Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill

from the learn-something-people dept

Senators Richard Burr and Dianne Feinstein are not giving up that quickly on their ridiculous and technically ignorant plan to outlaw real encryption. The two have now penned an op-ed in the WSJ that lays out all the same talking points they've laid out before, without adding anything new. Instead, it just continues to make statements that show how incredibly ignorant they are. The piece is called Encryption Without Tears (and may be paywalled, though by now everyone knows how to get around that), which already doesn't make any sense. What they're pushing for is ending basic encryption, which will lead to many, many tears.

It starts out with their standard ridiculous line, pretending that because a company builds end-to-end encryption, it's acting "above the law."
In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data. But technological innovation must not mean placing individuals or companies above the law.
People have gone over this time and time again: this is not about anyone being "above the law." It's about whether or not companies can be forced to directly undermine the safety and security of their products (and the public). A paper shredder can destroy evidence. A paper shredder maker is not "above the law" when it decides not to build a system for piecing back together the shreds.

And speaking of "above the law" I still don't see Feinstein or Burr commenting on the FBI/DOJ announcing that it will ignore a court order to reveal how it hacked into computers over Tor. That is being above the law. That involves a situation where a court has asked for information that the FBI absolutely has. The FBI is just saying "nope." If Burr and Feinstein are really worried about being "above the law," shouldn't they worry about this situation?
Over the past year the two of us have explored the challenges associated with criminal and terrorist use of encrypted communications. Two examples illustrate why the status quo is unacceptable.
I love this. They give two examples that have been rolled out a bunch in the last few weeks. The attack in Garland, Texas, where the attackers supposedly exchanged some messages with potential ISIS people, and the case of Brittney Mills, who was tragically murdered, and whose case hasn't been solved. Mills had her smartphone, but no one can get into it. Of course, it took nearly two years of fretting before law enforcement could dig up these two cases, and neither make a very strong argument for why we need to undermine all encryption.

It's a simple fact that law enforcement never gets to have all of the evidence. In many, many, many criminal scenarios, that's just the reality. People destroy evidence, or law enforcement doesn't find it or law enforcement just doesn't understand it. That's not the end of the world. This is why we have police detectives, who are supposed to piece together whatever evidence they do have and build a picture for a case. Burr and Feinstein are acting like in the past, law enforcement immediately was handed all evidence. That's never been the way it works. Yes, law enforcement doesn't get access to some information. That's how it works.

You don't go and undermine the very basis of computer security just because law enforcement can't find a few pieces of evidence.
Our draft bill wouldn’t impose a one-size-fits-all solution on all covered entities, which include device manufacturers, software developers and electronic-communications services. The proposal doesn’t define the technological solutions or tell businesses how to solve the problem.
This is also misleading. The bill requires an end to real encryption. That's it. Real encryption means that only one person has the key. This is what Burr and Feinstein don't seem to get. They seem to think it's trivial to leave a key with Apple or whoever. But as basically every crypto expert has explained, it is not. Doing so creates a vulnerability... and worse, it's a vulnerability that cannot be patched. That's hellishly dangerous. Sure, the bill doesn't tell them exactly how to do this, but it does make it clear: you cannot offer real encryption, you can only offer something that can be hacked. That's a problem.
We want to provide businesses with full discretion to decide how best to design and build systems that maintain data security while at the same time complying with court orders.
We want to provide businesses with full discretion to decide how best to travel back in time, in order to prevent crimes.

Seriously: this is basically the same thing that Burr and Feinstein are saying here. They're asking for something that's impossible, and acting like it's a routine suggestion. If they need to comply with these All Writs Act style orders, they cannot build systems that maintain data security. That's a fact. It's mind-boggling that Burr and Feinstein still can't understand this.
Critics in the industry suggest that providing access to encrypted data will weaken their systems. But these same companies, for business purposes, already maintain and have access to vast amounts of encrypted personal information, such as credit-card numbers, bank-account information and purchase histories.
Argh. This paragraph shows that whatever poor staffer Burr and Feinstein assigned to write this drivel doesn't understand even the first thing about what he or she is talking about. Storing encrypted passwords, credit card info, bank account info, etc. is a totally different thing. Those are encrypted to keep them safe, and part of the reason they're encrypted is so that even those companies cannot reveal them. This point is making the opposite point of what Burr and Feinstein think. Companies encrypt passwords and credit card info and the like so that they're not storing the plaintext info, and there's no easy way for anyone to get that info. This protects user data, and the companies cannot actually provide the plaintext. They're comparing hashes. That's what keeps it safe.

