Bill Introduced To Prevent Government Agencies From Demanding Encryption Backdoors
from the pushing-back-from-the-top-down dept
The FBI continues its push for a solution to its "going dark" problem. Joined by the DOJ, agency head Christopher Wray has suggested the only way forward is a legislative or judicial fix, gesturing vaguely to the thousands of locked phones the FBI has gathered. It's a disingenuous push, considering the tools available to the agency to crack locked devices and obtain the apparently juicy evidence hidden inside.
The FBI hasn't been honest in its efforts or its portrayal of the problem. Questions put to the FBI about its internal efforts to crack locked devices are still unanswered. The only "new" development isn't all that new: Ray Ozzie's "key escrow" proposal may tweak a few details but it's not that far removed in intent from the Clipper Chip that kicked off the first Crypto War. It's nothing more than another way to make device security worse, with the only beneficiary being the government.
The FBI's disingenuousness has not gone unnoticed. Efforts have been made over the last half-decade to push legislators towards mandating government access, but no one has been willing to give the FBI what it wants if it means making encryption less useful. A new bill [PDF], introduced by Zoe Lofgren, Thomas Massie, Ted Poe, Jerry Nadler, Ted Lieu, and Matt Gaetz would codify this resistance to government-mandated backdoors.
The two-page bill has sweeping safeguards that uphold security both for developers and users. As the bill says, “no agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.”
This bill would protect companies that make encrypted mobile phones, tablets, desktop and laptop computers, as well as developers of popular software for sending end-to-end encrypted messages, including Signal and WhatsApp, from being forced to alter their products in a way that would weaken the encryption. The bill also forbids the government from seeking a court order that would mandate such alterations. The lone exception is for wiretapping standards required under the 1994 Communications for Law Enforcement Act (CALEA), which itself specifically permits providers to offer end-to-end encryption of their services.
The Secure Data Act shouldn't be needed but the FBI and DOJ have forced the hand of legislators. Rather than take multiple hints dropped by the previous administration, the agencies have only increased the volume of their anti-encryption rhetoric in recent months. Maybe the agencies felt they'd have the ear of the current administration and Congressional majority, but investigations involving the president and his staff have pretty much killed any "law and order" leanings the party normally retains. This bill may see widespread bipartisan support simply because it appears to be sticking it to the Deep State. Whatever. We'll take it. Hopefully, this makes a short and direct trip to the Oval Office for a signature.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, congress, doj, encryption, fbi, going dark, jerry nadler, matt gaetz, responsible encryption, secure data act, security, ted lieu, ted poe, thomas massie, zoe lofgren
Reader Comments
Subscribe: RSS
View by: Time | Thread
... and them too I suppose
It's nothing more than another way to make device security worse, with the only beneficiary being the government.
Oh not even close, the main beneficiaries would be the countless criminals who would be handed millions of peoples' data on a silver platter, for use and abuse. The various governments would be almost incidental beneficiaries, and vastly outnumbered by those without badges.
[ link to this | view in chronology ]
Re: ... and them too I suppose
[ link to this | view in chronology ]
CALEA
Reminder: the backdoors that were added to support CALEA have been abused by criminals in the past.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Has the Horse Already Left the Barn?
Bill Introduced To Prevent Government Agencies From Demanding Encryption Backdoors
What if CIA/FBI/NSA (etal) had already gained access via baked in exploits that were coded/engineered into software/hardware during the design/build/debugging phases of development (some of which occurred decades ago)?
Italicized/bold text below was excerpted from a report found at the website www.businessinsider.com titled - 14 cutting edge firms funded by the CIA:
The Central Intelligence Agency has its own investment capital arm, and it's been pumping money into some of Silicon Valley's most innovative companies for years.
http://www.businessinsider.com/companies-funded-by-cia-2016-9
Italicized/bold text below was excerpted from a report found at the website www.nsa.gov titled - Technology Transfer at NSA: Moving Innovations from the Lab to the Marketplace:
The Internet, Global Positioning Systems, Goodyear Tires … all of these products had their genesis in a federal government-sponsored lab before becoming widely available to the public. How does a technology move from a federal research facility to the commercial marketplace? At the National Security Agency (NSA), the NSA Technology Transfer Program (TTP) drives the transfer of technologies from lab to market.
So how does the TTP transfer a technology developed for Government use to a commercial application? The TTP matches a company or entrepreneur with one or more of the 200 patented NSA technologies available for licensing. The program provides access to innovative NSA technology through a Patent License Agreement (PLA), which helps businesses achieve market advantage and differentiation — a crucial need in today's fast paced, competitive environment.
https://www.nsa.gov/news-features/news-stories/2015/technology-transfer-at-nsa.shtml
It alicized/bold text below was excerpted from a report found at the website techcrunch.com titled - NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users:
The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept.
