Senators Launch Full On Nuclear War Against Encryption: Bill Will Require Broken Encryption, Putting Everyone At Risk
from the stop-pushing-this-bullshit dept
Another day, another bad bill. Just as we're coming to terms with the EARN IT Act moving forward in Congress, three Senators -- Lindsey Graham, Tom Cotton, and Marsha Blackburn -- have announced a direct attack on encryption. The full bill is here. It's 51 pages of insanity that would effectively destroy privacy and security on the internet. This is five-alarm fire bad.
For what it's worth, Graham is also a co-sponsor of the EARN IT Act, which makes me wonder if he's going to agree to an amendment of EARN IT that keeps encryption out of it while pushing this bill instead. That's now the rumor making the rounds, and I even received a press release from an anti-porn activist group supporting this bill because they think it will help clarify that EARN IT won't end encryption (none of that makes sense to me either, but...)
The announcement of the bill includes all the usual "think of the children" nonsense, claiming that we can't have encryption because some bad people might use it for bad stuff. The press release summarizes what they claim the bill will do:
Highlights of the Lawful Access to Encrypted Data Act:
- Enables law enforcement to obtain lawful access to encrypted data.
- Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.
- In addition, it allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation.
- The Attorney General is prohibited from issuing a directive with specific technical steps for implementing the required capabilities.
- Anyone issued a directive may appeal in federal court to change or set aside the directive.
- The Government would be responsible for compensating the recipient of a directive for reasonable costs incurred in complying with the directive.
Incentivizes technical innovation.
- Directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security.
Promotes technical and lawful access training and provides real-time assistance.
- Funds a grant program within the Justice Department’s National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations.
In short, this basically says "break encryption, but we won't tell you how." We're right back to "nerd harder" except that this time it's "nerd harder, or you're breaking the law."
Attorney General Barr statement: "I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access."
— Sean Lyngaas (@snlyngaas) June 23, 2020
The problems with this should be evident from all the times we've discussed this before, so I'm really not interested in going over it all again. But the quick summary: installing a "backdoor" or "lawful access" to encrypted communications is not a simple technical problem. As cryptography expert Matt Blaze once said, it's like saying "well, if you can land a man on the moon, why can't you land a man on the sun." A backdoor to encryption literally breaks the encryption and opens up a huge host of other problems, none of which are readily solvable. Instead, you just find more and more problems, each of which makes everyone less secure.
The actual text of the bill is even worse than the summary. It's crazy long so I won't do a full breakdown here, but will call out a few scary, scary bits. The key part is that this basically requires the end of encryption. While there is some language early on about it not applying if "technically impossible," there is other language that more or less cancels that out. Specifically, it requires Apple and other large device sellers to backdoor encryption. It is not an option, but a requirement:
DEVICE MANUFACTURERS.—A device manufacturer that sold more than 1,000,000 consumer electronic devices in the United States in 2016 or any calendar year thereafter, or that has received an assistance capability directive under section 3513, shall ensure that the manufacturer has the ability to provide the assistance described in subsection (b)(2) for any consumer electronic device that the manufacturer—
‘‘(A) designs, manufactures, fabricates, or assembles; and ‘‘(B) intends for sale or distribution in the United States.
So, if you sell more than a million consumer electronic devices in the US, you are required to make sure they have backdoors. That's... going to be a LOT of backdoors. Every Alexa device. Every smart TV. And, of course, every phone. That's devices. How about apps and services? More of the same:
PROVIDERS OF REMOTE COMPUTING SERVICE; OPERATING SYSTEM PROVIDERS.—A provider of remote computing service or operating system provider that provided service to more than 1,000,000 subscribers or users in the United States in 2016 or any calendar year thereafter, or that has received an assistance capability directive under section 3513, shall ensure that the provider has the ability to provide the assistance described in subparagraphs (A) and (B) of subsection (b)(2) for any remotely stored data that the provider processes or stores.
That's... a lot of websites that will be barred from using real end-to-end encryption. The "shall ensure" part is what should scare everyone.
That's still talking about data stored on those servers though. As for "data in motion" again, services will have to provide backdoors under this bill. The reference to "technically impossible" only seems to apply to "independent actions of an unaffiliated entity that make it technically impossible to do". So, the only way to avoid having to break encryption on your own services is to... outsource it to an unaffiliated entity who can make it impossible for you to break the encryption?