If we received a court order demanding our users' passwords, we couldn't provide them. Because they're encrypted. We don't know our users' passwords and can't give them to you. When someone logs in to our website, we can compare a hash of their password to our hashed version and then if they match, we let them in. But we don't know what their password is. So this is a terrible example that actually goes against what Burr and Feinstein are saying. Those encrypted stores of information would be illegal under this bill!
We are not asking companies to provide law enforcement with unfettered access to encrypted data. We aren’t even asking companies to tell the government how they gain access to this encrypted data. All we are doing is asking companies to find a way to keep their data secure while also cooperating with law enforcement in terrorism and criminal investigations.
Again, that last line is impossible. They're asking the impossible -- and in the process, making everyone less safe. The only way to provide such info to law enforcement is to no longer keep the data truly secure. And the big concern is not unfettered access for law enforcement, but rather whatever this backdoor means for those with malicious intent, who will be very, very, very focused on finding these vulnerabilities and exploiting them.
President Obama said earlier this year, “You cannot take an absolutist view on this.” We agree—and believe that strong data security and compliance with the justice system don’t have to be mutually exclusive.
Because you don't know what you're talking about.
American technology companies have done some amazing things that are the envy of the world. We think that finding a way to achieve both goals simultaneously is not beyond their capabilities.
So, in the end, despite basically every cryptography expert telling them this is impossible, Burr and Feinstein come back with "NERD HARDER, NERDS!"
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: above the law, dianne feinstein, doj, encryption, fbi, going dark, richard burr
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Mason Wheeler (profile), 29 Apr 2016 @ 10:45am

    Hashing is not encryption

    Just a minor nitpick: a hash is not encryption, by definition. Encryption is something that can be decrypted back to the original plaintext if you have the key. With a hash, there is no key and no way to restore the original plaintext--which is why you use hashing, rather than encryption, to store passwords.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 29 Apr 2016 @ 10:48am

    If people are allowed to meet in private and hold conversations that are not recorded, they should also be allowed to use strong encryption. There is little difference between the two as far as the investigation of crime is concerned, except that with encryption a record of who is talking to who is available.
    Banning strong encryption is the same as banning private conversations.

    link to this | view in thread ]

  3. icon
    Ryunosuke (profile), 29 Apr 2016 @ 11:02am

    If we received a court order demanding our users' passwords, we couldn't provide them. Because they're encrypted.


    This is the VERY same reason MMO's/other services say regularly "If you receive an email requesting your password for verification, it is a scam" that hits every so often/regularly, it's BECAUSE they CANNOT verify it themselves, and this has been going on since the mid-90's.

    so... ya... those who drafted and wrote this up have absolutely NO idea how the internet works.

    link to this | view in thread ]

  4. icon
    That One Guy (profile), 29 Apr 2016 @ 11:06am

    Re:

    And walls, curtains, locations which are not wired up for recording, speaking in code or even just in languages that the listener isn't familiar with...

    The specific that they are throwing fits about at the moment is encryption, but the general idea that they are so opposed to seems to be privacy itself, the idea that someone may say or write or receive something and that information might not available for those in authority to listen to or read.

    link to this | view in thread ]

  5. icon
    Ninja (profile), 29 Apr 2016 @ 11:16am

    So, in the end, despite basically every cryptography expert telling them this is impossible, Burr and Feinstein come back with "NERD HARDER, NERDS!"

    Nerds reply: make a waterfall flow in reverse and we will try. Without consulting Shiryu. Or Poseidon.

    link to this | view in thread ]

  6. icon
    DannyB (profile), 29 Apr 2016 @ 11:26am

    Re: Yes it is (in their view)

    If you ROT13 something so that the government cannot read it, then it is encryption.

