Senators Launch Full On Nuclear War Against Encryption: Bill Will Require Broken Encryption, Putting Everyone At Risk

from the stop-pushing-this-bullshit dept

Another day, another bad bill. Just as we're coming to terms with the EARN IT Act moving forward in Congress, three Senators -- Lindsey Graham, Tom Cotton, and Marsha Blackburn -- have announced a direct attack on encryption. The full bill is here. It's 51 pages of insanity that would effectively destroy privacy and security on the internet. This is five-alarm fire bad.

For what it's worth, Graham is also a co-sponsor of the EARN IT Act, which makes me wonder if he's going to agree to an amendment of EARN IT that keeps encryption out of it while pushing this bill instead. That's now the rumor making the rounds, and I even received a press release from an anti-porn activist group supporting this bill because they think it will help clarify that EARN IT won't end encryption (none of that makes sense to me either, but...)

The announcement of the bill includes all the usual "think of the children" nonsense, claiming that we can't have encryption because some bad people might use it for bad stuff. The press release summarizes what they claim the bill will do:

Highlights of the Lawful Access to Encrypted Data Act:

  • Enables law enforcement to obtain lawful access to encrypted data.
  • Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.
  • In addition, it allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation.

  • The Attorney General is prohibited from issuing a directive with specific technical steps for implementing the required capabilities.
  • Anyone issued a directive may appeal in federal court to change or set aside the directive.
  • The Government would be responsible for compensating the recipient of a directive for reasonable costs incurred in complying with the directive.

  • Incentivizes technical innovation.
    • Directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security.
  • Promotes technical and lawful access training and provides real-time assistance.
    • Funds a grant program within the Justice Department’s National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations.

    In short, this basically says "break encryption, but we won't tell you how." We're right back to "nerd harder" except that this time it's "nerd harder, or you're breaking the law."

    The problems with this should be evident from all the times we've discussed this before, so I'm really not interested in going over it all again. But the quick summary: installing a "backdoor" or "lawful access" to encrypted communications is not a simple technical problem. As cryptography expert Matt Blaze once said, it's like saying "well, if you can land a man on the moon, why can't you land a man on the sun." A backdoor to encryption literally breaks the encryption and opens up a huge host of other problems, none of which are readily solvable. Instead, you just find more and more problems, each of which makes everyone less secure.

    The actual text of the bill is even worse than the summary. It's crazy long so I won't do a full breakdown here, but will call out a few scary, scary bits. The key part is that this basically requires the end of encryption. While there is some language early on about it not applying if "technically impossible," there is other language that more or less cancels that out. Specifically, it requires Apple and other large device sellers to backdoor encryption. It is not an option, but a requirement:

    DEVICE MANUFACTURERS.—A device manufacturer that sold more than 1,000,000 consumer electronic devices in the United States in 2016 or any calendar year thereafter, or that has received an assistance capability directive under section 3513, shall ensure that the manufacturer has the ability to provide the assistance described in subsection (b)(2) for any consumer electronic device that the manufacturer—

    ‘‘(A) designs, manufactures, fabricates, or assembles; and ‘‘(B) intends for sale or distribution in the United States.

    So, if you sell more than a million consumer electronic devices in the US, you are required to make sure they have backdoors. That's... going to be a LOT of backdoors. Every Alexa device. Every smart TV. And, of course, every phone. That's devices. How about apps and services? More of the same:

    PROVIDERS OF REMOTE COMPUTING SERVICE; OPERATING SYSTEM PROVIDERS.—A provider of remote computing service or operating system provider that provided service to more than 1,000,000 subscribers or users in the United States in 2016 or any calendar year thereafter, or that has received an assistance capability directive under section 3513, shall ensure that the provider has the ability to provide the assistance described in subparagraphs (A) and (B) of subsection (b)(2) for any remotely stored data that the provider processes or stores.

    That's... a lot of websites that will be barred from using real end-to-end encryption. The "shall ensure" part is what should scare everyone.

    That's still talking about data stored on those servers though. As for "data in motion" again, services will have to provide backdoors under this bill. The reference to "technically impossible" only seems to apply to "independent actions of an unaffiliated entity that make it technically impossible to do". So, the only way to avoid having to break encryption on your own services is to... outsource it to an unaffiliated entity who can make it impossible for you to break the encryption?