A top-secret warrant renewal request issued by the GCHQ details the motivations behind infiltrating the products of such anti-virus companies.
https://techcrunch.com/2015/06/22/nsa-has-reverse-engineered-popular-consumer-anti-virus- software-in-order-to-track-users/
Italicized/bold text below was excerpted from a report found at the website www.zdnet.com titled US government pushed tech firms to hand over source code:
The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We're not naming the person as they relayed information that is likely classified.
With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing "most of the time."
Top secret NSA documents leaked by whistleblower Edward Snowden, reported in German magazine Der Spiegel in late-2013, have suggested some hardware and software makers were compelled to hand over source code to assist in government surveillance.
The NSA's catalog of implants and software backdoors suggest that some companies, including Dell, Huawei, and Juniper -- which was publicly linked to an "unauthorized" backdoor -- had their servers and firewall products targeted and attacked through various exploits. Other exploits were able to infiltrate firmware of hard drives manufactured by Western Digital, Seagate, Maxtor, and Samsung.
https://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/
Ita licized/bold text below was excerpted from a report found at the website www.theguardian.com titled - NSA Prism program taps in to user data of Apple, Google and others:
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data
This Bill is nothing more than another piece of feel-good token legislation.
The horse left the barn decades ago.
If congress had a spine and was truly concerned with the criminal conduct being carried out under the pitch dark cloak of official government secrecy (for our safety of course) it would move to immediately defund the criminals responsible for this dystopian surveillance state nightmare we all inhabit.
[ link to this | view in chronology ]
Re: Has the Horse Already Left the Barn?
Lets see..
MS had a Bot in the music program that lasted from 1998- 2005..and NO AV found it..
NORTON, sends messages to the CORPS 2 weeks befor Consumers??
AV companies HAVE TO KNOW/SEE/FIND a Virus before they can stop it..If no one mentions it, samples it..THEY CANT DO ANYTHING..
(LOVE QUICK SCAN/NOT) easy trick for quick scan is to scan by DATE..and NOT the windows files..
Easier to make Program BOT to watch you, as then if found can be re-installed..
Once a hardware Bug is found, the person can kill the phone..
THERE ARE 3 buttons in MANY PHONES...Off/ON/IM A POLICE AGENT...REALLY..
Its how they can locate you in emergency by GPS on your phone, as LONG AS ITS LIVE/WORKING...Good battery..
WHO here knows about the NO RING HARDWARE for the old phones?? You can Actually, call a number and it WONT RING, and listen to whats happening in the house..
And if you want your name on a list...go find and buy this..
[ link to this | view in chronology ]
Re: Has the Horse Already Left the Barn?
[ link to this | view in chronology ]
Re: Re: Has the Horse Already Left the Barn?
Yep, knew it..
And wondered why we are paying them Equal to 360k per year for 1/2 years work..
Then they have taken down so many Consumer laws its getting real bad out here.. We have 3 agencies responsible for the Food in this country, from Field to Store. And they have said they cant do it, they can only get to 8% per year. And how many food poisonings around the States??
Im waiting for the absence of pollution laws to REALLY HIT..
And with those 500+, you would think abit of common sense would be SOMEPLACE..
[ link to this | view in chronology ]
One other secession idea that would succeed more than any other is for New York City to secede from both the state of New York, and the United States, and becomes its own city state, like Singapore is.
Internet services in the Republic Of New York would no longer be subject to United States laws, if this happened.
The Republic Of New York, if it existed now, would be the 12th largest economy in the world, and would the infrastructure to allow Internet firms to relocate there, and be beyond the reach of the remaining United States.
I could see Yahoo, Google, and other companies relocating there, if it happened, so that US laws, including SESTA and the DMCA, would no longer apply to them
And the citizens of NYC would vote for it, if it were put to a vote, becuase NYC is heavily Democrat, while the rest of the state is Republican, so it could happen.
This will also make SESTA unenforceable, as websites in the Republic Of New York would not be subject to United States laws. The United States Government would not be able to enforces its laws there.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
California, for example, could join a Republic Of Northern Mexico, a Republic Of Pacific, join Washington and Oregon and be annexed to Canada, or become its own country.
I think California will take one of those four paths, somewhere down the line. If it does not become its own country, it will becomes part of either Canada, the Republic Of Pacifica, or the Republic Of Northern Mexico.
[ link to this | view in chronology ]
More Better!
[ link to this | view in chronology ]
Spam solutions checklist
You guys should start compiling something like the old checklist of why ideas for fighting spam won't work.
It'd be nice to be able to boil down articles to sarcastic "why this encryption idea is stupid" checklists.
[ link to this | view in chronology ]
[ link to this | view in chronology ]