Homeland Security Committee Thinks Backdoors Are Bad, But Encryption Still A Problem The Government Needs To Fix

from the one-half-logic,-one-half-Comey dept

The House Homeland Security Committee has decided to weigh in on the encryption debate with the release of a report [PDF] entitled "Going Dark, Going Forward." Despite the use of Comey's pet term for the increasing deployment of encryption by service providers and device makers, the committee points out backdoors are a terrible way to address the problem.

Initially, lawmakers and some among law enforcement personnel believed the solution was simple: statutorily authorize law enforcement access to obtain encrypted data with a court order. Unfortunately, this proposal was riddled with unintended consequences, particularly if redesigning encryption tools to incorporate vulnerabilities—creating what some refer to as “backdoors”—actually weakened data security. Indeed those vulnerabilities would naturally be exploited by the bad guys—and not just benefit the good guys.

However, it also does not specifically take encryption backdoors off the table. As any good committee would, it suggests the solution lies with the formation of another committee and the generation of studies and reports.

Thus, in our estimation, the best way for Congress and the nation to proceed at this juncture is to formally convene a commission of experts to thoughtfully examine not just the matter of encryption and law enforcement, but law enforcement’s future in a world of rapidly evolving digital technology.

So far, so bureaucratic. The ordering of the formation of a commission (to be called the "National Commission on Security and Technology Challenges") is the tentative step forward -- one that will last an entire year. After that, the discussion of encryption backdoors can resume.

The Committee ordering the formation of a commission also has the unfortunate tendency to portray the government in a rosy glow it certainly hasn't earned.

Congress and the American people have always sought to strike the right balance between the rule of law and individual liberty. Several examples illustrate this point, including debates surrounding the development of a robust anti-money laundering regime in online and in-person banking in the 1980s and 1990s; the Communications Assistance for Law Enforcement Act in the early 1990s; the appropriate use of “roving wiretaps” in response to the widespread adoption of mobile communications in the early 2000s; and current discussions on the proper role of commercial drone technology in public and private arenas.

Even if you ignore the fact that the "debate" surrounding CALEA mostly involved legislators listening to law enforcement lobbying (with compromise only resulting because telcos had similar lobbying weight) and the ongoing secrecy over government surveillance drone use, there's the part about "roving wiretaps." The "debate" that took place here was the result of a secret program being uncovered years after it went into effect. It had nothing to do with the government engaging with citizens prior to granting the NSA and FBI this power.

The House Committee also shows an unfortunate tendency to defer to Comey's encryption assertions. It goes so far as to echo his talking points that have no basis in reality.

In later testimony, Comey further commented, “There is no doubt that the use of encryption is part of terrorist tradecraft now because they understand the problems we have getting court orders to be effective when they’re using these mobile messaging apps, especially that are end-to-end encrypted” [emphasis added]. Indeed, the perpetrators of terrorist attacks in Garland, Texas, Paris, France, and San Bernardino, California, in 2015 all exploited encrypted communications.

The last two attacks listed uncovered no use of encryption. The Paris attackers used normal, unencrypted SMS and the notorious San Bernardino iPhone was eventually cracked by a third party, but revealed nothing of importance after being examined.

It's about as even-handed as one can expect from a committee that still believes there's an "honest conversation" to be had about a subject FBI Director James Comey refuses to discuss honestly. It notes that most countries people consider to be free (mainly Western European) have shot down encryption backdoors, even in the wake of terrorist attacks. The countries where governments have demanded backdoors are no one's idea of civil liberties paradises -- like China and Iran. Presented this way, there's a strong suggestion that the US government shouldn't come down on the side of countries whose human rights records are, at best, highly questionable. That should help keep the conversation more "honest," at least.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, congress, encryption, going dark, homeland security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 8 Jul 2016 @ 4:01am

    What's the betting that the Dallas shooters discussed shooting cops without bothering to use encryption?
    How badly do they have to fail before realize that trying to spy on everybody does not make society any safer, but rather encourages people with a grudge against the authorities to stay silent and plot their revenge.

    link to this | view in chronology ]

    • icon
      MadAsASnake (profile), 8 Jul 2016 @ 5:43am

      Re:

      I think the message to US police is:

      "Stop shooting black guys that are no threat"

      Encryption is irrelevant. It will be trotted out of course...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Jul 2016 @ 7:37am

        Re: Re:

        That is not the message coming across.

        BLM is racist and has now escalated the problems. BLM vs the Police will become a self fulfilling prophecy on both sides now. Each seem to be planning on seeing to that.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Jul 2016 @ 12:14pm

          Re: Re: Re:

          Huh what?

          BLM is racist? What twisted logic Breitbart "journalism" have you been reading?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 11 Jul 2016 @ 12:46pm

            Re: Re: Re: Re:

            Any movement, ideal etc. that favors people of one or more "races" more or less than those of other "races" is "racist". The definition of racism does not exclude any particular "race" from being racist to whatever extent. This is like using the popular stereotype that right-wing radicals are inherently bad people while left-wing radicals are just fine whatever they do.

            link to this | view in chronology ]

            • identicon
              Wendy Cockcroft, 12 Jul 2016 @ 2:28am

              Re: Re: Re: Re: Re:

              Any movement, ideal etc. that favors people of one or more "races" more or less than those of other "races" is "racist". The definition of racism does not exclude any particular "race" from being racist to whatever extent.