    As for messaging services: again, the bill "shall ensure" assistance:

    A provider of wire or electronic communication service that had more than 1,000,000 monthly active users in the United States in January 2016 or any month thereafter, or has received an assistance capability directive under section 3513, shall ensure that the provider has the ability to provide the information, facilities, and technical assistance described in section 2518(4).

    And it gets worse. The bill allows the Attorney General to order someone to break encryption:

    If a person fails to comply with a directive issued under subsection (b), the Attorney General may file a petition for an order to compel the person to comply with the directive in the United States District Court for the District of Columbia, which shall have jurisdiction to review the petition.

    There's also a giant "NERD HARDER" section, which explains Bill Barr's comments above. Basically it creates a contest, run by the Attorney General, to create a type of backdoored encryption where the Attorney General and his hand-picked judges will determine which technology wins. And by "wins" I mean loses, because that technology will be broken in no time at all, putting everyone at risk.

    This whole thing is so incredibly dangerous, and it's not even clear that encryption is a real problem for law enforcement. The basic cost-benefit analysis here is that this law would put everyone, and all our communications, at risk of attack, for a possible benefit in a tiny number of cases, where there remains no evidence that a backdoor would have helped stop any crime. I can't see how the tradeoff is worth it, and any elected official pushing this nonsense should be asked to explain how they weigh these costs and benefits. And if they answer like Bill Barr by saying "smart techies can figure it out" they should have their views discounted for being idiots.

    Meanwhile, the press release leads off with quotes from the three sponsors, all of which are head-bangingly wrong, but designed to do the usual tugging at the emotional strings rather than any actual recognition of what they're pushing here:

    “Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks,” said Graham.

    There remains little evidence that terrorists have been able to communicate without law enforcement being able to access the info. Remember, the FBI flat out lied about how many devices it had in its possession that it couldn't get into, and has since refused to give an updated number (despite multiple requests). At the same time, every time the FBI does come out and point to a situation where it can't get into a phone, a few months later, they seem to admit that, well, actually, there was a technology that let them get in.

    On top of that, we've discussed how law enforcement and the FBI have access to so much other information thanks to social media, and various open source intelligence tools, that the idea that they need to attack encryption is just ridiculous.

    And that leaves out something else too: if we put backdoors into encryption, guess what will become a huge target for "terrorists and criminals"? That's right: all of our communications.

    “Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said Cotton.

    This is just a joke. The internet is not "lawless" and there's no indication of increased criminal activity, nor any evidence that law enforcement cannot solve crimes because of encryption or the internet. This bill won't ensure anything other than opening up a new avenue for terrorists and criminals to terrorize.

    “User privacy and public safety can and should work in tandem. What we have learned is that in the absence of a lawful warrant application process, terrorists, drug traffickers and child predators will exploit encrypted communications to run their operations,” said Blackburn.

    Yes, user privacy and public safety do work in tandem. But you know would would ruin that? Breaking encryption and throwing both of those things into the gutter.

    This bill should be trashed and these three Senators (and the Attorney General) deserve mockery for a technically ignorant, totally clueless and dangerous bill that would harm Americans and destroy both privacy and security, because some law enforcement agencies are too lazy to do their jobs. Frankly, the intelligence community should come out screaming about this bill as well, as they know full well how much more dangerous this will make their own work. This is a ridiculous attack on the internet.

    Hide this

    Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

    Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

    While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

    –The Techdirt Team

    Filed Under: backdoors, doj, earn it, encryption, fbi, going dark, laed, lindsey graham, marsha blackburn, tom cotton, william barr


    Reader Comments

    Subscribe: RSS

    View by: Time | Thread


    1. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:31am

      Dear Senate

      You first. Break encryption on every method of communication that is used for official and unofficial use for the House and Senate. After a year of being able to review all of the important things that they are doing and verifying that it works without a problem, then consider rolling it out to the rest of us.

      We have a thing called the constitution and it is there to keep this kind of law from being passed. You would have to amend that for any of these arguments to be at all valid.

      link to this | view in thread ]

    2. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:37am

      The announcement of the bill includes all the usual "think of the children" nonsense, claiming that we can't have encryption because some bad people might use it for bad stuff.

      Despite some people insisting otherwise, no evidence have been presented that would credibly suggest that children can actually be abused via encryption.

      link to this | view in thread ]

    3. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:38am

      Attorney General Barr statement: "I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access."

