Senator Backs Down On Crypto Backdoors

evenprime writes: " Sen. Judd Gregg (Republican, New Hampshire) was advocating mandatory backdoors in crypto on Sept. 13. Wired is now reporting that Sen. Gregg has changed his mind. They say that Gregg's spokesman, Brian Hart, has said: 'We are not working on an encryption bill and have no intention to.'" As Rob Carlson is quoted at the article's close, though: "(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again."

Definitely

[bill.sheehan]

"(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again."

Our beloved solons are sometimes wrong, but never in doubt.

Perhaps

[Green+Aardvark+House]

From the Wired article:

I think if they put a crypto provision in this bill, it would have passed," Froomkin said. "Look at what the administration got."

Froomkin was talking about additional eavesdropping and surveillance powers requested by the Bush administration, which the Senate and the House overwhelmingly voted for last week. That bill is called the USA Act.

He backed off crypto backdoors because the government is going to get enhanced wiretapping powers, etc.

It's a little give and take, but it's nice to see the "give" this time.

My God ...

[Daniel+Dvorkin]

This is the first time I can think of where some politico who was talking about some horrible piece of legislation which was opposed in an organized fashion by the open-source community actually changed his mind. Am I being wildly optimistic in thinking that the online petitions, EFF lobbying, etc. made a difference, and might make a difference in the future? Or was there some other factor at work here?

Re:My God ...

[Rogerborg]

• [did] EFF lobbying, etc. made a difference [or]was there some other factor at work here?

The MPAA/RIAA pointed out to him that they use encryption, and that there's no way they're going to trust their enforcement/collection division (US Government Inc.) with the keys?

This is presented frivilously, but it's a real possibility. There are plenty of corporate users of encryption who can easily afford to contribute a Mercedes or two to Senator Gregg's campaign fund to get this farcical idea off the table.

Holy heck, there's a nice hobby. Proactively inviting corporate bribes ("campaign contributions") by proposing dumb bills that will hurt them. Much more efficient than waiting for OmniGlobalHyperMegaCorp to come a-knocking on your door.

Encryption vs. "Secure"

[ldopa1]

I think some of us tech geeks ought to go to Capitol Hill and point out that "Secure" websites also use encryption. That banks transfer funds through encrypted channels, etc etc etc...

Isn't it strange how "Encryption" is bad, but "Secure" is good despite the fact that they are the exact same thing? Criminals encrypt their transmissions but Bankers make "secure transmissions"

Re:Encryption vs. "Secure"

[Shagg]

This is what I find annoying, however: No one has argued banning all encryption.

Obviously this is all moot now anyway, but I believe the initial proposal was to put back doors in ALL encryption. How do you put back doors (or ban, to use your words) only the encryption that the bad guys use? This is what the original person who started this thread was trying to point out. The stuff the bad guys use, is the same as the stuff the good guys use. You CAN'T make changes to one without affecting the other.

He was saying that we should somehow make our lawmakers understand this, since it's obvious from the proposed "back door" law that they don't, or that they are at least trying to paint the political picture of encryption being a "bad guy thing".

Non-violent resistance

[Apreche]

You know Martin Luther King Jr. and Gandhi? You know what they had in common? They both thought that their respective governments had unjust laws, so they disobeyed those laws and accepted the punishments for them, and it worked.

This particular story is good news, because it means that representatives do think and can be convinced that they're not right. However there are still things like the SSSCA and the DMCA. I believe these laws are unjust myself. So I disobey them. If I get locked up in jail one day, so be it. But what good is their law if nobody obeys? Let them throw all the nerds in jail. See what happens then.

This is a little crazy, but imagine if all of slashdot turned off all of our servers at home and work. Then we refuse to turn them back on until the unjust laws are repealed.

Yeah, it's crazy, but I just ate a giant pixy stick, and I'm excited because my new computer is coming today.

Letter writing (OT but interesting)

[Merk]

It's kinda funny. For a long time now people have been saying "if you want your congress rep, senator, MP, friendly dictator, etc. to listen send them snail-mail". These days with the Anthrax scares, I'd say one way to guarantee your rep won't see what you wrote it to send it by snail-mail.