As for messaging services: again, the bill "shall ensure" assistance:
A provider of wire or electronic communication service that had more than 1,000,000 monthly active users in the United States in January 2016 or any month thereafter, or has received an assistance capability directive under section 3513, shall ensure that the provider has the ability to provide the information, facilities, and technical assistance described in section 2518(4).
And it gets worse. The bill allows the Attorney General to order someone to break encryption:
If a person fails to comply with a directive issued under subsection (b), the Attorney General may file a petition for an order to compel the person to comply with the directive in the United States District Court for the District of Columbia, which shall have jurisdiction to review the petition.
There's also a giant "NERD HARDER" section, which explains Bill Barr's comments above. Basically it creates a contest, run by the Attorney General, to create a type of backdoored encryption where the Attorney General and his hand-picked judges will determine which technology wins. And by "wins" I mean loses, because that technology will be broken in no time at all, putting everyone at risk.
This whole thing is so incredibly dangerous, and it's not even clear that encryption is a real problem for law enforcement. The basic cost-benefit analysis here is that this law would put everyone, and all our communications, at risk of attack, for a possible benefit in a tiny number of cases, where there remains no evidence that a backdoor would have helped stop any crime. I can't see how the tradeoff is worth it, and any elected official pushing this nonsense should be asked to explain how they weigh these costs and benefits. And if they answer like Bill Barr by saying "smart techies can figure it out" they should have their views discounted for being idiots.
Meanwhile, the press release leads off with quotes from the three sponsors, all of which are head-bangingly wrong, but designed to do the usual tugging at the emotional strings rather than any actual recognition of what they're pushing here:
“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks,” said Graham.
There remains little evidence that terrorists have been able to communicate without law enforcement being able to access the info. Remember, the FBI flat out lied about how many devices it had in its possession that it couldn't get into, and has since refused to give an updated number (despite multiple requests). At the same time, every time the FBI does come out and point to a situation where it can't get into a phone, a few months later, they seem to admit that, well, actually, there was a technology that let them get in.
On top of that, we've discussed how law enforcement and the FBI have access to so much other information thanks to social media, and various open source intelligence tools, that the idea that they need to attack encryption is just ridiculous.
And that leaves out something else too: if we put backdoors into encryption, guess what will become a huge target for "terrorists and criminals"? That's right: all of our communications.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said Cotton.
This is just a joke. The internet is not "lawless" and there's no indication of increased criminal activity, nor any evidence that law enforcement cannot solve crimes because of encryption or the internet. This bill won't ensure anything other than opening up a new avenue for terrorists and criminals to terrorize.
“User privacy and public safety can and should work in tandem. What we have learned is that in the absence of a lawful warrant application process, terrorists, drug traffickers and child predators will exploit encrypted communications to run their operations,” said Blackburn.
Yes, user privacy and public safety do work in tandem. But you know would would ruin that? Breaking encryption and throwing both of those things into the gutter.
This bill should be trashed and these three Senators (and the Attorney General) deserve mockery for a technically ignorant, totally clueless and dangerous bill that would harm Americans and destroy both privacy and security, because some law enforcement agencies are too lazy to do their jobs. Frankly, the intelligence community should come out screaming about this bill as well, as they know full well how much more dangerous this will make their own work. This is a ridiculous attack on the internet.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, doj, earn it, encryption, fbi, going dark, laed, lindsey graham, marsha blackburn, tom cotton, william barr
Reader Comments
Subscribe: RSS
View by: Time | Thread
Dear Senate
You first. Break encryption on every method of communication that is used for official and unofficial use for the House and Senate. After a year of being able to review all of the important things that they are doing and verifying that it works without a problem, then consider rolling it out to the rest of us.
We have a thing called the constitution and it is there to keep this kind of law from being passed. You would have to amend that for any of these arguments to be at all valid.
[ link to this | view in chronology ]
Re: Dear Senate
Lets see..
I agree, but lets keep asking...PENTAGON..
Whats the Bitch here? They want it, they can have it..
All laws are for Everyone? Correct?
So now you have A fully uncensored, unencoded Internet..