    If you don't provide them with a 'key' to un-ROT13 the encrypted data, then they can throw you in jail until you do.

    link to this | view in thread ]

  7. icon
    Blaine (profile), 29 Apr 2016 @ 11:27am

    POLITICIAN HARDER POLITICIANS!

    Do your own job first.

    For example, balance the country's budget in a way that makes everyone happy.

    I'm sure if you all just politician the hell out of it, you can do it.

    Get that done then come talk to us about the stuff you don't understand.

    link to this | view in thread ]

  8. identicon
    Marilyn Savant, 29 Apr 2016 @ 11:27am

    The stupidity

    ....it hurts!

    link to this | view in thread ]

  9. icon
    Bergman (profile), 29 Apr 2016 @ 11:27am

    Re: Hashing is not encryption

    The hash is made with encryption and the person doing it isn't given a key, but it IS still encrypted data.

    I've never heard of 'generates and saves key' to be a required step for something to be encrypted. You apparently have though -- where did you hear it?

    link to this | view in thread ]

  10. icon
    DannyB (profile), 29 Apr 2016 @ 11:29am

    Re:

    > If people are allowed to meet in private and hold conversations that are not recorded . . . .

    OMG! You just revealed a huge problem that could prevent the FBI from being able to prosecute crimes discussed in private! Think of the children!

    The bill must be immediately improved to correct this oversight.

    Thank you!

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 29 Apr 2016 @ 11:30am

    So it they do get it to pass, what would happen first? Would the tech industry leave the US? Would hackers find an easier way to ruin peoples' lives? Would Burr and Feinstein's bank accounts be drained and find themselves on the no fly lists or worse by 4chan or Anonymous?

    link to this | view in thread ]

  12. icon
    DannyB (profile), 29 Apr 2016 @ 11:30am

    Banks are a big user of encryption

    How will this affect banking?

    link to this | view in thread ]

  13. icon
    Dave Cortright (profile), 29 Apr 2016 @ 11:31am

    Might as well apply this template to other areas too

    Doctors are not above the law. When a witness dies, valuable information is irretrievably lost. So we propose a bill that requires doctors to comply with court orders to bring these witnesses back from the dead so they can be questioned. We aren't mandating how this is accomplished, only that they comply with our demands.

    link to this | view in thread ]

  14. icon
    jilocasin (profile), 29 Apr 2016 @ 11:34am

    Quantum encryption will save them.

    While it's true that classical encryption won't let them have a system that's both completely secure and allows law enforcement to get at the unencrypted contents, there is such a system:
    Quantum Encryption

    Just like Schrödinger's cat, the data will be both encrypted and plaintext at the same time.

    If presented with the owner's key or law enforcement's warrant the quantum encryption wave function will collapse into plaintext. For everyone else (especially the bad guys) the wave function will collapse into a state of encrypted data.

    So, Senators Richard Burr and Dianne Feinstein are right. As soon as we get our brightest minds to develop this special blend of mathematics, quantum physics, and computer science everyone will be both safe and private.



    [ /sarc ]

    link to this | view in thread ]

  15. icon
    Bergman (profile), 29 Apr 2016 @ 11:34am

    Criminal Court Evidence Standards

    "This is why we have police detectives, who are supposed to piece together whatever evidence they do have and build a picture for a case. Burr and Feinstein are acting like in the past, law enforcement immediately was handed all evidence. That's never been the way it works."

    This is one reason why courts operate on the evidence standard of 'beyond a reasonable doubt' -- prosecutors CANNOT prove guilt to the 'without doubt' standard because they've never had that amount of proof before.

    And yet, they have rarely had problems convicting people, even when those people were later exonerated of the charges.

    If the government requires that they be allowed to know all of the information, we the people must require that they must present evidence beyond any doubt to get a conviction in court -- after all, in the current privacy-rich environment, any competent prosecutor can get a grand jury to indict a ham sandwich. What will they be able to do when privacy no longer exists?

    When they are able to meet the goal of 'beyond any doubt' evidence due to how much information they are able to gather on anyone they choose, then if the person is truly guilty, they really ought to be able to do it in order to convict that person.

    link to this | view in thread ]

  16. icon
    Mason Wheeler (profile), 29 Apr 2016 @ 11:36am

    Re: Re: Hashing is not encryption

    No, it's not encrypted data. The essential characteristic of encrypted data is that it can be decrypted. Hashed data can't be un-hashed back to the original data, because it throws away information.

