Will DNC Email Hacking Make Legislators More Friendly To Encryption?

from the Betteridge-says... dept

Mon, Aug 8th 2016 1:02pm — Tim Cushing

Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?

Some prominent Democrats have demonized end-to-end encryption, the kind that might have helped lesson the impact of this hack by making emails look like gibberish to anyone without a key. It’s only readable when a person on one end of the communication opens the email, excluding the company storing the exchange, a hacker, and law enforcement.

Senator Dianne Feinstein (D-Calif.) has led the charge on a bill that would make end-to-end encryption illegal, requiring companies be able to decrypt data if served with a court order. Hillary Clinton herself has pushed for breakable encryption, claiming that, “Otherwise, law enforcement is blind—blind before, blind during, and, unfortunately, in many instances, blind after.”

Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained. It wouldn't have prevented any content from being accessed, but would have greatly mitigated the damage.

Unfortunately, there's a very good chance the wrong lessons will be learned from this experience.

While it would seem obvious that the best way forward would be to encourage the use of strong encryption for everyone, it's far more likely legislators and presidential candidates will continue to try to carve holes for law enforcement access and expand government powers to "hack back" or perform preemptive attacks. The proposed Rule 41 changes will likely slide on through at the end of this year, allowing the FBI to break into computers all over the world.

Another solution suggested by Hill is to move government communications to private platforms like Gmail where end-to-end encryption can be implemented and, more importantly, handled by professionals rather than, say, a bunch of lawyers with access to the spare bedroom.

Government officials may be wary of allowing private companies to handle (and store) government communications, but the public should be just as wary of any government agency that makes a private company its official communications platform. Private platforms used for public business tend to create lots of unnecessary FOIA litigation. Without legislation in place, or additional stipulations added to contracts with private entities, government agencies will not only be able to keep malicious hackers at bay, but also pesky members of the public demanding access to officials' communications.

The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives. The sort of hybrid approach to legislating we see far too often -- whether it's in response to Congressional insider trading or the numerous buffers placed between law enforcement officers and any form of accountability.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dnc, email, encryption, hacking

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Vidiot (profile), 8 Aug 2016 @ 12:31pm

Legislators need practical explanations
"Wait... you mean that if the server was hacked but my message was encrypted, the papers never could have printed that thing about the sheep?"
[ link to this | view in chronology ]
- Anonymous Coward, 8 Aug 2016 @ 1:19pm
  
  Re: Legislators need practical explanations
  Tomorrow's Headline: Bill Introduced To Outlaw Encryption Except For Government Use.
  [ link to this | view in chronology ]
  - DannyB (profile), 8 Aug 2016 @ 2:40pm
    
    Re: Re: Legislators need practical explanations
    The government should let everyone use encryption.
    
    Not just the government.
    
    But please !!! Please use the kind of magical encryption that law enforcement can read, but hackers cannot read.
    
    If it doesn't exist it can be invented. Or if not invented, it could at least be patented, which is just as valuable in court as being actually invented.
    [ link to this | view in chronology ]
- Anonymous Coward, 8 Aug 2016 @ 2:01pm
  
  Re: Legislators need practical explanations
  > the papers never could have printed that thing about the sheep?"
  
  No... because you had already violated the first rule. The first rule of Sheep Club is NEVER EMAIL ABOUT SHEEP CLUB!
  
  Doesn't matter if your email is encrypted, your server is secure, or anything else. Email about Sheep Club at all, and somehow, someone, somewhere will eventually expose your lanolin fetish.
  [ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2016 @ 1:08pm

Or, the government could not use the internet for such things. Regarding email, a dialup based network would be more than sufficient for sending plain text types of messages (encrypted of course.)
[ link to this | view in chronology ]
Chort, 8 Aug 2016 @ 1:46pm

Exemptions
Every time the government proposes banning strong encryption it always includes exemptions for itself and those it favors. (Funny, that, huh?) For example, when Hillary's husband Bill Clinton was pushing for it while he was president, he wanted to exempt the government and bankers, among others. When asked why bankers should be exempted he replied "because bankers are good citizens", as opposed to the rest of us outside the government.
[ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2016 @ 1:47pm

Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained.