But only WHO can look at it to find the crooks?
We now have Open documents on banks, Corps and Our medical data.(most of which seem to have already been hacked, By Whom?)
Are you going to trace every Bank account? Why for anyone except the corps and rich? But that wont include international banking Will it? And Did you encrypt that Military Channel that has all the Unencrypted data YET?? That some person was arrested for sharing?
What NEEDS to be encrypted to HELP the internet work?
GAMES. And corp data?
Most of the encoding used to make things Compacted has already been broken. Including Bluetooth and Wifi and even Cellphones.
The amounts of data you are going to see, is soooo huge, it would take 3-5 years to sort, for 1 days data(if everything is included). And Unless you are looking at Specific location and persons... None of it will make sense.
This isnt
anti terrorist
Anti Child porn
Anti Sex worker
This is a bunch of Dumb people thinking that its Possible. And have no idea of whats needed. Go ask google about YT. Go ask Amazon how much data is sent back and forth. Then lets ask what would Stop anyone from hacking the WHOLE THING, and Spamming the USA.
Or..
Is there another reason. That with all this OPEN data, that we would need a NEW Identification system?
A new way to Bag and Tag every citizen so we can find Any/all those that are illegal? trespassing on USA soil?
Anyone want to move to Chine or N. Korea?? at least we know where we stand and no one is lying to us..
[ link to this | view in chronology ]
Re: Dear Senate
YOU CANT RUN A CAPITALIST COUNTRY THAT WAY...
[ link to this | view in chronology ]
Despite some people insisting otherwise, no evidence have been presented that would credibly suggest that children can actually be abused via encryption.
[ link to this | view in chronology ]
Re:
I don't know about that. Ever since that creep encrypted little Jimmy, we haven't been able to tell if he has been abused. Now, if there was a backdoor, we could have gotten him back in the house safe and sound.
[ link to this | view in chronology ]
As government demands for information are not always lawful, that will be quite a trick to achieve.
[ link to this | view in chronology ]
"For the Children": I demand you burn out the brain cells that let you do math.
/s
[ link to this | view in chronology ]
So... HTTPS?
So... data in motion... they also want to break HTTPS? But... how tho... That is a standard that has so many moving pieces that prevent a man-in-the-middle attack... and they want to redesign it to allow a blue-man-in-the-middle-attack?
Like... my brain is melting trying to figure out how you do it without completely rewriting every security protocol we've developed over the last 40 years...
You have things like sRTP, RDP, database protocols.... there's so many things that 'go over the internet' that you can't readily hand over to the man in blue... hell, even if you did, it wouldn't mean that they would understand it or even use it. More than likely be chucked into the bit bucket and never looked at... but at least they now can tell which SQL query that terrorist ran!
[ link to this | view in chronology ]
Re: So... HTTPS?
Like... my brain is melting trying to figure out how you do it without completely rewriting every security protocol we've developed over the last 40 years...
That's easy, 'Nerd harder, or else'.
Anything is easy when you don't have to do it.
[ link to this | view in chronology ]
Re: So... HTTPS?
"Like... my brain is melting trying to figure out how you do it "
Your first mistake. Those writing these bills haven't considered how it is to be done. They just want to have the ability to attack the tech industry if actual magic is not achieved.
[ link to this | view in chronology ]
How likely is this bill and the EARN IT Act to pass?
[ link to this | view in chronology ]
Re:
I’d say that Earn It has a better chance of passing compared to this Encryption-Killer. Mainly because Earn it has bi-partisan support (how broad the support is will be determined in the future, if at all) and had time garner that support. This Encryption-Killer is just recently introduced and it looks like it’s more apprealing to the Republicans than to Democrats. Because if so, then it could potentially pass the senate, but it could be more challenging to pass through the house.
Personal Note: I’d give credit with Bluthmetal that at least, it appears that he’s willing to make some significant changes to the Earn It act so it could have less of a devastating impact. This bill is like the Earn It Act, but even less subtle and more transparent about creating a constitutional mess.
[ link to this | view in chronology ]
Re:
If you have been paying attention to world governments for the past few years, you would know that they have no problem in competing with each other for the coveted "Cognitive Dissonance in Action" trophy - they would (and probably will) pass diametrically opposed legislation bills that both mandate and forbid the same action. Each with heavy fines for failure to accomplish the desired outcomes. This enables them to sue into oblivion those entities who just don't contribute sufficiently to their campaigns.