      As government demands for information are not always lawful, that will be quite a trick to achieve.

      link to this | view in thread ]

    4. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:40am

      "For the Children": I demand you burn out the brain cells that let you do math.
      /s

      link to this | view in thread ]

    5. icon
      aerinai (profile), 24 Jun 2020 @ 9:45am

      So... HTTPS?

      So... data in motion... they also want to break HTTPS? But... how tho... That is a standard that has so many moving pieces that prevent a man-in-the-middle attack... and they want to redesign it to allow a blue-man-in-the-middle-attack?

      Like... my brain is melting trying to figure out how you do it without completely rewriting every security protocol we've developed over the last 40 years...

      You have things like sRTP, RDP, database protocols.... there's so many things that 'go over the internet' that you can't readily hand over to the man in blue... hell, even if you did, it wouldn't mean that they would understand it or even use it. More than likely be chucked into the bit bucket and never looked at... but at least they now can tell which SQL query that terrorist ran!

      link to this | view in thread ]

    6. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:49am

      How likely is this bill and the EARN IT Act to pass?

      link to this | view in thread ]

    7. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:55am

      So let's visit this Fanasyland where they have a backdoor encryption system that they have forced everyone to use and no one uses something that isn't broken.
      First problem will be leakage of the magic key that allows access. It will happen, it will be abused.
      Second, you will have two groups going after this magic key, they will be relentless. Of the two groups, you better hope the hackers do it first, at least then you will have some notice about it being popped wide open before it is too late. if the other group gets it first, by the time you find out the criminals have the key, it will be too late.

      Either way this is nothing more than a bad bill presented by people that brag about how little they know.

      link to this | view in thread ]

    8. icon
      myriad (profile), 24 Jun 2020 @ 10:02am

      What will the children say?

      Tech companies routinely aid criminals and terrorists by making it impossible to retrieve what they say when they are not on the phone. If you believe the arguments made in favor of this act, shouldn't it also require that tech companies stop turning off the microphones on devices—phones, tvs, …—when no call is made?

      I'm a little afraid to say this for fear some senator will try to add it to the bill.

      link to this | view in thread ]

    9. identicon
      Kitsune106, 24 Jun 2020 @ 10:04am

      Won't

      That also apply to police and military gear too?
      Also, how would they keep the password from encryption and backdoors secret? we already have tons of breaches and leaks. And how will law enforcement access be regulated? We already had people scamming out law enforcement only data. And won't bad state actors also go after this? I mean....won't the evil evil chinese hackers try to pressure? and will they also keep companies who offer thse services afloat? will they be forbidden from employing non US people? as we see with cops, and what they say, only takes one bad apple, or one leaker. If snowden was able to walk away with all that data, and we lost NSA hackign tools, how can they assure that back door access won't leave?

      link to this | view in thread ]

    10. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:08am

      what about online banking
      or HIPPA medical data

      link to this | view in thread ]

    11. identicon
      TheDumberHalf, 24 Jun 2020 @ 10:13am

      E̵̻̓̍̾͘n̶̨̥̓͆͝c̴͚̻̦͒͛̆̀ṛ̸͇͊ÿ̶̺͓́͝p

      "You can't say anything unless we know the language spoken." - US Gov.

      link to this | view in thread ]

    12. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:20am

      It's like PGP all over again - the US will have crippled encryption and the rest of the world will just get on with it.

      Except... Australia already has a similar, equally dumb law and the UK would be all over this in a heartbeat if they thought they could get away with it
      That would mean 3 of the 5Eyes would have unfettered access to their civilian's private communication. It's a slippery slope!

      link to this | view in thread ]

    13. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:25am

      Re:

      Despite some people insisting otherwise, no evidence have been presented that would credibly suggest that children can actually be abused via encryption.

      I don't know about that. Ever since that creep encrypted little Jimmy, we haven't been able to tell if he has been abused. Now, if there was a backdoor, we could have gotten him back in the house safe and sound.

      link to this | view in thread ]

    14. identicon
      Burning woodchipper, 24 Jun 2020 @ 10:33am

      Why stop with communications?

      Minor edits - why stop with encryption? Let's require every vehicle manufacturer to give police the ability to immobilize the vehicle - after getting an appropriate court order, of course.