              That is not what BLM is about. It's about the right to be treated with the same consideration as everybody else. That's why it's called "Black lives matter," not "Black lives better." It's about highlighting the unfair treatment and prejudice that Black people are subjected to on a daily basis. https://en.wikipedia.org/wiki/Black_Like_Me gives a basic idea of what it's like.


              This is like using the popular stereotype that right-wing radicals are inherently bad people while left-wing radicals are just fine whatever they do.

              Extremism is harmful; I've got no time for it from either side of the aisle. I take hard-left socialists apart with as much vigour as I do far right wingers. Basically, I hate being told what to do by people who don't care about me. Here's the thing; many people on the right see moderate centrism as left wing. It's not. Heck, they see Hillary Clinton as left wing when she's actually a fascist.

              link to this | view in chronology ]

              • icon
                PaulT (profile), 12 Jul 2016 @ 2:40am

                Re: Re: Re: Re: Re: Re:

                "That's why it's called "Black lives matter," not "Black lives better.""

                I agree with one take on the name, which is that it's sad that it wasn't called something like Black Lives ALSO Matter. While most people get what the organisation is about, and that it's trying to counter the feeling that black lives often mean less that others, some people can't get past the name. They assume that instead of "also", it actually means "only". So, they see it as a racist group trying to get black people preference, rather than trying to battle against the worse treatment that they get every day.

                But, the same people who think that tend to be kind of ignorant souls who think that equal rights for homosexuals means they want some kind of special treatment or that freedom from religion means war on Christianity or other such idiocy. So, we shouldn't be surprised that they hear "give us more" when they say "give us the same".

                link to this | view in chronology ]

  • icon
    PaulT (profile), 8 Jul 2016 @ 4:05am

    “There is no doubt that the use of encryption is part of terrorist tradecraft"

    ...because they're also part of everyday life for non-terrorists. Increasingly so, since the government's illegal activities around unencrypted communications were known.

    Funny how that's always left out.

    link to this | view in chronology ]

  • identicon
    Comey's Little Buddy, 8 Jul 2016 @ 4:20am

    ...exploited by the bad guys

    The solution is to just pass a law making it illegal for bad guys to exploit back doors. Problem solved. See how easy that was?

    link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 8 Jul 2016 @ 4:55am

    Regulation

    I think this is a great idea. The government should open an investigation on why automotive manufacturers are not protecting billions of people by encrypting the vehicles they sell in order to prevent theft, and mass control of 4k lbs vehicles moving on the road. To me, that is gross negligence.

    link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 8 Jul 2016 @ 4:55am

    Regulation

    I think this is a great idea. The government should open an investigation on why automotive manufacturers are not protecting billions of people by encrypting the vehicles they sell in order to prevent theft, and mass control of 4k lbs vehicles moving on the road. To me, that is gross negligence.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2016 @ 5:45am

    Your link the PDF is broken.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2016 @ 5:53am

    There are no good guys

    and not just benefit the good guys

    Unless there is a warrant, there are no good guys accessing encrypted communications.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2016 @ 6:25am

    When you have a pack of lawyers running things what more would you expect?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2016 @ 6:48am

    It would be a lot more plausible and practical to just ban people who are opposed to encryption from the government than it would be to do anything about the supposed problems caused by encryption.

    link to this | view in chronology ]

  • icon
    beltorak (profile), 8 Jul 2016 @ 7:21am

    Congress and the American people have always sought to strike the right balance between the rule of law and individual liberty. Several examples illustrate this point, including ... the Communications Assistance for Law Enforcement Act in the early 1990s


    Even if you ignore the fact that the "debate" surrounding CALEA mostly involved legislators listening to law enforcement lobbying (with compromise only resulting because telcos had similar lobbying weight)


    Let's not forget it was the CALEA backdoor in the Vodafone network that was used by some still unknown party to spy on several Greek government officials.

    Let's also note that not one of those examples was the '90s encryption debate in which the "other side" - the technologists - won, in part due to Skipjack and the Clipper Chip, a poignant demonstration that the government simply isn't capable of building a "secure, good-guy only backdoor".

    Even if you buy the assertion that the cops are the good guys, every backdoor built into the systems has been used at least once (that we know of) by the "bad guys".

    How many times do we have to drum this into their heads? Backdoors make everyone less safe.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 8 Jul 2016 @ 7:39am

    I propose another way of seeing it. Backdoors and generally weakening encryption is bad and encryption itself is not the problem. The problem is a law enforcement force that can't be bothered to do their work or are some sort of totalitarian voyeurs wha want to have unhindered access to every data. There's no need to 'fix' the encryption problem because it does not exist (I would argue we need better encryption always) but there is a very urgent need to fix law enforcement.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2016 @ 7:44am

      Re:

      I would say that the problem is actually the trend that everyone is guilty until they can read your messages to prove you are innocent and even then, you really are not innocent because they just have not found anything incriminating YET.

      Everyone, is a suspect in their eyes now. If you do not keep your head down and move along you MUST be up to something.

      link to this | view in chronology ]

  • identicon
    5eyesinthesky, 8 Jul 2016 @ 8:33am

    simple solution

    Send in snake pliskin, he'll just kill all those encryption weenies and the problems will be done... Escape from.. the internet

    Not allowed

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2016 @ 6:29pm

    "Encryption is great and all... but we want a golden key."

    link to this | view in chronology ]

  • icon
    Hephaestus (profile), 9 Jul 2016 @ 3:45pm

    One quick thing ...

    You know the report is total bullshit, when they resort to lying in the first line.

    The 2015 Paris attacks used burner cell phones, not encryption.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.