[ link to this | view in chronology ]
Re: Re:
From my perspective the competition is for 'The Most Authoritarian Government'. Where your aptly named "Cognitive Dissonance in Action" will come in is when authoritarianism is the operating standard for all governments worldwide and those in power desire more power then they will surprise, surprise, inevitably start eating other governments. But the real surprise then will be who will become not authoritarian of the year, but who will become authoritarian in the world. There can be only one!
[ link to this | view in chronology ]
So let's visit this Fanasyland where they have a backdoor encryption system that they have forced everyone to use and no one uses something that isn't broken.
First problem will be leakage of the magic key that allows access. It will happen, it will be abused.
Second, you will have two groups going after this magic key, they will be relentless. Of the two groups, you better hope the hackers do it first, at least then you will have some notice about it being popped wide open before it is too late. if the other group gets it first, by the time you find out the criminals have the key, it will be too late.
Either way this is nothing more than a bad bill presented by people that brag about how little they know.
[ link to this | view in chronology ]
Re: leakage
[ link to this | view in chronology ]
What will the children say?
Tech companies routinely aid criminals and terrorists by making it impossible to retrieve what they say when they are not on the phone. If you believe the arguments made in favor of this act, shouldn't it also require that tech companies stop turning off the microphones on devices—phones, tvs, …—when no call is made?
I'm a little afraid to say this for fear some senator will try to add it to the bill.
[ link to this | view in chronology ]
Won't
That also apply to police and military gear too?
Also, how would they keep the password from encryption and backdoors secret? we already have tons of breaches and leaks. And how will law enforcement access be regulated? We already had people scamming out law enforcement only data. And won't bad state actors also go after this? I mean....won't the evil evil chinese hackers try to pressure? and will they also keep companies who offer thse services afloat? will they be forbidden from employing non US people? as we see with cops, and what they say, only takes one bad apple, or one leaker. If snowden was able to walk away with all that data, and we lost NSA hackign tools, how can they assure that back door access won't leave?
[ link to this | view in chronology ]
what about online banking
or HIPPA medical data
[ link to this | view in chronology ]
E̵̻̓̍̾͘n̶̨̥̓͆͝c̴͚̻̦͒͛̆̀ṛ̸͇͊ÿ̶̺͓́͝p
"You can't say anything unless we know the language spoken." - US Gov.
[ link to this | view in chronology ]
It's like PGP all over again - the US will have crippled encryption and the rest of the world will just get on with it.
Except... Australia already has a similar, equally dumb law and the UK would be all over this in a heartbeat if they thought they could get away with it
That would mean 3 of the 5Eyes would have unfettered access to their civilian's private communication. It's a slippery slope!
[ link to this | view in chronology ]
Why stop with communications?
Minor edits - why stop with encryption? Let's require every vehicle manufacturer to give police the ability to immobilize the vehicle - after getting an appropriate court order, of course.
“Terrorists and criminals routinely use transportation, whether cars, buses, scooters, or other means, to coordinate and carry out their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where terrorists were able to flee, even after a court order was issued. Unfortunately, transportation companies have refused to honor these court orders to disable movement, and assist law enforcement in their pursuit. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to immobilize suspects' vehicles to assist in their capture. Our legislation respects and protects the transportation rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to use transportation to get to, or flee from, their criminal activities,” said Graham.
[ link to this | view in chronology ]
Re: Why stop with communications?
Attorney General Barr statement: "I am confident that our world-class window and construction material manufacturers can engineer secure products that are only transparent to on-duty law enforcement."
I mean, if its just nerd harder...
[ link to this | view in chronology ]
Re: Why stop with communications?
It has been my experience that every criminal act in the history of mankind has been committed by a living individual. Clearly the problem is living, if we just kill every human on the planet the problem is solved. No more crime. Simple.
[ link to this | view in chronology ]
Re: Why stop with communications?
Why not? The police already has the ability ban access to oxygen without a warrant. Surely, banning anything else is perfectly reasonable..... in a third world shithole like the US.
[ link to this | view in chronology ]
Sounds like a boon for small businesses!
