Bill Barr Applauds FOSTA Sponsor's Clone Of Senate's Encryption-Breaking 'Lawful Access' Bill
from the DO-NOT-CONGRATULATE dept
I guess those "rule of law" folks don't care if a law is any good or will do what it intends to do without causing significant collateral damage. All they care about is that it's a law and, as a law, everyone should just subject themselves to it with a minimum of complaining.
The Attorney General is one of those "rule of law" people. Sure, he works for an administration that doesn't seem to care much about laws, propriety, or basic competence, but he's the nation's top cop, so laws and rules it is.
Bill Barr wants holes in encryption. He wants them so badly he's making up new words. "Warrant-proof encryption" isn't any different than regular encryption. It only becomes "warrant-proof" when the DOJ and FBI are talking about it, as though it was some new algorithm that only scrambles communications and data when the presence of a warrant is detected.
Far too many people in Washington think encryption is only valuable to criminals. Bills are in the works to compel encryption-breaking/backdooring. Some even handcuff these demands to Section 230 immunity -- a 2-for-1 special on shoveled shit straight from the federal government to Americans' favorite platforms and services.
Given how much the AG loves broad, abusive laws, it's no surprise he's going on the record to congratulate the author of another terrible law on her newest terrible piece of legislation.
Today, Attorney General William P. Barr issued the following statement on the introduction of a bill in the U.S. House of Representatives that would give law enforcement access to encrypted data with court approval in order to protect user privacy. The legislation was introduced by Representative Ann Wagner.
“I applaud Representative Wagner for introducing this critical lawful access legislation. Although strong encryption is vital, we cannot allow the tech industry to use encryption that blinds law enforcement and prevents it from thwarting or investigating serious crimes and national security threats, including terrorist plots, cyberattacks, and sexual exploitation."
Yes, let's applaud Rep. Ann Wagner. (Let's not.) Wagner was the sponsor behind FOSTA, the anti-sex worker law (d/b/a anti-sex trafficking legislation) that has been instrumental in roughly zero prosecutions -- the same prosecutions bill sponsors like Wagner claimed would be impossible without this new law.
That wasn't Wagner's only bogus claim. She also claimed the passage of FOSTA resulted in the immediate disappearance of 90% of "sex trafficking ads." This claim was proven false by fact checkers. The vast majority of the ads that vanished did so when Backpage shut down its adult ads prior to FOSTA's passage and prior to the DOJ's prosecution of the site's owners.
So, when Barr applauds Wagner, he's applauding someone who'll say almost anything to justify harmful legislation. This is the kind of person Barr admires because Bill Barr does the same thing, even though he's not writing new bills personally.
Here's some more of the "anything" Barr will say to applaud bad bill-making. Wagner's new thing is a clone of the Senate's "Lawful Access to Encrypted Data" bill. As you can guess by reading the bill's clunky title, it's another attempt to sacrifice encryption on the altar of law enforcement convenience, ensuring cops don't have to work too hard to collect evidence.
As we all are painfully aware, law enforcement agencies -- despite being around for more than 150 years -- have yet to solve a single crime. So it's imperative we give them access to gigabytes of communications and data so they can finally get around to putting a few criminals behind bars. That being said, here's what's being said by Barr in support of this bill. I have no idea what most of this has to do with anything, but it's full of things that sound bad.
The danger is particularly great for children, especially during this time of coronavirus restrictions when children are spending more time online. Survivors of child sexual abuse and their families have pleaded with technology companies to do more to prevent predators from exploiting their platforms to harm children. Unfortunately, these companies have not done enough, which is why this legislation is needed.
Well then. And I thought this administration was going to save kids from child predators by sending them to COVID-infested schools ASAP. But somehow this is the tech companies' fault, since they offer security to all users, even though a small percentage of users engage in criminal acts.
Barr finishes up his applause for Wagner and her LAED knockoff with what can only be a deliberate misreading of the issues at stake.
Privacy and public safety are not mutually exclusive. I am confident that the tech industry can design strong encryption that allows for lawful access by law enforcement. Encryption should keep us safe, not provide a safe haven for predators and terrorists.
The issue isn't privacy. The Constitution may help ensure privacy by limiting the government's intrusion into our lives and homes, but what's really at stake here is security. And security -- of devices and files and communications -- is directly related to public safety. You can't claim to be a champion of public safety when you're willing to make it easier for malicious hackers to gain access to email accounts, personal messages, smartphones, hard drives, computers, social media accounts, and everything else encryption shields from outsiders.