Will this result in more reps using email, and thus more influence for geeks? Or will this just mean phone calls and personal appearances become even more important.

One thing's for sure. If you want to write your rep a letter about something that matters to you -- put down that powdered sugar donut and wash your hands before you do do it!

Re:Letter writing (OT but interesting)

[sulli]

Or send a fax. Faxes use the office's own paper - plus they're more attention-getting than snail mail.

Re:My God (No)

[anonicon]

I seriously doubt that the Open Source movement or the EFF made any difference, but that big, American multinationals made all the difference. Remember, they require encrypted communications too, and the idea that a competitor or foreign government could pay someone off to secure access to the backdoor would sacre us, because it *might* cost our companies (good and bad) billions, as someone already pointed out.

When big or medium business is threatened by this style of legislation, you can pretty much count on it to die or be severely watered-down or exempted.

Re:Hrm.

[nojomofo]

Don't you just love politicians who stand by their positions?

This sort of comment bothers me. When we heard about this, there was a general cry on Slashdot: "Write letters so they understand how we feel and change their minds!" Well, he's changed his mind (perhaps because he now understands how his constituents feel, perhaps not). But don't we, in cases like this, really want our elected officials to do what we want them to? Maybe he really does have all of our interests in mind, he just needed to be educated?

He's in a no-win situation. If he didn't change his mind, it's: "He's listening to corporations! He's been bought! He's not representing us! Why won't he read our letters and change his mind?". But now that he did, it's: "no-good politicians can't stand for what they believe in!".

So you tell me: which way do you want it?

Key escrow will never pass anyway

[CmdrTroll]

It's nice to see that a formerly ill-informed senator who supported key escrow has changed his evil ways. But key escrow is the least of our worries because big business wouldn't want the government to be trusted with guarding the keys that shield them from huge losses. Consider these large lobbyists:

• Banks: they don't want the government to be able to tap into ATM networks and other encrypted communications, for the personal benefit of the government employees. There's a lot at stake for them because somebody can steal billions if they obtain certain keys. And, as they say, everybody has their price.
• RIAA/MPAA: they don't want yet another potential source of leakage for their CSS/DVD/music encryption keys. They'd prefer to wait for some thief in Norway to find it because thieves in Norway take several months to work.
• Telecom companies: they don't want the government to see what they're really up to. Ditto for Microsoft. They're all engaged in shady, anticompetitive practices and have learned by now to encrypt internal email and memos.

The list goes on. Fortunately key escrow is opposed by the very people who run America - large corporations and lobbying groups. And that is why we need to worry about the crap in ATA/PATRIOT instead - because big companies don't care whether or not the government can snoop on anti-WTO activists, detain immigrants forever, or give life sentences to hackers.

-CT

Re:Show of Hands

[fobbman]

Looks like those jpg's of Senator Gregg and his mistress that I intercepted and then attached to my recommendations that secure email encryption is a Good Thing seemed to have done the job.

Sometimes you've gotta relate to them on the lowest common denomenator.

a win for the U.S. System of Government

[fetta]

A college political science professor once made a statement that stuck with me - "the U.S. system of government is intentionally designed to impede the popular will." In this case, it seems to have worked. Our entire system of government is designed to slow things down so that rash and unwise decisions don't get made too quickly. It doesn't always work, but the current crisis is exactly the kind of situation our government is designed to deal with.

The government doesn't always act as quickly as we would like - and that's a good thing.

Re:a win for the U.S. System of Government

[kindbud]

Our entire system of government is designed to slow things down so that rash and unwise decisions don't get made too quickly.

You're right, it is much better if the rash and unwise decisions are made after a few weeks of deliberation.

2 Good Things About the Anti-Terrorism Act

[dh003i]

Now there are two good things about the anti-terrorism act:

1. It prevents the RIAA/MPAA from being judge/jurty/executionar and destroying OUR networks or our computers, and imposes severe penalties for such. Unfortunately, it also imposes severe pentalties on individual hackers for minor offenses less serious than a traffic infraction.

