Intelligence Director Says Gov't Can Demand Encryption Backdoors Without Having To Run It By The FISA Court

from the keeping-secrets-from-the-secret-court dept

A set of questions from Senator Ron Wyden -- directed at the Office of the Director of National Intelligence -- have finally received answers. The answers [PDF] were actually given to the Senate oversight committee in July but have just now been made public.

Zack Whittaker of ZDNet has taken a look at the answers the ODNI provided and found something that indicates the government can not only compel the creation of backdoors, but can do so without explicit approval from the FISA court.

The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR), but they were only made public this weekend.

The implication is that the government can use its legal authority to secretly ask a US-based company for technical assistance, such as building an encryption backdoor into a product, but can petition the Foreign Intelligence Surveillance Court (FISC) to compel the company if it refuses.

In its answers, the government said it has "not to date" needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.

The government would not say, however, if it's ever asked a company to add an encryption backdoor.

The way this process works is the agency requesting the backdoor or other compelled assistance runs the request by the FISA court. This process does not ask the FISA court to approve the method used, nor does it provide the court with details on the assistance sought. All the FISC determines is whether or not compelled assistance is necessary.

The ODNI maintains it has never asked for compelled decryption or the installation of backdoors… at least not under this authority. If it has, there'd be little in the way of a paper trail to prove it. The FBI, as part of the Intelligence Community, appears to be more interested in securing the help of US courts -- something that would prove far more useful in the long run, considering its domestic focus.

This information comes at a critical time. The surveillance wing of the government wants Section 702 (and related authorities) renewed at the end of this year -- unaltered and with at least a half-decade before the next chance of reform. So far, its two Congressional oversight bodies have been compliant with the IC's wishes. Serious reform efforts have been dumped by both House and Senate judiciary committees, leaving only those authored by longtime surveillance state cheerleaders in the running. With limited oversight and an easy way to route around FISA roadblocks, Section 702 reform is badly needed if we have any hope of the next decade being less filled with Fourth Amendment violations than the last one.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, compelled assistance, encryption, fisa court, fisc, odni, ron wyden


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 5 Dec 2017 @ 12:17pm

    This kills the proprietary software industry.

    link to this | view in thread ]

  2. identicon
    I.T. Guy, 5 Dec 2017 @ 12:18pm

    So basically we have to assume ALL US companies are compromised.

    link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2017 @ 12:22pm

    What's really funny is how you kids worry over encryption...

    while using SPYWARE OPERATING SYSTEMS that report everything you do, besides full of bugs, flaws, front, AND back doors...

    KNOW that you're tracked by Google everywhere on teh internets and it's collated with your bank info...

    and CELL PHONES KNOWN TAPPED and give your location!

    It's just this ONE form of official encryption -- when a custom method can be practically invulnerable. EXPLAIN THAT.

    link to this | view in thread ]

  4. icon
    Groaker (profile), 5 Dec 2017 @ 12:26pm

    The government can demand safe encryption that only "good little boys and girls," can break, but it can also demand the squaring of the circle, breaking the Second Law of Thermodynamics, and ever so many more impossible feats.

    But where are the banks and other financial houses? Are they going to put up with this?

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 5 Dec 2017 @ 12:27pm

    Re:

    assume? They already are.

    link to this | view in thread ]

  6. identicon
    I.T. Guy, 5 Dec 2017 @ 12:36pm

    Re: What's really funny is how you kids worry over encryption...

    Decaf muh brotha... decaf. :)

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 5 Dec 2017 @ 12:39pm

    Re:

    But where are the banks and other financial houses?

    Exempt.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 5 Dec 2017 @ 12:40pm

    Re:

    But where are the banks and other financial houses? Are they going to put up with this?

    Why not? The government's had overt access to all their data for 15 years without objection.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 5 Dec 2017 @ 1:05pm

    Hitler would be proud!

    link to this | view in thread ]

  10. identicon
    mcinsand, 5 Dec 2017 @ 1:24pm

    If good-guy-only encryption is possible

    If backdoors are possible without impairing Jane/Joe Citizen's security, then changing π to an even 3 should be a snap. Think of how easy schoolkids' calculations will be when a circle's circumference is simply three times the diameter!

    link to this | view in thread ]

  11. identicon
    David, 5 Dec 2017 @ 1:25pm

    Re:

    More like jealous.

    link to this | view in thread ]

  12. icon
    Aerie (profile), 5 Dec 2017 @ 1:27pm

    Unfortunately, the Intelligence Director does not speak for the courts and he cannot overrule the courts either. LOLS

    link to this | view in thread ]

  13. icon
    That One Guy (profile), 5 Dec 2017 @ 1:52pm

    "Oh we violated the law? Prove it."

    Unfortunately that only matters if a real court finds out what they're doing, and doesn't fall all over itself the second the government utters the magic words 'National Security', and they don't get their pets in FISC to write them up a classified 'exception'.

    link to this | view in thread ]

  14. icon
    JoeCool (profile), 5 Dec 2017 @ 1:53pm

    Re: If good-guy-only encryption is possible

    Multiplying by three is too hard. Round it up to four, or down to two, please.