Looks like it's time for me to start my own cell phone company, and app company, that limits sales to 999,999 devices per year, and allow no more than 999,999 users.
Or, big brain time; franchise it! Have 9,999 different Facebook companies in the US, all capable of interconnecting to each other, but each separated by the first four digits of a person's phone number.
[ link to this | view in chronology ]
Aside from the normal clueless tech babble, this is why other countries laugh at us.Do they really think that any Syrian or Iranian jihadist buys his gear at the Apple store in downtown Dubuque? The tone deaf US-centric attitude here is mind blowing. It's basically lawmakers saying that what we say goes, and devices manufactured outside of the US, which is a considerable footprint to be sure, just don't count, or even exist.
What's even scarier is that those lawmakers have seen the headway that countries like France have made in trying to enforce their laws on the world, and they want in on that action.
Combine that with a president and his party, whose entire worldview consists of "us vs them", both foreign and domestic, and we'll be a political island separate from the rest of the world in no time.
From Silicon Valley v. DC, all the way up to global superpowers, we will never have a society envisioned in overly optimistic science fiction because we'll never be able to come together as a people and work with each other.
[ link to this | view in chronology ]
Re:
See, your first mistake is in making the assumption that they're telling us the real reason for trying to get this through.
[ link to this | view in chronology ]
Fascists
Fascists control the white house, the courts, and half of congress. I can't wait for the Neoliberals to sell us out to them with this bill.
[ link to this | view in chronology ]
Way to drive Windows out of existence. People will just use "alternative" operating systems....
OR Microsoft will have to create a non-US version of Windows with encryption so like the people in china, Americans can download and install it.
[ link to this | view in chronology ]
Ever Reaching implications
I do not live in the USA, but i purchases electronic devices that are manufactured by US companies, eg: Apple and Android devices. This new legislation is utter nonsense.The United States government basically says "Nerd Harder" and my security goes down the drain. And I don't even live in the USA!!!
Hopefully I'll be able to send them the bill when the banking app on my cellphone is compromised and my accounts are emptied.
But you know....it's all for the greater good after all.
The Canadian government has made equally dumb decisions, but I do believe this one takes the proverbial cake.
[ link to this | view in chronology ]
Re: Ever Reaching implications
If this does pass, I think a lot of people will no longer be buying or using American services.
[ link to this | view in chronology ]
i'll bet everything these Senators send/receive will be FULLY ENCRYPTED! the only reason that they want encryption banned is so they can know exactly what every one of us is doing while no one knows what the fuck any of them are doing! when you consider the ratio of how many of us are actually criminal or engaged in criminal activity/trying to hide something compared to how many of them are up to no good, self-preserving, self-serving and actually engaged in 'trying to hide everything about themselves/what they are up to', that ratio is actually VERY FRIGHTENING!! and this bullshit about law enforcement not finding perpetrators because of encryption is exactly that, BULLSHIT!!
[ link to this | view in chronology ]
Companion Bill
What we need for this is for someone to introduce a companion bill to this that requires all congressional offices, including bathrooms, to be built with glass that can be seen through by anyone with an oversight position, and a need to see into their office.
They are welcome to use glass that is opaque to everyone except those who are in said position and have a need to see into the office. The bill can also create a budget to offer prizes for someone who's able to make such glass!
Since it doesn't exist yet, they'll just have to use clear glass for now, but I'm sure someone will be able to invent impossible glass, because this will create a reason for them to do so!
[ link to this | view in chronology ]
But if the target is suspected of arson...
They apparently tracked down some girl based upon a shirt she was wearing and Etsy reviews but need broken encryption anyway? They see the system China has and want to figure out how to make one here.
[ link to this | view in chronology ]
This is purely down to DOJ interactions with Apple and other tech companies. Apple cooperated by providing iCloud data, telling them no, the devices cannot be unlocked. They want to bring Apple to heel. They don't like being told no.
Tech and Internet security, are, in fundamental ways, now national security. If encryption is properly implemented, we are all very safe in using online services. Everyone is secure, or, if this awful bill passes, no one is.