    As for where I heard it, it's common knowledge among people who work in this area. Simply Googling "difference between hashing and encryption" turns up plenty of useful references.

    link to this | view in thread ]

  17. icon
    Uriel-238 (profile), 29 Apr 2016 @ 11:38am

    Re: The stupidity

    Considering this optimistically, Burr and Feinstein have just revealed their own technological incompetence, trying to insist on using logic that is eye-rollingly archaic, cliche and long debunked.

    Hopefully it will soon go the way of Evolution is only a theory.

    The anti-nerd sentiment within our civic sectors is conspicuous, though I don't know if that's from 70s era academy culture or more general anti-intellectualism, which reoccurs whenever political discourse within a society gets too demagogy-esque. (e.g. Genocide more scapegoat minorities!) People don't like the more deliberate folk going Um...that doesn't sound like a very good idea.

    Really they just want us brainy types to shut up and make them some better, faster, boomier nukes so they can blow each other to kingdom come.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 29 Apr 2016 @ 11:40am

    When you're dealing with _discrete_ mathematics, not being absolute is ... not just being wrong, it's being wrong in the most ostentatious way.

    If you don't want absolutes, then go play with differential calculus. _That's_ the kind of math that deals with fuzzy things.

    Of course, we could always be stupidly wrong in the most ostentatious way about both sides of math--just add a rider to define "pi" equal to "4".

    link to this | view in thread ]

  19. icon
    Uriel-238 (profile), 29 Apr 2016 @ 11:42am

    Re: Banks are a big user of encryption

    You think too small.

    All business require encryption for their accountancy, not just banks. Then there's company data and company secrets all of which can be problematic in the hands of rivals.

    Your local corner store needs encryption for money management. Anything bigger needs a lot of encryption for data security.

    link to this | view in thread ]

  20. icon
    Uriel-238 (profile), 29 Apr 2016 @ 11:47am

    We can save the step.

    And create a quantum encryption that only encrypts non-criminal data.

    Criminal data is left in plaintext for all to see.

    So if it's encrypted you know it's legal.

    Oh and in the meantime, we should make bullets that only kill bad people.

    link to this | view in thread ]

  21. icon
    John Fenderson (profile), 29 Apr 2016 @ 11:55am

    Re:

    The tech industry wouldn't leave the US, but the crypto industry would. The end result is that we'll return to the situation the US was in before the last crypto wars: cutting edge crypto will not be done in the US, except in the underground communities.

    link to this | view in thread ]

  22. icon
    SteveMB (profile), 29 Apr 2016 @ 12:03pm

    Critics in the industry suggest that providing access to encrypted data will weaken their systems. But these same companies, for business purposes, already maintain and have access to vast amounts of encrypted personal information, such as credit-card numbers, bank-account information and purchase histories.

    This "people let Google have personal information, so it's okay for the government to get people's personal information" argument is not only idiotic, it is offensive. It is precisely equivalent to "that stuck-up bitch has no business complaining that I pinched her butt when she goes out in public dressed like that".

    link to this | view in thread ]

  23. icon
    SteveMB (profile), 29 Apr 2016 @ 12:05pm

    If we received a court order demanding our users' passwords, we couldn't provide them.


    Well, that wouldn't be a problem any more, since Burr-Feinstein would prohibit hashes, lossy compression, etc.

    link to this | view in thread ]

  24. icon
    383bigblock (profile), 29 Apr 2016 @ 12:30pm

    Let's get started

    I'm actually in the tech industry and find the claims and merits miss Feinstein has put out to be worthwhile and should definitely get traction in Congress.

    I believe we should first start with the Banking industry. I can't think of a better place to start implementing a mandatory back door to encryption. We all know terrorists and pedofiles need and use money. That's a no-brainer we should move on the financial districts immediately.