An encryption hole handcrafted for cops is a hole anyone else can use once it's discovered. A backdoor built into hardware or software isn't only going to be exploited by law enforcement. If the assistance is compelled, companies won't be able to patch security issues -- not if the flaw exists to serve the government. Tech companies in Australia -- where compelled technical assistance is already law -- are seeing their customer bases shrink as people look for options that aren't deliberately broken. The same thing will happen here in the US if bills like this become law.
Bill Barr is willing to sacrifice your security. And he won't be giving you anything in return. We won't be safer. We'll be more vulnerable than we've ever been. And Rep. Wagner wants to help him screw you over, just like she did to countless Americans with FOSTA.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ann wagner, backdoors, doj, encryption, fbi, fosta, laed, section 230, william barr
Reader Comments
Subscribe: RSS
View by: Time | Thread
People wll use other apps or stop using services
which do not have strong encryption,
This will have a negative effect on American company's , international company's have lots of choice, they might cease to use American software,
or use cloud services outside the USA.
Many financial services rely on strong encryption to protect their customers privacy and stop hackers
stealing data.
Weakening encryption is a gift to hackers and state will make it easier
sponsored cyber warfare to acess American
Government and military databases
[ link to this | view in chronology ]
Survivors of child sexual abuse and their families have pleaded with technology companies to do more to prevent predators from exploiting their platforms to harm children. Unfortunately, these companies have not done enough, which is why this legislation is needed.
I'm pretty sure he's just pulling this statement out if his fifth point of contact, regardless, the companies he's generally indicating here have done way more than his shitshow of a department (or any LEA) has ever done to combat child predators. Further, they don't do shit even when people are reporting users or crappy sites, and encryption is not even a consideration.
Liar. Bloody fucking liar.
[ link to this | view in chronology ]
'No no, you're thinking of yourself Barr.'
Indeed, it's grossly dishonest and hypocritical for him to claim that tech companies don't care about abused children when they have done vastly more to catch abusers than he and his agency have.
[ link to this | view in chronology ]
So this is why I suggest people don't drop babies on their head. Also why I recommend against continuous consumption of drugs known to cause brain damage.
What's next, "Euthanization for longevity"?
[ link to this | view in chronology ]
"The Rule of Law" is a meaningless political word salad used by anyone who wants to portray his or her own flaunting of the law in a self-serving self-righteous way. If Bill Barr meant it literally, he'd have to volunteer for a life sentence in a federal supermax to not be a hypocrite.
[ link to this | view in chronology ]
Re:
I thought it was the opposite of Rule Of Man
[ link to this | view in chronology ]
Re:
Personally, I prefer to put the idea in perspective of the D&D Alignment system.
It's like somebody is looking at the lawful axis but ignoring the second part completely. From their perspective, They are lawful therefore they are good. Expect the alignment system doesn't work that way. There are those two other alignments on the lawful axis for a reason: Lawful dose not equal good.
So they end up missing the point of the lawful part of that axis entirely.
[ link to this | view in chronology ]
Well there is things the companies can do to prevent this problem, and that is shutdown, or exercise editorial control over what is published before it is published. In other words, stop providing a means that allows people to talk to each other that is is not strictly monitored and controlled.
Alternatively, parents could do their job, and keep an eye on what their children are doing online.
[ link to this | view in chronology ]
Re:
Parents are doing their job: "Complaining to officials that the government isn't raising their kids properly." What? You thought the job of a US parent was to gasp be a parent and educate their kids of the values they believe to be important? The horror! You barbarians simply haven't grown up yet.
/s <= This should not be needed here, but.......
The correct action is to tell everyone off. There used to be a saying "Sticks and stones will break my bones, but words can never hurt me." Then the psychiatrists got involved and people started getting offended over everything for nothing. Unable to cope with even the most basic differences and having (or claiming to have) mental breakdowns over them. People (Kids and Adults) need to be reminded that people are different than them. That having disagreements with others don't make said others sub-human undeserving of empathy, equal rights, and respect.
Sadly, like all fascist regimes, the government would rather cater to the self-diagnosed insanity than actually stick up for what the country is supposed to stand for. "I may disagree with what you have to say, but I'll defend to the death your right to say it" is a phrase only the most daring teachers and die hard supporters would utter in a public forum these days. Lest the insane descend on them like locusts to crops and devour them whole.
[ link to this | view in chronology ]
When third party access is allowed, can you still call it encryption?
[ link to this | view in chronology ]
''Think of the children!... that we juse threw to the wolves'
It's particularly rich and disgusting that he's trying to hide behind abused children like the gutless coward that he is, using them as nothing more than a tool to try to get his way when if he actually did get what he wanted, crippled encryption, that would cause massive damage to everyone, including kids, both directly and indirectly.