      “Terrorists and criminals routinely use transportation, whether cars, buses, scooters, or other means, to coordinate and carry out their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where terrorists were able to flee, even after a court order was issued. Unfortunately, transportation companies have refused to honor these court orders to disable movement, and assist law enforcement in their pursuit. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to immobilize suspects' vehicles to assist in their capture. Our legislation respects and protects the transportation rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to use transportation to get to, or flee from, their criminal activities,” said Graham.

      link to this | view in thread ]

    15. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:33am

      Re:

      I’d say that Earn It has a better chance of passing compared to this Encryption-Killer. Mainly because Earn it has bi-partisan support (how broad the support is will be determined in the future, if at all) and had time garner that support. This Encryption-Killer is just recently introduced and it looks like it’s more apprealing to the Republicans than to Democrats. Because if so, then it could potentially pass the senate, but it could be more challenging to pass through the house.

      Personal Note: I’d give credit with Bluthmetal that at least, it appears that he’s willing to make some significant changes to the Earn It act so it could have less of a devastating impact. This bill is like the Earn It Act, but even less subtle and more transparent about creating a constitutional mess.

      link to this | view in thread ]

    16. identicon
      Dr Smith, 24 Jun 2020 @ 10:42am

      Re:

      If you have been paying attention to world governments for the past few years, you would know that they have no problem in competing with each other for the coveted "Cognitive Dissonance in Action" trophy - they would (and probably will) pass diametrically opposed legislation bills that both mandate and forbid the same action. Each with heavy fines for failure to accomplish the desired outcomes. This enables them to sue into oblivion those entities who just don't contribute sufficiently to their campaigns.

      link to this | view in thread ]

    17. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:44am

      Sounds like a boon for small businesses!

      Looks like it's time for me to start my own cell phone company, and app company, that limits sales to 999,999 devices per year, and allow no more than 999,999 users.

      Or, big brain time; franchise it! Have 9,999 different Facebook companies in the US, all capable of interconnecting to each other, but each separated by the first four digits of a person's phone number.

      link to this | view in thread ]

    18. identicon
      Anonymous Coward, 24 Jun 2020 @ 10:47am

      Re: Why stop with communications?

      Attorney General Barr statement: "I am confident that our world-class window and construction material manufacturers can engineer secure products that are only transparent to on-duty law enforcement."

      I mean, if its just nerd harder...

      link to this | view in thread ]

    19. icon
      Tim R (profile), 24 Jun 2020 @ 11:00am

      Aside from the normal clueless tech babble, this is why other countries laugh at us.Do they really think that any Syrian or Iranian jihadist buys his gear at the Apple store in downtown Dubuque? The tone deaf US-centric attitude here is mind blowing. It's basically lawmakers saying that what we say goes, and devices manufactured outside of the US, which is a considerable footprint to be sure, just don't count, or even exist.

      What's even scarier is that those lawmakers have seen the headway that countries like France have made in trying to enforce their laws on the world, and they want in on that action.

      Combine that with a president and his party, whose entire worldview consists of "us vs them", both foreign and domestic, and we'll be a political island separate from the rest of the world in no time.

      From Silicon Valley v. DC, all the way up to global superpowers, we will never have a society envisioned in overly optimistic science fiction because we'll never be able to come together as a people and work with each other.

      link to this | view in thread ]

    20. icon
      Anonymous Anonymous Coward (profile), 24 Jun 2020 @ 11:06am

      Re: Re:

      From my perspective the competition is for 'The Most Authoritarian Government'. Where your aptly named "Cognitive Dissonance in Action" will come in is when authoritarianism is the operating standard for all governments worldwide and those in power desire more power then they will surprise, surprise, inevitably start eating other governments. But the real surprise then will be who will become not authoritarian of the year, but who will become authoritarian in the world. There can be only one!

      link to this | view in thread ]

    21. icon
      rangda (profile), 24 Jun 2020 @ 11:34am

      Re: Why stop with communications?

      It has been my experience that every criminal act in the history of mankind has been committed by a living individual. Clearly the problem is living, if we just kill every human on the planet the problem is solved. No more crime. Simple.

      link to this | view in thread ]

    22. identicon
      Anonymous Coward, 24 Jun 2020 @ 11:36am

      Fascists

      Fascists control the white house, the courts, and half of congress. I can't wait for the Neoliberals to sell us out to them with this bill.

      link to this | view in thread ]

    23. identicon
      Anonymous Coward, 24 Jun 2020 @ 11:36am

      Way to drive Windows out of existence. People will just use "alternative" operating systems....