It might be fun to ask Barr et al, if they understand that their devices will also have a back door, a teenager in the Ukraine will hack it, read all their messages, and get all their documents. They'll splutter 'No! that's illegal! All our cases will be compromised!' but they will be just as subject to it as the rest of the country. 'According to your own law, we can't protect you from that.'
I'm smiling at the prospect of Apple remote bricking all 'noncompliant' devices for being illegal, including every one used by the DOJ and Congress. The one dark screen everyone sees afterward says 'Device locked per DOJ and Congress legislative action.' ooo, fun!
I'll be the one to post an old joke: If encryption is made illegal, only crimina...wipwrgvnoqs [l93ru483-02ufnojwdv0-234vmc0-qw3er0ijcn...
[ link to this | view in chronology ]
All encryption is equal, some encryption is more equal
It might be fun to ask Barr et al, if they understand that their devices will also have a back door, a teenager in the Ukraine will hack it, read all their messages, and get all their documents. They'll splutter 'No! that's illegal! All our cases will be compromised!' but they will be just as subject to it as the rest of the country. 'According to your own law, we can't protect you from that.'
Oh I guarantee you that the devices they use will have working encryption, it's only the peons that will be required to use broken encryption because obviously their privacy and security will remain sacrosanct, given how important they are you see.
[ link to this | view in chronology ]
What would it solve?
What in hell would this do??
Give us enough jobs in the WHOLE nation for 1/2 of us to monitor the other 1/2?
Think about a GAME/program that has to have an OPEN/Un-encoded Chat channel..
Even if they arent monitoring our Video watching. That is still allot of Txt, and audio to scan for Anything..
Who here thinks we have the tech and time to scan all the data?? The amount of processing of Audio/video/txt, including every game channel is huge. And part of the reason its not already done.
The installation installed in Utah, tends to fail allot. And how big of a City and cooling towers do you think you will need?..
[ link to this | view in chronology ]
As long as we're playing with words...
Since they seem to be so fond of playing with words in an attempt to sprinkle gold dust on a turd, I propose that any mention of encryption be swapped out with security and privacy, as that's what they are really going after.
Criminals aren't being protected by encryption, they are being protected by privacy.
Criminals aren't conversations outside the reach of the 'lawful authorities' because of encryption, they are doing so thanks to security.
Then, once that part is made clear, one need only point out that the exact same privacy and security that criminals are using are used by the general public, such that attacking privacy and security used by criminals by necessity attacks the privacy and security of the general public, meaning that far from harming criminals an attack on encryption is instead giving them the biggest gift possible, handing hundreds of millions of people to them on a silver platter.
And for those that don't give a damn about the privacy and security of the public(why hello politicians and DOJ/FBI) it should be pointed out that just about every industry involves encryption at some point, so crippling encryption will do massive damage to the economy, whether from companies smartly leaving the country to set up shop in places that actually care about security or from massive crime sprees and the damage from them.
[ link to this | view in chronology ]
This bill does not go far enough and should include physical locks on doors, containers, and vaults.
Lock manufacturers and property owners will be required to provide master key access to law enforcement when a warrant is obtained to search a property.
The Attorney General will create a prize competition for the creation of master keys that only work for law enforcement conducting lawful searches. Obviously master keys can be made for all locks that will never be duplicated, lost, stolen, or reverse engineered. Nerd harder.
All locks, safes, and vaults made or installed in the US will be subject to this law. All properties must comply including homes, businesses, gun lockers, stores, banks, prisons, armories, etc.
This way, law enforcement can stop terrorists and criminals without giving up privacy or security. For the children. /s
(Law does not apply outside of the USA)
[ link to this | view in chronology ]
Re:
Not needed. A physical object will break with enough force and time applied to it. Not so much for encryption. Of course, you could just find the idiot that deployed it and use a $5.00 wrench on them, but that would require actual police work, and of course the mice tend not to do things when they know they are being actively watched.
Honestly, I'm surprised that the corruption that the US Government even cares about maintaining face at this point. Everyone who is alive knows there's no level to which they won't stoop to get what they want. They should just block all encryption at Room 641A. If they can't read it, just send in the local goons to bust down doors and break some skulls. It's what they want, so why not? It's not like most people expect better of them.
As a side note, if you are one of those people who expects better of their government: Hi. What's it like to live in a country that respects it's citizens? More importantly: Where is it, and what is the name of it?