    /s

    link to this | view in thread ]

  15. icon
    JoeCool (profile), 5 Dec 2017 @ 1:57pm

    The government would not say, however, if it's ever asked a company to add an encryption backdoor.

    If they so no comment, they mean yes. If the say no, they mean yes, but you're in trouble if you dig any deeper. If they say yes, they mean Oh HELL YES!!

    link to this | view in thread ]

  16. identicon
    Giff, 5 Dec 2017 @ 2:47pm

    Re: ??

    ^^ "In its answers, the government said it has "not to date" needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption."


    ... a very vague response to Wyden's formal request for clarification. And not enough substance to draw any objective "implication" whatsoever

    Apparently only the soothsayers at ZDNET could divine any meaning in this "clarification". Wyden is silent about it -- perhaps he will send Coats another "strong" letter next summer. Coats -10 Wyden - 0

    link to this | view in thread ]

  17. identicon
    Pseudonym, 5 Dec 2017 @ 2:54pm

    Well...

    The way it's phrased, I'm not sure there's a problem on the legal question. The US government can <i>ask</i> any US company for any technical assistance it wants at any time for any reason. The problem is that the government seems to be kidding itself that this constitutes some kind of <i>demand</i> with force behind it.

    The US government can also petition a court to compel some kind of activity for any reason it has good reason to believe might be legal. The problem is that FISA works mostly in secret, so the public has no oversight or any chance to intervene.

    link to this | view in thread ]

  18. identicon
    Vic, 5 Dec 2017 @ 3:00pm

    RE: Now it would be a good time...

    For all tech/SW companies to start posting those little canary disclaimers on front pages of their sites.

    If they do not do it - we have to assume the worst...

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 5 Dec 2017 @ 3:16pm

    Re: What's really funny is how you kids worry over encryption...

    Solvang abuse is a terrible thing.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 5 Dec 2017 @ 3:16pm

    Re: Re: What's really funny is how you kids worry over encryption...

    Solvent*

    link to this | view in thread ]

  21. identicon
    tin-foil-hat, 5 Dec 2017 @ 3:18pm

    Sense of Entitlement

    The envelope has been pushed so far that at this time:

    1. Law enforcement feels entitled to have preemtive spying capabilities.

    2. They feel entitled to steal from you.

    3. They are free to murder you and kill your pets.

    I have cats who've become complacent. They are sitting in the driveway when I get home from work (feeding time). I have to get out of the car and shoo them away. I want to get a super soaker to break them of that habit but I'm afraid that the police will drive by one day and shoot me.

    link to this | view in thread ]

  22. icon
    Bergman (profile), 5 Dec 2017 @ 5:23pm

    Re:

    Yeah, only the most clueless and naive would ever buy anything but open source under this rule -- and the people who are clueless and naive tend to be so careless with security that back doors would not be needed.

    link to this | view in thread ]

  23. icon
    David (profile), 5 Dec 2017 @ 5:41pm

    Won't work with open source

    I frequently use OpenSSL. Putting a back door in it renders it useless. Since it is open source everyone will know how to access the back door.

    link to this | view in thread ]

  24. identicon
    Cal, 5 Dec 2017 @ 6:22pm

    FISA court, spying, etc

    We are either a CONSTITUTIONAL REPUBLIC, or we have no government at all.

    Those that SERVE WITHIN our federal government get their authority from either the branch that they serve within, or from a named office within a branch. NO person, no group, no agency, no entity, etc has any authority on their own. Basically, the US Constitution and each state's Constitution is our government and the people who serve within them - elected, hired, contracted, etc - are ALLOWED to use the authority of the branch or named office within a branch while serving IF they do the duties as assigned (in writing), take and KEEP the Oath.

    The US Constitution IS the supreme Law of this nation and requires that all legislation be created in Pursuance thereof it in order to be Lawfully binding on the people. It is also the supreme Contract for ALL who serve within our governments - state and federal.

    Those that serve within our governments LAWFULLY have no authority other then that delegated in writing to the branch or to the named-Office-within a branch that they serve within.

    Dr. Edwin Vieira, Jr: “This has nothing to do with personalities or subjective ideas. It’s a matter of what the Constitution provides... The government of the United States has never violated anyone’s constitutional rights... The government of the United States will never violate anyone constitutional rights, because it cannot violate anyone’s constitutional rights. The reason for that is: The government of the United States is that set of actions by public officials that are consistent with the Constitution. Outside of its constitutional powers, the government of the United States has no legitimacy. It has no authority; and, it really even has no existence. It is what lawyers call a legal fiction.
    ... the famous case Norton v. Shelby County... The Court said: “An unconstitutional act is not a law; it confers no rights; it imposes no duties. It is, in legal contemplation, as inoperative as though it had never been passed.” And that applies to any (and all) governmental action outside of the Constitution...” (end quote)

    Archibald Maclaine, North Carolina’s ratifying convention: “If Congress should make a law beyond the powers and the spirit of the Constitution, should we not say to Congress, ‘You have no authority to make this law. There are limits beyond which you cannot go. You cannot exceed the power prescribed by the Constitution. You are amenable to us for your conduct. This act is unconstitutional. We will disregard it, and punish you for the attempt.’”