      OR Microsoft will have to create a non-US version of Windows with encryption so like the people in china, Americans can download and install it.

      link to this | view in thread ]

    24. identicon
      Anonymous Coward, 24 Jun 2020 @ 11:43am

      Re:

      See, your first mistake is in making the assumption that they're telling us the real reason for trying to get this through.

      link to this | view in thread ]

    25. identicon
      Steve, 24 Jun 2020 @ 11:45am

      Ever Reaching implications

      I do not live in the USA, but i purchases electronic devices that are manufactured by US companies, eg: Apple and Android devices. This new legislation is utter nonsense.The United States government basically says "Nerd Harder" and my security goes down the drain. And I don't even live in the USA!!!

      Hopefully I'll be able to send them the bill when the banking app on my cellphone is compromised and my accounts are emptied.

      But you know....it's all for the greater good after all.

      The Canadian government has made equally dumb decisions, but I do believe this one takes the proverbial cake.

      link to this | view in thread ]

    26. identicon
      Anonymous Coward, 24 Jun 2020 @ 11:56am

      i'll bet everything these Senators send/receive will be FULLY ENCRYPTED! the only reason that they want encryption banned is so they can know exactly what every one of us is doing while no one knows what the fuck any of them are doing! when you consider the ratio of how many of us are actually criminal or engaged in criminal activity/trying to hide something compared to how many of them are up to no good, self-preserving, self-serving and actually engaged in 'trying to hide everything about themselves/what they are up to', that ratio is actually VERY FRIGHTENING!! and this bullshit about law enforcement not finding perpetrators because of encryption is exactly that, BULLSHIT!!

      link to this | view in thread ]

    27. identicon
      Anonymous Coward, 24 Jun 2020 @ 12:10pm

      Companion Bill

      What we need for this is for someone to introduce a companion bill to this that requires all congressional offices, including bathrooms, to be built with glass that can be seen through by anyone with an oversight position, and a need to see into their office.

      They are welcome to use glass that is opaque to everyone except those who are in said position and have a need to see into the office. The bill can also create a budget to offer prizes for someone who's able to make such glass!

      Since it doesn't exist yet, they'll just have to use clear glass for now, but I'm sure someone will be able to invent impossible glass, because this will create a reason for them to do so!

      link to this | view in thread ]

    28. icon
      That One Guy (profile), 24 Jun 2020 @ 12:23pm

      Re: So... HTTPS?

      Like... my brain is melting trying to figure out how you do it without completely rewriting every security protocol we've developed over the last 40 years...

      That's easy, 'Nerd harder, or else'.

      Anything is easy when you don't have to do it.

      link to this | view in thread ]

    29. icon
      ECA (profile), 24 Jun 2020 @ 12:27pm

      Re: Dear Senate

      Lets see..
      I agree, but lets keep asking...PENTAGON..
      Whats the Bitch here? They want it, they can have it..
      All laws are for Everyone? Correct?

      So now you have A fully uncensored, unencoded Internet..
      But only WHO can look at it to find the crooks?

      We now have Open documents on banks, Corps and Our medical data.(most of which seem to have already been hacked, By Whom?)

      Are you going to trace every Bank account? Why for anyone except the corps and rich? But that wont include international banking Will it? And Did you encrypt that Military Channel that has all the Unencrypted data YET?? That some person was arrested for sharing?

      What NEEDS to be encrypted to HELP the internet work?
      GAMES. And corp data?
      Most of the encoding used to make things Compacted has already been broken. Including Bluetooth and Wifi and even Cellphones.

      The amounts of data you are going to see, is soooo huge, it would take 3-5 years to sort, for 1 days data(if everything is included). And Unless you are looking at Specific location and persons... None of it will make sense.

      This isnt
      anti terrorist
      Anti Child porn
      Anti Sex worker

      This is a bunch of Dumb people thinking that its Possible. And have no idea of whats needed. Go ask google about YT. Go ask Amazon how much data is sent back and forth. Then lets ask what would Stop anyone from hacking the WHOLE THING, and Spamming the USA.
      Or..
      Is there another reason. That with all this OPEN data, that we would need a NEW Identification system?
      A new way to Bag and Tag every citizen so we can find Any/all those that are illegal? trespassing on USA soil?
      Anyone want to move to Chine or N. Korea?? at least we know where we stand and no one is lying to us..

      link to this | view in thread ]

    30. icon
      ECA (profile), 24 Jun 2020 @ 12:28pm

      Re: Dear Senate

      YOU CANT RUN A CAPITALIST COUNTRY THAT WAY...

      link to this | view in thread ]

    31. icon
      exixx (profile), 24 Jun 2020 @ 12:28pm

      But if the target is suspected of arson...