[ link to this | view in chronology ]
Many politicians think they possess a magic wand that can be waved about creating legislation that will solve all of our problems, at least that is what they want you to think.
I'm sure this bill will fix everything just like they claim.
[ link to this | view in chronology ]
Meh. We already have a President and a DOJ who have incontrovertibly demonstrated themselves to be deadly enemies of the American people. Why not a Senate as well?
Who would've guessed that the Second American Civil War would be the central government rebelling against the people?
[ link to this | view in chronology ]
One thing police cannot do, under any circustance, even under Earn it, is force you to unlock your encrypted phone. That would violate the 5th amendment
I have my phone not only encrypted, but also have a mode set on it where if there are 15 failed password attempts, the phone automatically wipes itself and cannot be used again until you enter your Google password
That is what makes Android superior to iPhone. iPhones do not have that insane security level.
[ link to this | view in chronology ]
Re:
They're working on it.
[ link to this | view in chronology ]
Re: Re:
And if you arrested, for, say, obstructing justice for refusing to give your password, just post bail, then flee the country to avoid avoid prosecution
[ link to this | view in chronology ]
Re:
Yeah, that's... not quite true.
Various cases have come down on either side of that question, some claiming(correctly as I see it) that forcing someone to unlock a device is a violation of the fifth amendment in that it forces you to provide potentially incriminating evidence, while others have twisted themselves in knots to claim otherwise.
[ link to this | view in chronology ]
If Calexit ever happens, and Calfornia were becomes three countries, one of them being the Republic Of Silicon Valley, services in that country would not have to obey US laws.
Google, for example, being in the Republic Of Silicon Valley would have only have to obey Siliconian law, the same thing with Apple, YouTube, and other tech firms that wuold be in the new country.
California woulde likely become three countries, it CalExit happens, california (Capital Sacramento), Jefferson (Capital Redding) and the Republic Of Silicon Valley (Capital San Francisco)
Tech firms in the Republic Of Silicon Valley would not have to comply with any US laws, even with users in the USA. The United States Government would have no jurisdiction in the Republic Of Silicon Valley.
[ link to this | view in chronology ]
One thing this obviously does not to is outlaw private VPNs, that is probably outlaws public ones.
So you could set your own private server for your own use.
I do that whenever I take a road trip to Mexico, so that I can listen to my iHeart playlists when I am down there. Just tell my phone to connect to my VPN at home and it will look to iHeart like I am on my own home computer, and iHeart is never the wiser.
And no, this does not break any USA or Mexico laws.
[ link to this | view in chronology ]
At least this bill is not like Oxley-Mantion in 1998, in that it does not criminalize the users, just the providers of encryption
[ link to this | view in chronology ]
Re:
Oh that comes next, once you've made it illegal for US companies to offer encryption that actually works and the public shifts to foreign encryption as a result then you make it illegal to have working encryption, since clearly only a criminal would care about security and privacy.
(I wish I was joking or being sarcastic but if someone is that rabidly against security and privacy then allowing people to use encryption simply is not an option, such that unless reigned in it's only a matter of time until merely using encryption if you're not rich and/or powerful becomes a crime.)
[ link to this | view in chronology ]
As someone who has taught mathematics for over half a century I can find no parallel to this and am a loss to find similar foolishness. It seems vaguely analogous to our flailing attempt(s) to control the pandemic, without consulting Mother Nature, as wildly far-fetched as that may be.
We seek an unbreakable asynchronous method to hide a quantity, but then want to be able, only in the most strident of circumstances, to break that very method? And, of course, it should only be unbreakable by 'good' people with 'good' intentions?
Any student of mine who came to me with that objective, challenge, or call it whatever the hell you wish, would not pass my class.
Perhaps I should retire?
[ link to this | view in chronology ]
The might make encryption more inconvenient and compromise many legitimate uses for it, but they can't stop it. On the other hand, this "Earn it" shit might be good for creating a cottage industry for people out of work to create apps. With lots of choices shared among groups of people using the same app, it will be a lot harder to find weaknesses in all of them than find a weakness in a more or less universal app. Sure, you'll be limited to people using the same app, but at least you won't be trusting facebook or whatever to do it for you.
[ link to this | view in chronology ]