    Also, I want the encryption key to Feinsteins phone because I'm sure that bitch has nothing to hide, no back room deals or quid pro quo relationships in play.

    link to this | view in thread ]

  25. icon
    Ninja (profile), 29 Apr 2016 @ 12:32pm

    Re: Re:

    Simple, from now on, the King declares that everybody must carry always on recording devices on them and upload the contents to the kingdom servers. Failure to do so will result in summary execution.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 29 Apr 2016 @ 12:36pm

    They just need to ask The Expert to do this.

    https://www.youtube.com/watch?v=BKorP55Aqvg

    link to this | view in thread ]

  27. icon
    Ninja (profile), 29 Apr 2016 @ 12:49pm

    Re: We can save the step.

    Magic!

    As God Himself said: there will be miracles if you believe! You can also wish upon a star. Guaranteed.

    Or was it Disney?

    link to this | view in thread ]

  28. icon
    That One Guy (profile), 29 Apr 2016 @ 12:53pm

    Re: POLITICIAN HARDER POLITICIANS!

    On the one hand, 'Politician harder, you could balance the country's budget if you actually wanted to and tried' would make for a fitting rebuttal, on the other hand I'm not sure if anyone could keep a straight face saying the other half, the 'American politicians have done some amazing things that are the envy of the world' bit.

    link to this | view in thread ]

  29. icon
    That One Guy (profile), 29 Apr 2016 @ 12:57pm

    "Now I'm not an expert, or even have any knowledge in the field but..."

    American technology companies have done some amazing things that are the envy of the world. We think that finding a way to achieve both goals simultaneously is not beyond their capabilities.

    'Meanwhile Burr and Feinstien were heard insisting that mathematicians can make two plus two equal five if they just tried harder, doctors could make people immortal if they just put their backs into it, and architects could make gravity defying housing if they just cared enough to attempt to do so.

    Experts in the fields listed were unavailable for comment, having face-palmed so hard as to knock themselves unconscious, with the mathematician suffering a broken nose.'

    link to this | view in thread ]

  30. identicon
    Whoever, 29 Apr 2016 @ 1:23pm

    Unicorns and perpetual motion machines

    The proposal doesn’t define the technological solutions or tell businesses how to solve the problem.


    FTFY: "The proposal doesn't define how to conjure up a unicorn or tell business how to make a perpetual motion machine"

    link to this | view in thread ]

  31. icon
    freedomfan (profile), 29 Apr 2016 @ 1:34pm

    Feinstein and Burr embarrass themselves with proposals like this. "We want strong security, but with an on-demand backdoor. We generously won't specify how it has to be done." Because it can't be done, you idiots!

    It's hard to determine where their arrogance stops and their ignorance begins. Though, I suppose, the mistake is in thinking there are boundaries to either...

    BTW, since any propose law will punish failure to provide the backdoor but not punish insufficiently strong security, you can guess where the compromises will come, if this nightmare passes.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 29 Apr 2016 @ 1:36pm

    One of the major unspoken issues here is that especially Feinstein believes she is above the law. The very charge she levels at industries trying to keep customer's faith in their products and services so they will buy them.

    This was demonstrated when she was pushing to make drones a legal way to spy on the public. One protest group flew a drone to the window of her personal residence. Suddenly she could get to the news fast enough to protest her personal privacy being invaded. Good for the peons but not good for the overlords was the basic theme.

    Another came up with the issue of Congress critters themselves being subject to having their phone calls monitored and I strongly suspect this was the driving reason behind why the House passed the newest email protection bill is to prevent these same security agencies from having a carte blanc to spying without any checks whatever on who they do it to without a warrant. It just so happened in the process of preventing the spying on their own personal uses that the public benefited.

    On the whole each and every time this sort of thing is attempted to be justified it is because they are attempting to throw the Constitution out the window and want a convenient way around it.

    Now if Feinstein, Burr, and the rest of the Intelligence Oversight Committee, were actually doing their jobs, I don't think I'd have much trouble with their recommendations. So far it just looks like the usual, which is both parties are corrupt. Face it, spying on the average public has nothing to do with terrorism or even law enforcement. It has everything to do with the fear they've already went too far and want an early warning system in place to catch potential grass roots protesters that can and eventually will object to their methods.