Privacy and security protects everyone, including kids, and while that can include criminals by sacrificing encryption to go after them you by necessity sacrifice it for the same people you are using as props.
[ link to this | view in chronology ]
Re: ''Think of the children!... that we juse threw to the wolves
What is really awful is that leeches like Barr only thrive when there is a controversy they can push. If by any chance he ever got everything he says he wants the result would be such an unmitigated disaster he'd go down in history as the man who singlehandedly destroyed the US economy and tech sector.
Humans are odd the way that we really don't learn except by the survivors pointing at the scars of some cataclysm and saying "See that over there? That's the mass graves which taught us not to build cities over volcanoes".
Eventually someone, somewhere, will succeed in what Barr is trying, and the result will be the swift and utter eradication of that nations economy and internet technology. It will be a necessary lesson which will prove to other nations and later generations that encryption is your friend no matter that it is as "inconvenient" to law enforcement as, say, burden of proof.
And right now it looks like the leading candidate for providing that lesson may be the US.
[ link to this | view in chronology ]
I am amazed. Astounded. Bewildered. I had absolutely no idea that flashers and streakers were using zoom chat. Or that tele-operated "adult toys" were being shipped to children.
And think of all those children who have been kidnapped into anonymous chat rooms and left chained to an IRC client. And the ransom demands! V-bucks, Warcraft gold, Animal Crossing Bells... how is a person ever going to grind enough money to get their children released from Durance Vile?
[ link to this | view in chronology ]
Strange also that children are somehow more in danger online than outside where they were running in gangs, doing drugs, and getting shot by police for holding toy guns and cell phones.
[ link to this | view in chronology ]
Re:
Or being reported to the police by the neighborhood nannybot because they were playing (or walking or bike riding or using park facilities) without adult supervision.
It really doesn't take a village.
[ link to this | view in chronology ]
Re:
"...and getting shot by police for holding toy guns and cell phones."
Ah, but being murdered by trigger-happy law enforcement deliberately trained to respond to loud noises, sudden movement or suspicious stillness with instant gunfire is an unfortunate coincidence and thus not by far as bad as dual use technology being used by actually malicious people.
Next up Barr will no doubt be at war with crowbars, hammers, and bolt cutters unless they can be made to only be useful in the hands of honest citizens.
[ link to this | view in chronology ]
I believe this will work....
Just break out the old key escrow idea, with a twist. Escrow the encryption keys among agencies scattered across different countries. Easily done, and in order for "evil hackers" to break in, they would need to be successful with all of the agencies prior to being discovered by any of the agencies. One simple key splitting method to distribute a key between N agencies is to generate N-1 random values and give each agency one of those random values and to the last agency the exclusive or of all of those values and the key being escrowed. To retrieve an escrowed key, they just need to XOR all of the escrowed values. And if any agency refuses, the key can not be retrieved.
I think a suitable list of countries to escrow those keys in would be the total membership of the United Nations.
This method would permit the legitimate retrieval of escrowed keys, assuming that every agency agrees about the legitimacy of the retrieval. But wholesale snooping would be effectively impossible.
[ link to this | view in chronology ]
Re: I believe this will work....
The key that are placed in escrow would be those used by law abiding citizens, while crooks and terrorists will deal with their own key management to avoid that escrow. Also note that law abiding citizens can have legal communications that governments are very interested in, like political activism to change how governments are formed, or representatives elected.
Just how much effort, including a lot of the use of the word terrorist, would Trump and cronies exercise to break into the current protestors communications? Indeed terrorist would likely be the magic word to obtain a keys held in such escrow.
[ link to this | view in chronology ]
Re: Re: I believe this will work....
You do realize that it would be virtually impossible for EVERY country on Earth to agree that a key request is legitimate, don't you? And if ANY agency refused to honor the request, it would fail and no information about the escrowed key would be revealed. I can just imagine several Arab agencies effectively saying "Oh, the Israelites think the request is OK? Then we must reject it!" And visa versa.
Such an escrow would in theory only allow legal and legitimate requests to succeed, but in practical terms, herding cats would be trivial in comparison to getting all those countries to agree on any given request.
[ link to this | view in chronology ]
Re: Re: Re: I believe this will work....
Not even in theory, I think.
Anything that would be big enough to even bother with the decryption ritual is almost certain to have some of the people in charge of those keys involved in some way.
For example, consider asking Saudis to apply their portion of the key so you could decrypt messages between terrorists around, oh I don't know, September-ish 2001...
[ link to this | view in chronology ]
Re: Re: Re: Re: I believe this will work....