      They apparently tracked down some girl based upon a shirt she was wearing and Etsy reviews but need broken encryption anyway? They see the system China has and want to figure out how to make one here.

      link to this | view in thread ]

    32. identicon
      Anonymous Coward, 24 Jun 2020 @ 12:35pm

      This is purely down to DOJ interactions with Apple and other tech companies. Apple cooperated by providing iCloud data, telling them no, the devices cannot be unlocked. They want to bring Apple to heel. They don't like being told no.

      Tech and Internet security, are, in fundamental ways, now national security. If encryption is properly implemented, we are all very safe in using online services. Everyone is secure, or, if this awful bill passes, no one is.

      It might be fun to ask Barr et al, if they understand that their devices will also have a back door, a teenager in the Ukraine will hack it, read all their messages, and get all their documents. They'll splutter 'No! that's illegal! All our cases will be compromised!' but they will be just as subject to it as the rest of the country. 'According to your own law, we can't protect you from that.'

      I'm smiling at the prospect of Apple remote bricking all 'noncompliant' devices for being illegal, including every one used by the DOJ and Congress. The one dark screen everyone sees afterward says 'Device locked per DOJ and Congress legislative action.' ooo, fun!

      I'll be the one to post an old joke: If encryption is made illegal, only crimina...wipwrgvnoqs [l93ru483-02ufnojwdv0-234vmc0-qw3er0ijcn...

      link to this | view in thread ]

    33. icon
      ECA (profile), 24 Jun 2020 @ 12:35pm

      What would it solve?

      What in hell would this do??
      Give us enough jobs in the WHOLE nation for 1/2 of us to monitor the other 1/2?

      Think about a GAME/program that has to have an OPEN/Un-encoded Chat channel..
      Even if they arent monitoring our Video watching. That is still allot of Txt, and audio to scan for Anything..

      Who here thinks we have the tech and time to scan all the data?? The amount of processing of Audio/video/txt, including every game channel is huge. And part of the reason its not already done.
      The installation installed in Utah, tends to fail allot. And how big of a City and cooling towers do you think you will need?..

      link to this | view in thread ]

    34. icon
      That One Guy (profile), 24 Jun 2020 @ 12:39pm

      As long as we're playing with words...

      Since they seem to be so fond of playing with words in an attempt to sprinkle gold dust on a turd, I propose that any mention of encryption be swapped out with security and privacy, as that's what they are really going after.

      Criminals aren't being protected by encryption, they are being protected by privacy.

      Criminals aren't conversations outside the reach of the 'lawful authorities' because of encryption, they are doing so thanks to security.

      Then, once that part is made clear, one need only point out that the exact same privacy and security that criminals are using are used by the general public, such that attacking privacy and security used by criminals by necessity attacks the privacy and security of the general public, meaning that far from harming criminals an attack on encryption is instead giving them the biggest gift possible, handing hundreds of millions of people to them on a silver platter.

      And for those that don't give a damn about the privacy and security of the public(why hello politicians and DOJ/FBI) it should be pointed out that just about every industry involves encryption at some point, so crippling encryption will do massive damage to the economy, whether from companies smartly leaving the country to set up shop in places that actually care about security or from massive crime sprees and the damage from them.

      link to this | view in thread ]

    35. icon
      That One Guy (profile), 24 Jun 2020 @ 12:49pm

      All encryption is equal, some encryption is more equal

      It might be fun to ask Barr et al, if they understand that their devices will also have a back door, a teenager in the Ukraine will hack it, read all their messages, and get all their documents. They'll splutter 'No! that's illegal! All our cases will be compromised!' but they will be just as subject to it as the rest of the country. 'According to your own law, we can't protect you from that.'

      Oh I guarantee you that the devices they use will have working encryption, it's only the peons that will be required to use broken encryption because obviously their privacy and security will remain sacrosanct, given how important they are you see.

      link to this | view in thread ]

    36. identicon
      Zonker, 24 Jun 2020 @ 2:09pm

      This bill does not go far enough and should include physical locks on doors, containers, and vaults.