    As it is these spying agencies already have an information overload and can't do the job they are claiming they are to do. It is only after the fact, when they have names, places, and methods of contact that they can find the perpetrators. It's never before, only after the fact. It helped not at all in Boston, nor in Paris, despite both countries being able to spy. Encryption breaking won't help either. The smart ones will just communicate face to face.

    link to this | view in thread ]

  33. icon
    freedomfan (profile), 29 Apr 2016 @ 1:43pm

    BTW, the Senators cluelessness about encryption is clear to many of us here because we have a basic understanding of the topic (or, at least, we are willing to listen to those who do). The terrible thing is that, what we spot here is the tip of the ignorance iceberg. If we were informed about other topic areas that come before legislatures and we watched the proceedings, it would quickly become clear that politicians are often similarly clueless about almost every topic where they propose bills, pontificate, and vote. My background is in engineering and when I listen to most legislators discuss a topic where I actually know what's going on, I get the same sinking feeling I do when hearing these two clowns discuss encryption. I have friends with degrees in economics who almost can't stand to watch congressional testimony on economic issues because the level of misunderstanding on display is so terrible. Same for medical doctors. Etc.

    Of course, it's unreasonable to expect someone, especially a politician, to understand the intricate details of every issue. Nevertheless, we are supposed to trust them to get up to speed on the issues in front of them and to have staff who can provide them with sound advice when the issue is beyond their grasp. But, it's clear they haven't done either. How could these Senators, with the resources at their disposal, have never asked someone competent whether what they are proposing is technologically and practically realistic? Do they just not care?

    Politicians often have a "magic faerie dust" view of the way legislation interacts with the world. They think that writing a law somehow rewrites reality, making the stated intent of the law happen and, if necessary, making the impossible possible. On the flip side of the coin, when some system works well, they assume it must be because good legislation made it happen.

    link to this | view in thread ]

  34. icon
    Richard (profile), 29 Apr 2016 @ 1:51pm

    Re: Re: The stupidity

    Hopefully it will soon go the way of Evolution is only a theory.

    Actually I think it's more like bill #246 of the 1897 sitting of the Indiana General Assembly

    link to this | view in thread ]

  35. icon
    Richard (profile), 29 Apr 2016 @ 2:05pm

    Re:

    I have friends with degrees in economics who almost can't stand to watch congressional testimony on economic issues because the level of misunderstanding on display is so terrible.

    Actually this is the worst one. Politicians only occasionally interact with the other disciplines but they are involved with economics all the time. In fact they are pretty much in charge in the economic sphere in a way that they aren't elsewhere.

    link to this | view in thread ]

  36. icon
    btr1701 (profile), 29 Apr 2016 @ 2:22pm

    Ridiculous

    This bill is worse than useless for many reasons, not the least of which is that it only applies to entities in the US. A software developer in Belize or Madagascar will still be able to write a messaging app without legal restriction or repercussion that offers end-to-end encryption, put it up on the web, and anyone in the US can download it and use it, and boom-- the FBI and the cops are right back to where they started, not being able to decrypt the evidence.

    And just on a more philosophical level, it find it offensive that the government in a supposedly free society is essentially announcing as a matter of fundamental policy that one citizen has no right to communicate with another citizen in any manner that is un-eavesdropable (yes, I made up a word there) by government surveillors.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 29 Apr 2016 @ 3:12pm

    Re: "But technological innovation must not mean placing individuals or companies above the law."

    Because ow dare technology horn in on a congressional franchise.

    link to this | view in thread ]

  38. identicon
    J.R., 29 Apr 2016 @ 3:32pm

    Re: Quantum encryption will save them.

    You forgot the magick pixie-dust.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 29 Apr 2016 @ 4:11pm

    If anyone acts above the law it is the government and their police forces.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 29 Apr 2016 @ 4:15pm

    Re:

    We can only hope that the latter will happen regardless

    link to this | view in thread ]

  41. icon
    Hephaestus (profile), 29 Apr 2016 @ 4:25pm

    Re: We can save the step.

    "Oh and in the meantime, we should make bullets that only kill bad people."

    So, who defines the term "bad people"? what sorts of people would be on the list? Pedophiles, terrorists, and politicians?

