Will DNC Email Hacking Make Legislators More Friendly To Encryption?
from the Betteridge-says... dept
Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?
Some prominent Democrats have demonized end-to-end encryption, the kind that might have helped lesson the impact of this hack by making emails look like gibberish to anyone without a key. It’s only readable when a person on one end of the communication opens the email, excluding the company storing the exchange, a hacker, and law enforcement.
Senator Dianne Feinstein (D-Calif.) has led the charge on a bill that would make end-to-end encryption illegal, requiring companies be able to decrypt data if served with a court order. Hillary Clinton herself has pushed for breakable encryption, claiming that, “Otherwise, law enforcement is blind—blind before, blind during, and, unfortunately, in many instances, blind after.”
Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained. It wouldn't have prevented any content from being accessed, but would have greatly mitigated the damage.
Unfortunately, there's a very good chance the wrong lessons will be learned from this experience.
While it would seem obvious that the best way forward would be to encourage the use of strong encryption for everyone, it's far more likely legislators and presidential candidates will continue to try to carve holes for law enforcement access and expand government powers to "hack back" or perform preemptive attacks. The proposed Rule 41 changes will likely slide on through at the end of this year, allowing the FBI to break into computers all over the world.
Another solution suggested by Hill is to move government communications to private platforms like Gmail where end-to-end encryption can be implemented and, more importantly, handled by professionals rather than, say, a bunch of lawyers with access to the spare bedroom.
Government officials may be wary of allowing private companies to handle (and store) government communications, but the public should be just as wary of any government agency that makes a private company its official communications platform. Private platforms used for public business tend to create lots of unnecessary FOIA litigation. Without legislation in place, or additional stipulations added to contracts with private entities, government agencies will not only be able to keep malicious hackers at bay, but also pesky members of the public demanding access to officials' communications.
The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives. The sort of hybrid approach to legislating we see far too often -- whether it's in response to Congressional insider trading or the numerous buffers placed between law enforcement officers and any form of accountability.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dnc, email, encryption, hacking
Reader Comments
Subscribe: RSS
View by: Time | Thread
Legislators need practical explanations
[ link to this | view in chronology ]
Re: Legislators need practical explanations
[ link to this | view in chronology ]
Re: Re: Legislators need practical explanations
Not just the government.
But please !!! Please use the kind of magical encryption that law enforcement can read, but hackers cannot read.
If it doesn't exist it can be invented. Or if not invented, it could at least be patented, which is just as valuable in court as being actually invented.
[ link to this | view in chronology ]
Re: Legislators need practical explanations
No... because you had already violated the first rule. The first rule of Sheep Club is NEVER EMAIL ABOUT SHEEP CLUB!
Doesn't matter if your email is encrypted, your server is secure, or anything else. Email about Sheep Club at all, and somehow, someone, somewhere will eventually expose your lanolin fetish.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Exemptions
[ link to this | view in chronology ]
End to End encryption is designed to protect the emails in transit, and on external servers. Would the DNC have kept the emails encrypted with the end to end encryption, and if they did, would they have kept the keys under control, given multiple people requiring access to many of the emails. It is not designed to protect drafts, or contents copied into other documents. What the DNC needed was proper whole disk encryption to help protect all their data from hacking of their machines. Security is hard, and it is easy to solve the wrong problem.
[ link to this | view in chronology ]
Re:
Disk encryption could be a thing, but I'm thinking that there isn't really a good argument for encryption-friendliness here. But sometimes bad arguments are what you need to influence morons.
[ link to this | view in chronology ]
I guarantee that's what their position will be, they're so disconnected from common sense and the people that our security is barely a passing thought. We're seen as the enemy that they need to be protected from so they need good encryption to keep us out but all we should allowed to have is backdoored encryption at best so they can see everything we do.
[ link to this | view in chronology ]
and exactly what is gonna be done and said when another country finds out what the USA, yet again, has been up to? why should it have the audacity to even think that it has the right to do anything outside of the USA when it shouldn't be allowed to pull shit like this INSIDE the USA!! and as for Feinstein, she ought to wind her neck in and try learning about stuff before she spouts off! being on a committee whilst knowing fuck all is one thing, she can/could rely on others but being a bit on the dim side concerning security and how it totally obliterates freedom and privacy rather than enhancing it, especially in a country that still keeps trying to tell the rest of the World that it is a democracy, is quite pathetic!!
[ link to this | view in chronology ]
This is politics! no lessons are to be learned... Just Opportunities to be Exploited!
[ link to this | view in chronology ]
Government has decided NOT to ban encryption!
Banning encryption would make us all less safe.
Instead, the government has invested effort in developing the strongest possible encryption key. The strength of this key will keep us all safe.
Everyone must begin using this encryption key immediately.
People who refuse are obviously up to no good.
[ link to this | view in chronology ]
Will DNC Email Hacking Make Legislators More Friendly To Encryption?
[ link to this | view in chronology ]
Re: Will DNC Email Hacking Make Legislators More Friendly To Encryption?
This was supposed to say, they'll just make the CFAA even more onerous in response. Politicians will never pass up an opportunity to make enforcement stronger when faced with the alternative of expanding freedoms.
[ link to this | view in chronology ]
DOD Policy
[ link to this | view in chronology ]
Power vs peons
Some people believe in different rules for the governing and the governed. Guess they forget who they're supposed to be working for.
[ link to this | view in chronology ]
Spoilers
[ link to this | view in chronology ]