"For example, consider asking Saudis to apply their portion of the key so you could decrypt messages between terrorists around, oh I don't know, September-ish 2001"
There would be a real fear that at least one of them would have sent the message "Dad, we're finally doing it! I'm gonna make you, mom, and brother so very proud of me!" to a family which is still a strategic partner of the US.
After all, that fear was what had the state department ship every rich and influential relative of the saudis implicated in 9/11 back to saudi arabia under secret service guard just so nothing embarrassing might emerge from an interrogation of the relatives of the 9/11 hijackers.
An embarrassment closely compounded by re-investigation of the fact that the FBI knew beforehand that saudi extremists were learning to fly passenger airplanes - but were told to back off because their relatives were "politically sensitive".
[ link to this | view in chronology ]
Re: I believe this will work....
"Just break out the old key escrow idea, with a twist. Escrow the encryption keys among agencies scattered across different countries."
If your initial assumption is an impossibility which has never happened before, ever, then the idea probably isn't worth much. Bear in mind that Snowden revealed the US trusted it's greatest ally in europe - germany - so much it had the Chancellor's phone tapped. That GWB was so angry at France for cockblocking his Iraq invasion he (or, more likely, Cheney) was looking for ways to implicate France in 9/11. That the security council of the international community is a long, long history of repetitive betrayal.
"Easily done, and in order for "evil hackers" to break in, they would need to be successful with all of the agencies prior to being discovered by any of the agencies."
Not really. All they need to do is hack the NSA and obtain all the keys which will have been "obtained" by NSA crackers - who are already known by now to spend more time lifting info from US "allies" than trying to penetrate the halls of "enemies".
"I think a suitable list of countries to escrow those keys in would be the total membership of the United Nations."
You realize how many weeks or even days it would take before every escrowed key had been replicated for every member of security council to have a full set each?
"This method would permit the legitimate retrieval of escrowed keys, assuming that every agency agrees about the legitimacy of the retrieval."
Assuming the above impossibility even worked, you realize how long it will take before either one agency steadfastly refuses cooperation, no matter the cause, OR/AND a key has been generated and lost rendering the assembly of the full key practically impossible?
I'm not sure whether you're trying to build an elaborate /s argument here, or are making assumptions about humanity which are at 17th-century romance novel naívety levels.
Either way it won't work simply because unless you also outlaw learning math and computer programming there will be a thousand unregulated FOSS alternatives available to everyone.
At which point in order to properly implement the "master key" scheme you need to make it illegal to possess a device which isn't black-boxed by the government.
If your scheme requires the implementation of an Orwellian dystopia just to get off the ground I'm not really sure you're on to a winner. Just sayin'...
[ link to this | view in chronology ]
Re: Re: I believe this will work....
You don't seem to understand the beauty of the system. It's a method of performing key escrow that from a technology point of view WORKS. Yet from a human nature point of view will never result in a key being exposed. It allows the techies to effectively say:
"We took your demand to 'nerd harder' to heart and created this system that will work. Any problems you have with it are political in nature. You're a politician. Politic harder."
[ link to this | view in chronology ]
Re: Re: Re: I believe this will work....
Just give it up already ... voyeurism is sick and demented.
It needs to stop.
[ link to this | view in chronology ]
Re: Re: Re: I believe this will work....
"Yet from a human nature point of view will never result in a key being exposed."
Yeah, it did read a bit like suggestions I've read and heard BOFH's pose to clueless PHB's, hence my question about the /s argument.
Trouble is you can never be sure, because Poe can be such a bastard sometimes. And I'm halfway sure there are people currently in the body politic which wouldn't see the required followup of mandating Orwell's Telescreen or full-blown dystopia as anything other than "step 2" on the flowchart.
In theory the guy you're handing the solution to is supposed to think, see the ridiculousness in his own suggestion, and abandon the idea. In practice there's just that type of all too common guy who'll just run with it anyway. Leaving the smart techie flabbergasted and going "I didn't think they'd actually DO that".
So, as satisfying as it can be to simply do what was told and toss the problem right back with a "politic harder, luser", please, by the wriggly beard of Cthulhu, don't tell these people they can make it work if they make 1984 real. They'll try, seeing nothing wrong with the idea.
[ link to this | view in chronology ]
"Well then. And I thought this administration was going to save kids from child predators by sending them to COVID-infested schools ASAP."
It's true, the administration is doing just that.
A large part of child sexual abuse is perpetrated by family members, so you can improve the victims' lives by sending them to COVID-infested schools. Hey, they might even pick up an infection at school and pass it on to the predator. It's win-win.
</sarcasm>
[ link to this | view in chronology ]