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 29 Apr 2016 @ 4:32pm

    They want to make OPM the norm

    21+ million victims and counting, due to lack of encryption and basic security.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 29 Apr 2016 @ 4:52pm

    This is really simple. Criminalize security and only criminals will be secure.

    link to this | view in thread ]

  44. icon
    Uriel-238 (profile), 29 Apr 2016 @ 5:06pm

    You're catching on.

    You can tell bad people because they're the ones that die when you shoot them. Obviously.

    link to this | view in thread ]

  45. icon
    freakanatcha (profile), 29 Apr 2016 @ 5:14pm

    Re: Let's get started

    I would remind people we are talking about the same Congress that apparently has no issue with some wacko buying an assault rifle at gun show then going Rambo in a movie theatre.

    link to this | view in thread ]

  46. icon
    freakanatcha (profile), 29 Apr 2016 @ 5:22pm

    Senators Burr & Feinstein encription liability?

    Question for any lawyer out there: If the govt requires a company to place a backdoor in its product, and the product gets hacked through the backdoor, is the company liable or will the govt have to indemnify the company?

    Also, will the company even be able to get insurance against a hack?

    link to this | view in thread ]

  47. identicon
    Kalean, 29 Apr 2016 @ 5:36pm

    I think the mistake here is assuming they don't know what they're proposing; they just don't care.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 29 Apr 2016 @ 6:31pm

    Re: Might as well apply this template to other areas too

    Doctors are smart. They will figure it out.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 29 Apr 2016 @ 7:07pm

    When will the tech overlords...?

    When will the tech overlords dump a couple of billion to solve this problem. $1.5 to remove Feinstein in CA's 2018 and dump 500 million in NC this year to knock out Burr.

    Support the heck out of these idiots competition and see how they like it.

    link to this | view in thread ]

  50. identicon
    jamiahx, 29 Apr 2016 @ 7:15pm

    ...32 years later...

    Our draft bill wouldn’t impose on a one-size-fits-all solution of 2+2=5 like the government has mandated decades ago. All we are asking is for companies to find a way to keep their systems mathematically consistent while denying terrorists and criminals the ability to add two and two and arrive at four.

    link to this | view in thread ]

  51. icon
    Bergman (profile), 29 Apr 2016 @ 9:06pm

    Re: Banks are a big user of encryption

    It would require that banks -- or more likely, the company they buy their security systems from -- to have a well known security flaw in their systems that completely bypasses all security measures.

    The hardest part of building absolutely anything is knowing if it is possible or not. Building a hacking tool to break through security you know nothing about, not even whether it has any exploitable weaknesses, is really damned hard outside of a Hollywood action movie -- hard enough to be a daunting task even for the NSA. But if you know a flaw exists? It WILL be found, and probably not by the good guys (assuming government == good guys, they wouldn't even go looking, they already have a key).

    For such a key to be useful, it would need to be a master key -- unlocking not just one lock, but all the locks the company makes. So once the bad guys crack into the system, it's game over for everyone using that system.

    Last time I checked, the federal government didn't make its own encryption that it uses for national security purposes in house that often -- this bill, as written, would mandate security flaws in those systems as well.

    link to this | view in thread ]

  52. icon
    Bergman (profile), 29 Apr 2016 @ 9:08pm

    Re: We can save the step.

    While at the same time LOOKING encrypted to the criminals, so that they don't know it's still plaintext!

    link to this | view in thread ]

  53. icon
    Bergman (profile), 29 Apr 2016 @ 9:14pm

    Re: Re: Let's get started

    ...except that in the incident you alluded to, he didn't do anything of the sort.

    He bought a small game hunting rifle that had purely cosmetic features that made it resemble a military rifle. A rifle that is illegal to use on human-size animals because it is so unlikely to kill them that using it on them constitutes animal cruelty.

    If purely cosmetic looks can turn a weak hunting rifle into a high performance military weapon, then you really ought to be able to win a NASCAR race on your bicycle by covering it with sponsor stickers.

    link to this | view in thread ]

  54. icon
    Bergman (profile), 29 Apr 2016 @ 9:19pm

    Re:

    A further example of Feinstein's hypocrisy is that for many years she held one of the seldom-seen California concealed gun permits.

