour code was a bit of a message, and the message was on top of that encrypted with a non published, hard encryption, leaving a stronger randomness of the cipher code than even Fips-140 ii, ha ha ha ha, I would know that there is nothing I could do.
Besides which, I would need to even know, that the picture has been steganografed... There are means for finding out, however, if the message is short, and the picture is big, then surely, even detecting that the picture is steganographed is not only uphill, its impossible.
What worse is, if bits are straddled / striped, it may be possible to detect that its steganographed, but now the worst part is, that it is not possible, reversely, to detect if an 8 bit shade, 0xf4 of blue is actually part of the cipher or not part of the cipher.
Thereby, gentlemen and ladies, I have by use of one, single example, proven, that the fear of NSA, FBI, CIA that they may come across (lots of) encryption which they can not break is true.
Furthermore, if these same good agencies want to still be funded, they need then to realize that fact.
Further, they would need to use same methods themselves, which brings them at par with the criminals where communication is concerned.
Furthermore, these good agencies, will then devise new (or old) methods to intercept the criminal communication. And they would - as it was in the old days - need permission, and never seek it - and do their job, and the universe would now be able to continue unfolding as universes are supposed to unfold.
And in that reality scenario, no, one would not know if an encrypted file would contain cats napping, or cats napping plus plus :-)
My 1 Dollar (decrypted)
[ link to this | view in chronology ]
Turning the USA into a global market
When did these folks get out of there Gold and Glass houses..LAST..
Were these folks all born and raised, and STILL living in the Florida everglades??
Can someone ask these folks to come DOWN off their HIGH mountain, and learn the language??
Please open the WINDOWS and get some fresh air into their heads...That helium is getting abit THICK..
Encryption/data compression is in Every Facet, of our lives.. From your CD/DVD/BR to Phones, data communications, Drones, DRM, computer programs, Car computers....
This is like having a police force that only speaks Turkish, and everyone has to change How they speak, because they cant understand it..we need SMARTER COPS..
[ link to this | view in chronology ]
Re: Turning the USA into a global market
[ link to this | view in chronology ]
Re: Re: Turning the USA into a global market
That also explains politicians.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Encryption for some, miniature American flags for others.
* Those whose antisocial, individual and greedy corporate choices impede policing of drug-crime, pedophilia, terrorism, serial murder, etc.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Well in that case every country in the world should ban the import of all US open-source encryption software on the basis that the software could have a (hidden) backdoor in it that was put in place by the likes of the FBI/NSA or other US agency that does spying!
[ link to this | view in chronology ]
Banning Open Source Encryption, haaaaaa ha ha ha ha
BANNING OPEN SOURCE ENCRYPTION.
Haaaaa ha ha ha ha ha ah ha ha aaaaaahhh.
First of all - ha ha - you have to find out if the ban should deal with IMPORT or EXPORT of open source.
EITHER of these options would mean that the believers in this, believes that the OPEN SOURCE ENCRYPTION is located EITHER on the INSIDE of the USA or on the OUTSIDE of the USA.
Also, depending on where it is, one want encryption banned, one must also assume that there are nobody on the "affected" side with the desired "deficiency" of encryption, who has the brain to encrypt.
Oh haaaaaa ha ha ha ha ha ha...
LONG was Professor Oommens face (from Canada), when he had created the worlds best encryption algorithm, and he spent thousands of dollars getting export permission for it, ha ha ha ha, then I pointed out, that he had de facto (ipso facto even) exported it.
Oommen felt very offended, and even pushed his stupid lawyer on me, who threatened me with law-suits etc., for insulting him. (There went that friendship)...
However, he exported it, as he had patented it. 21 months after patenting - it is being published. So, the world had it, via his patent registration. VOILA.
And, Anonymous Coward, I think we would add to the list of what should be banned, to make it even longer than what the Taliban's banned to make ban of open source encryption workable.
(Are they called Taliban, because of that they have banned Tali - and does Tali mean: "The whole world" ??)
Even before computers, we had such advanced encryption algorithms, so that these were practically unbreakable.
Even the Caesar Cipher was a pretty good transposition cipher, ...
OOOpppps. We forgot - we would also ban mathematics in schools, and ban political learning. Ban the idea that something is right or wrong. (We are slowly descending to Maoist China in the 1920's)...
And if now someone by mistake should begin to utter words which could direct someone to think that we need something which can disguise communication, then decapitate them...
We have now joined Stalin Russia ...
Finally we need to have a thought police, which can do early identification of wrong thoughts and deviating thinking, and eliminate those. This is now a mix of George Orwells 1984, Stasi and a communist implementation we saw in the 1970's in Denmark, called "Tvind Skolen" - the school named Tvind.
Hilarious. Simly Hilarious. Not that I don't like Hilary or want him involved...
Today I have laughed :-)
My 1 Dollar
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Still imcomplete....
Actually whole-disc encryption has been readily available for about 22 years now (that's Windows 3.0 era).
SFS (Secure File System) for Win 3.0,3.1 3.11wfw, and DOS. Written in New Zealand.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
drug war
[ link to this | view in chronology ]
Re: drug war
Even more money to made/wasted by law enforcement than in the drug war? No wonder they want it.
[ link to this | view in chronology ]
While you can argue that open source is the ability to examine the code, how many of you can actually do that yourself without depending on someone else's expert opinion? Even here can you guarantee the compiler engine has not been already broken or some backdoor method put in it to take a look? Not to mention the problem that was exposed with the random number generator being anything but random thanks to the NSA, it's money, and influence.
[ link to this | view in chronology ]
Re:
I do.
But crypto is a bit unique in that you can look at compromised crypto code all day long and not be able to see the compromise. Back doors are rarely explicitly coded, but usually take the form of a slight weakness introduced into the computations to make later cracking easier.
Those computations are arcane and VERY easy to get wrong without noticing. Especially by people who are not experts in the mathematics of cryptography.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
In other news...
Mr. Sean Thomas Upid Esq. of the DOJ explained that this will make the American people safe and the US great again since this will stop all terrorists entering the country.
Mr. Trump welcomed the news and commented that all the murderers and rapist wouldn't be able to cross the border either now so there wouldn't be a need for a wall any longer.
[ link to this | view in chronology ]
Re: In other news...
[ link to this | view in chronology ]
encrypion
[ link to this | view in chronology ]
Just like the old days
Don't these people ever realize that censorship - of anything - just never works. It just makes people more curious than ever.
People who don't give encryption a second thought will then give it a third and a fourth. They'll probably use it for the thrill.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
There is only one endgame
[ link to this | view in chronology ]
It would be just as effective.
[ link to this | view in chronology ]
McQuade: "I think it would be reasonable to ban the import of open-source encryption software"
[ link to this | view in chronology ]
http://safecomputing.umich.edu/events/dissonance-series/
[ link to this | view in chronology ]
PRIVACY ANNIHILATED
[ link to this | view in chronology ]
[ link to this | view in chronology ]