2. The government has not gained the right to violate OUR right to privacy/anonymity by forcing us all to use backdoors on our encryption. The same type of thing can be said to be true of anonymity: anonymizing services also won't, by extension, be forced to give the government a backdoor entrance.

On the other hand, unfortunately, there are some troubling concerns with this bill in terms of search & seizure & warrants.

I believe this bill has language in it that would make a warrant granted in one state to tap someone applicable in another. This violates the sovereignty of individual states. If the government wants a nation-wide warrant to tap someone, they should go to federal court.

The other troubling feature of this bill is that it allows the government to legitimately spy on every website we're visiting, and gives them the right to tap into more of our communications without a warrant from a judge.

If the government wants to have the right to tap into OUR communications, they should have to go to a court and get a warrant. If they go to a state court, the warrant should be applicable only in that state; if a federal court, then throughout the nation.

I have no problem with the government monitoring/tappign the online activity of people who'm one could reasonably believe are criminals(i.e., mobsters like John Gotti Jr). However, they should have to go to a court, and at that court, a public defender should be there to defend the accused's rights(the public defendant would simply make the case against a tap, based on available knowledge, without informing the accused that he was being considered for a wire tap -- if the accused were informed, it would be pointless).

So, what about Sen. Judd Gregg? Well, I'll give him credit for recognizing the validity of keeping encryption strong. It is obvious that when he initially called for a ban on backdoorless encryption, he was ignorant of encryption issues and caveats. Now, it is clear that he is more informed and realizes that his formerly proposed idea would not solve any problems, and would violate civil liberties. Of course, he did not say he was ignorant -- no one wants to say they didn't know what the fuck they were talking about.

That said, there are two reasons why politicians propose such laws which flagrantly violate civil liberties and solve no problems: (1) They were ignorant of the issues; (2) They simply did not care, and were bought off by some powerful organization(i.e., BSA, RIAA, MPAA, AAA, MS, etc).
If the reason why politiians propose such laws is that they were ignorant of the issues -- as most all of them are on issues of science, intellectual property, and computer technology -- that can be solved by educating them. If the problem is that they did not care and were bought off, that could be solved by: a. Not re-electing them; b. Launching a publicity campaign agaisnt them.

Of course, sometimes the reason why politicians are "ignorant of issues" is because they've been educated by self-interested lobby groups like the RIAA/MPAA/BSA/AAA/MS. These groups are large and rich, and it is natural for politicians to listen to them. In order to counteract that, we need to make politicians aware of the flaws of the positions of such groups, and the utterly self-interested nature of such groups. Any time any of these groups talks about "rights" or "benefitting the public" its bullshit. They have no concern for the public, only their bottom line; as for rights, the only rights they're concerned about are their own(i.e., the RIAA/MPAA seem to support their right to put out sexually explicit movies/songs even if these may reach kids[a right I support], but seem to think that freedom of speech is irrelevant when it comes to linking to a website with DeCSS on it, or sharing files).

Re:Hrm.

[tpm]

I want politicians who are smart enough to educate themselves before taking a position in the first place. Is that too much to ask?

The letters sent to the Clinton Admin did it

[Zeinfeld]

Gregg backed off his proposal after the Bush administration told him they had no intention of supporting him. A major reason for their position is the amount of political capital the Clinton administration spent on the scheme unsuccessfully.

Behind the scenes a major reason for the change is the considerable change in the standing of Freeh amongst Congress and in particular the GOP. When Freeh was supporting the GOP in their impeachment machinations he was flavor of the month. Since then there have been more and more questions about his effectiveness.

There are several in Congress who will behind closed doors blame Freeh for spending effort on his encryption obsession he should have spent stopping the 9/11 attacks. Even before 9/11 there were many complaints about FBI competence. The witholding of evidence in the Oaklahoma City bomb trials, the Wen Ho Lee incident, renewed questions about Ruby Ridge etc.

With Freeh gone and Mueller now in charge it is very unlikely he would want to resurect a crusade that is strongly associated with a successor now widely considered to have been a failure.