    Yes, the woman who insists that guns have no legitimate use, that they exist solely to commit murders and are useless for any other purpose owned and carried a gun for self defense purposes.

    When called on it, she got rid of it. But it's worth noting that her security detail IS still armed with items that are useless for defending people and can only be used to murder innocents. Or at least, that's what she claims about them regularly anyway.

    link to this | view in thread ]

  55. icon
    Bergman (profile), 29 Apr 2016 @ 9:21pm

    Re: Senators Burr & Feinstein encription liability?

    Under current law, the company would be completely liable.

    Unless Burr & Feinstein write some sort of liability shield into their bill, any company that complies with it would likely be out of business shortly after the black hats crack the backdoor. They'd go bankrupt trying to defend against all the lawsuits.

    link to this | view in thread ]

  56. icon
    Bergman (profile), 29 Apr 2016 @ 9:22pm

    Re: When will the tech overlords...?

    Not to suggest actually breaking the law, but hitmen aren't that expensive.

    link to this | view in thread ]

  57. icon
    That One Guy (profile), 29 Apr 2016 @ 10:09pm

    Government: "It's their fault, take it up with them. " Company: "No, it's their fault, take it up with them."

    If companies were required to introduce security vulnerabilities, and when those vulnerabilities were found and exploited I imagine that any companies sued due to it would be very quick to point out that they didn't want to have the vulnerability in place, they had to have it, which put the blame on the government. The government would turn around and so that no no, they just said that the vulnerability had to be there, they didn't say it had to be vulnerable to bad people, so the company was at fault.

    They'd continue pointing fingers, wasting time and stalling trying to blame the other person, and any potential lawsuit would go nowhere as a result.

    link to this | view in thread ]

  58. icon
    vdev (profile), 30 Apr 2016 @ 6:43am

    Re: Hashing is not encryption

    True - it's not encryption.

    But the proposals would outlaw it just the same.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 30 Apr 2016 @ 10:54am

    Idiocracy in the Making

    "President Obama said earlier this year, 'You cannot take an absolutist view on this.'"

    https://s-media-cache-ak0.pinimg.com/236x/6c/e5/68/6ce568bbbd6087fcff93a52500312120.jpg

    link to this | view in thread ]

  60. icon
    John Fenderson (profile), 30 Apr 2016 @ 12:52pm

    Re: Idiocracy in the Making

    That quote always makes me think two things simultaneously: First, what an incredibly absolutist thing to say, and second, fuck you -- I can take any view I like, particularly when I can support it.

    link to this | view in thread ]

  61. icon
    That One Guy (profile), 30 Apr 2016 @ 3:20pm

    "Experts claim that 2+2 will always equal 4, but let's not take an absolutist view of the matter..."

    Which would be funny if it weren't so dangerous. On security you can and you should take an 'absolutist view' on it, because deliberately flawed security is not only bad, in a very real sense it's worse than no security at all as it provides a false sense of security, and people will take risks they otherwise wouldn't thinking that they're safe when they're not.

    As such there is no 'middle ground', no 'compromise' available, those that are calling for deliberately installing or requiring security flaws are wrong and demanding the impossible, while those that are calling for strong security without deliberately created flaws are right and understand what can and can not be done.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 30 Apr 2016 @ 3:36pm

    Re: reality

    Everyone in Congress would be hacked within 15 minutes of implementation of the bill. Multiple times over.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 1 May 2016 @ 1:19pm

    Re: Re: Might as well apply this template to other areas too

    Doctors are smart. They will figure it out.

    And if they "refuse" (wink wink, nod nod) we'll just put them in jail until they comply.

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 2 May 2016 @ 5:24am

    It is patently obvious - even to Feinstein (and the congressional hearings with Apple and the FBI) - that encryption software is widely available from outside the US. Susan Landau even testified before congress that it would be impossible to block the importation of foreign-made encryption software.

    Thus this bill isn't intended to block the actual use of crypto by "bad people", most of which aren't even in American jurisdiction.

    Who will this bill actually affect? US businesses and US citizens. As the mythical "terrorists" cannot be the target, why is Feinstein trying to undermine domestic business and ruin our ability to export modern technology?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.