      Lock manufacturers and property owners will be required to provide master key access to law enforcement when a warrant is obtained to search a property.

      The Attorney General will create a prize competition for the creation of master keys that only work for law enforcement conducting lawful searches. Obviously master keys can be made for all locks that will never be duplicated, lost, stolen, or reverse engineered. Nerd harder.

      All locks, safes, and vaults made or installed in the US will be subject to this law. All properties must comply including homes, businesses, gun lockers, stores, banks, prisons, armories, etc.

      This way, law enforcement can stop terrorists and criminals without giving up privacy or security. For the children. /s

      (Law does not apply outside of the USA)

      link to this | view in thread ]

    37. identicon
      Anonymous Coward, 24 Jun 2020 @ 2:12pm

      Many politicians think they possess a magic wand that can be waved about creating legislation that will solve all of our problems, at least that is what they want you to think.

      I'm sure this bill will fix everything just like they claim.

      link to this | view in thread ]

    38. identicon
      bshock, 24 Jun 2020 @ 2:13pm

      Meh. We already have a President and a DOJ who have incontrovertibly demonstrated themselves to be deadly enemies of the American people. Why not a Senate as well?

      Who would've guessed that the Second American Civil War would be the central government rebelling against the people?

      link to this | view in thread ]

    39. identicon
      Anonymous Coward, 24 Jun 2020 @ 5:27pm

      One thing police cannot do, under any circustance, even under Earn it, is force you to unlock your encrypted phone. That would violate the 5th amendment

      I have my phone not only encrypted, but also have a mode set on it where if there are 15 failed password attempts, the phone automatically wipes itself and cannot be used again until you enter your Google password

      That is what makes Android superior to iPhone. iPhones do not have that insane security level.

      link to this | view in thread ]

    40. identicon
      Anonymous Coward, 24 Jun 2020 @ 5:37pm

      If Calexit ever happens, and Calfornia were becomes three countries, one of them being the Republic Of Silicon Valley, services in that country would not have to obey US laws.

      Google, for example, being in the Republic Of Silicon Valley would have only have to obey Siliconian law, the same thing with Apple, YouTube, and other tech firms that wuold be in the new country.

      California woulde likely become three countries, it CalExit happens, california (Capital Sacramento), Jefferson (Capital Redding) and the Republic Of Silicon Valley (Capital San Francisco)

      Tech firms in the Republic Of Silicon Valley would not have to comply with any US laws, even with users in the USA. The United States Government would have no jurisdiction in the Republic Of Silicon Valley.

      link to this | view in thread ]

    41. identicon
      Anonymous Coward, 24 Jun 2020 @ 5:40pm

      One thing this obviously does not to is outlaw private VPNs, that is probably outlaws public ones.

      So you could set your own private server for your own use.

      I do that whenever I take a road trip to Mexico, so that I can listen to my iHeart playlists when I am down there. Just tell my phone to connect to my VPN at home and it will look to iHeart like I am on my own home computer, and iHeart is never the wiser.

      And no, this does not break any USA or Mexico laws.

      link to this | view in thread ]

    42. identicon
      Anonymous Coward, 24 Jun 2020 @ 5:40pm

      Re:

      One thing police cannot do, under any circustance, even under Earn it, is force you to unlock your encrypted phone. That would violate the 5th amendment

      They're working on it.

      link to this | view in thread ]

    43. icon
      That One Guy (profile), 24 Jun 2020 @ 6:47pm

      Re:

      Yeah, that's... not quite true.

      Various cases have come down on either side of that question, some claiming(correctly as I see it) that forcing someone to unlock a device is a violation of the fifth amendment in that it forces you to provide potentially incriminating evidence, while others have twisted themselves in knots to claim otherwise.

      link to this | view in thread ]

    44. identicon
      Anonymous Coward, 24 Jun 2020 @ 8:42pm

      Re: Re:

      And if you arrested, for, say, obstructing justice for refusing to give your password, just post bail, then flee the country to avoid avoid prosecution

      link to this | view in thread ]

    45. icon
      PaulT (profile), 24 Jun 2020 @ 9:37pm

      Re: So... HTTPS?