End to End encryption is designed to protect the emails in transit, and on external servers. Would the DNC have kept the emails encrypted with the end to end encryption, and if they did, would they have kept the keys under control, given multiple people requiring access to many of the emails. It is not designed to protect drafts, or contents copied into other documents. What the DNC needed was proper whole disk encryption to help protect all their data from hacking of their machines. Security is hard, and it is easy to solve the wrong problem.
[ link to this | view in chronology ]
- orbitalinsertion (profile), 9 Aug 2016 @ 11:41am
  
  Re:
  Security is hard, but people mostly grow them there low-hanging fruit trees. (Attackers with a specific target in mind, of course, would just try harder.)
  
  Disk encryption could be a thing, but I'm thinking that there isn't really a good argument for encryption-friendliness here. But sometimes bad arguments are what you need to influence morons.
  [ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2016 @ 2:00pm

The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives.

I guarantee that's what their position will be, they're so disconnected from common sense and the people that our security is barely a passing thought. We're seen as the enemy that they need to be protected from so they need good encryption to keep us out but all we should allowed to have is backdoored encryption at best so they can see everything we do.
[ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2016 @ 2:28pm

'allowing the FBI to break into computers all over the world'

and exactly what is gonna be done and said when another country finds out what the USA, yet again, has been up to? why should it have the audacity to even think that it has the right to do anything outside of the USA when it shouldn't be allowed to pull shit like this INSIDE the USA!! and as for Feinstein, she ought to wind her neck in and try learning about stuff before she spouts off! being on a committee whilst knowing fuck all is one thing, she can/could rely on others but being a bit on the dim side concerning security and how it totally obliterates freedom and privacy rather than enhancing it, especially in a country that still keeps trying to tell the rest of the World that it is a democracy, is quite pathetic!!
[ link to this | view in chronology ]
Anonymous Coward, 8 Aug 2016 @ 2:31pm

Unfortunately, there's a very good chance the wrong lessons will be learned from this experience.

This is politics! no lessons are to be learned... Just Opportunities to be Exploited!
[ link to this | view in chronology ]
DannyB (profile), 8 Aug 2016 @ 2:41pm

Government has decided NOT to ban encryption!
The government has decided it should not ban encryption.

Banning encryption would make us all less safe.

Instead, the government has invested effort in developing the strongest possible encryption key. The strength of this key will keep us all safe.

Everyone must begin using this encryption key immediately.

People who refuse are obviously up to no good.
[ link to this | view in chronology ]
radix (profile), 8 Aug 2016 @ 3:12pm

Will DNC Email Hacking Make Legislators More Friendly To Encryption?
lolno
[ link to this | view in chronology ]
- radix (profile), 8 Aug 2016 @ 3:14pm
  
  Re: Will DNC Email Hacking Make Legislators More Friendly To Encryption?
  Oops, hit enter too soon. When can I delete my comments, Techdirt?
  
  This was supposed to say, they'll just make the CFAA even more onerous in response. Politicians will never pass up an opportunity to make enforcement stronger when faced with the alternative of expanding freedoms.
  [ link to this | view in chronology ]
Capt ICE Enforcer, 8 Aug 2016 @ 6:19pm

DOD Policy
I remember many years ago when the US Air Force sent out a policy letter stating do not use encrypted email due to server issues. And that it would slow down the world
[ link to this | view in chronology ]
Norahc, 8 Aug 2016 @ 7:04pm

Power vs peons
Those in power have repeatedly demonstrated that they think the laws and rules should only apply to the peons...I mean the people they govern. This won't be any different than running a private email server to get around disclosure laws, releasing classified information to further an agenda, etc..

Some people believe in different rules for the governing and the governed. Guess they forget who they're supposed to be working for.
[ link to this | view in chronology ]
Jeremy Lyman (profile), 9 Aug 2016 @ 5:23am

Spoilers
No.
[ link to this | view in chronology ]