    "A constitution is designated as a supreme enactment, a fundamental act of legislation by the people of the state. A constitution is legislation direct from the people acting in their sovereign capacity, while a statute is legislation from their representatives, subject to limitations prescribed by the superior authority." Ellingham v. Dye, 231 U. S. 250.

    "The basic purpose of a written constitution has a two-fold aspect, first securing [not granting] to the people of certain unchangeable rights and remedies, and second, the curtailment of unrestricted governmental activity within certain defined spheres." Du Pont v. Du Pont, 85 A 724.

    "The constitution of a state is stable and permanent, not to be worked upon the temper of the times, not to rise and fall with the tide of events. Notwithstanding the competition of opposing interests, and the violence of contending parties, it remains firm and immoveable, as a mountain amidst the strife and storms, or a rock in the ocean amidst the raging of the waves." Vanhorne v. Dorrance, supra.

    James Madison: “Government is instituted to protect property of every sort; as well that which lies in the various rights of individuals, as that which the term particularly expresses. This being the end of government, that alone is a just government, which impartially secures to every man, whatever is his own.”



    Justice William O. Douglas, dissenting opinion, Colten v. Kentucky, 407 U.S. 104 (1972): “Since when have we Americans been expected to bow submissively to authority and speak with awe and reverence to those who represent us? The constitutional theory is that we the people are the sovereigns, the state and federal officials only our agents. We who have the final word can speak softly or angrily. We can seek to challenge and annoy, as we need not stay docile and quiet.”

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 5 Dec 2017 @ 6:41pm

    Re: What's really funny is how you kids worry over encryption...

    The RIAA's days of suing children are over. The best follow-up you can manage is the army of copyright trolls like Malibu Media who are getting increasingly scrutinized by judges.

    Sucks to be you, don't it?

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 6 Dec 2017 @ 5:01am

    IME is a fully fledged completely functioning back-door. WAKE UP.

    "If it has, there'd be little in the way of a paper trail to prove it."

    No need. The Intel Management Engine is a fully fledged completely functioning back-door with a completely awful cover story - yet you still remain unwilling to see it for what it is. Why is that, Tim? Wake up and smell the obvious (its much much better than epoxying wool over your own eyes).

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 6 Dec 2017 @ 6:32am

    Again, Question 12 is not answered - not at all. The answer is only obfuscated as per the norm with these utterly lawless individuals. Asked was if there is a REQUIREMENT that a citizen must FIRST BE SUSPECTED OF WRONGDOING PRIOR TO AN INQUIRY OCCURING. The only answer given was that the inquiry must be formulated to provide FII, or evidence of criminal activity (if used by the FBI). Note, it does not, under any circumstances, establish if BEING SUSPECTED OF WRONGDOING is required prior to making the inquiry (regardless of how crafted). In other words, the answer, as is, permits for wholesale fishing in two areas: (1) FII, and (2) evidence of criminal activity. The ODNI then subsequently tries to imply that said fishing expedition is "somehow" deemed to be in harmony (definition of "comport") with the 4th amendment, and the FISA, according to the FISC... an obvious falsehood.

    Well, Mr. Wyden, if you're reading this (and let's face it, you read TechDirt) it's up to YOU to demand clarification of questions 12's answer. Will you seek it?

    link to this | view in thread ]

  28. identicon
    Annonymouse, 6 Dec 2017 @ 7:33am

    Should have asked yes or no questions and hit the airhorn everytime the answer was anything but a yes or no. Said airhorn under their seats for propper impact.

    Have armed marines standing behind each of the chairs to encourage not walking out early during the questioning.

    I wonder how many would go deaf or have a potty emergency during the process?

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 6 Dec 2017 @ 12:36pm

    > In its answers, the government said it has "not to date" needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.

    Because most of the companies in Silicon Valley and the wider "tech" industry are willing participants.

    link to this | view in thread ]

  30. icon
    Uriel-238 (profile), 6 Dec 2017 @ 1:22pm

    Does all of this spying accomplish anything?

    This seems like blatant-enforcement-of-the-status-quo territory, since they can't track terrorists who whose SMS unencrypted, but are happy to freak out over teens sexting each other and rob people with too much money trying to fulfill their American dreams.

    I wonder if all these hacks of government agencies are being done with government-mandated backdoors (at least when they're not being done with government-withheld day-zero vulnerabilities.)

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 10 Dec 2017 @ 11:46am

    Re:

    It kills freedom and privacy.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.