      "Like... my brain is melting trying to figure out how you do it "

      Your first mistake. Those writing these bills haven't considered how it is to be done. They just want to have the ability to attack the tech industry if actual magic is not achieved.

      link to this | view in thread ]

    46. identicon
      Anonymous Coward, 24 Jun 2020 @ 9:49pm

      At least this bill is not like Oxley-Mantion in 1998, in that it does not criminalize the users, just the providers of encryption

      link to this | view in thread ]

    47. icon
      That One Guy (profile), 25 Jun 2020 @ 2:23am

      Re:

      Oh that comes next, once you've made it illegal for US companies to offer encryption that actually works and the public shifts to foreign encryption as a result then you make it illegal to have working encryption, since clearly only a criminal would care about security and privacy.

      (I wish I was joking or being sarcastic but if someone is that rabidly against security and privacy then allowing people to use encryption simply is not an option, such that unless reigned in it's only a matter of time until merely using encryption if you're not rich and/or powerful becomes a crime.)

      link to this | view in thread ]

    48. identicon
      Anonymous Coward, 25 Jun 2020 @ 4:14am

      Re: Ever Reaching implications

      If this does pass, I think a lot of people will no longer be buying or using American services.

      link to this | view in thread ]

    49. icon
      Dave Howe (profile), 25 Jun 2020 @ 5:42am

      Re: leakage

      No need for it to "leak" - China have already said in the past they will be getting in line for a copy of any lawful access key, so that their police forces can lawfully use it as an alternative to lawfully beating the password out of their citizens.

      link to this | view in thread ]

    50. icon
      Feldie47 (profile), 25 Jun 2020 @ 6:58am

      As someone who has taught mathematics for over half a century I can find no parallel to this and am a loss to find similar foolishness. It seems vaguely analogous to our flailing attempt(s) to control the pandemic, without consulting Mother Nature, as wildly far-fetched as that may be.

      We seek an unbreakable asynchronous method to hide a quantity, but then want to be able, only in the most strident of circumstances, to break that very method? And, of course, it should only be unbreakable by 'good' people with 'good' intentions?

      Any student of mine who came to me with that objective, challenge, or call it whatever the hell you wish, would not pass my class.

      Perhaps I should retire?

      link to this | view in thread ]

    51. identicon
      bobob, 25 Jun 2020 @ 10:16am

      The might make encryption more inconvenient and compromise many legitimate uses for it, but they can't stop it. On the other hand, this "Earn it" shit might be good for creating a cottage industry for people out of work to create apps. With lots of choices shared among groups of people using the same app, it will be a lot harder to find weaknesses in all of them than find a weakness in a more or less universal app. Sure, you'll be limited to people using the same app, but at least you won't be trusting facebook or whatever to do it for you.

      link to this | view in thread ]

    52. identicon
      Anonymous Coward, 28 Jun 2020 @ 9:44pm

      Re: Why stop with communications?

      Minor edits - why stop with encryption? Let's require every vehicle manufacturer to give police the ability to immobilize the vehicle - after getting an appropriate court order, of course.

      Why not? The police already has the ability ban access to oxygen without a warrant. Surely, banning anything else is perfectly reasonable..... in a third world shithole like the US.

      link to this | view in thread ]

    53. identicon
      Anonymous Coward, 28 Jun 2020 @ 10:20pm

      Re:

      Lock manufacturers and property owners will be required to provide master key access to law enforcement when a warrant is obtained to search a property.

      Not needed. A physical object will break with enough force and time applied to it. Not so much for encryption. Of course, you could just find the idiot that deployed it and use a $5.00 wrench on them, but that would require actual police work, and of course the mice tend not to do things when they know they are being actively watched.

      Honestly, I'm surprised that the corruption that the US Government even cares about maintaining face at this point. Everyone who is alive knows there's no level to which they won't stoop to get what they want. They should just block all encryption at Room 641A. If they can't read it, just send in the local goons to bust down doors and break some skulls. It's what they want, so why not? It's not like most people expect better of them.

      As a side note, if you are one of those people who expects better of their government: Hi. What's it like to live in a country that respects it's citizens? More importantly: Where is it, and what is the name of it?

      link to this | view in thread ]


    Follow Techdirt
    Essential Reading
    Techdirt Deals
    Report this ad  |  Hide Techdirt ads
    Techdirt Insider Discord

    The latest chatter on the Techdirt Insider Discord channel...

    Loading...
    Recent Stories

    This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
    Close

    Email This

    This feature is only available to registered users. Register or sign in to use it.