Slashdot Mirror
White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption (reuters.com)
kheldan quotes a report from Consumerist: Senators Richard Burr and Dianne Feinstein are expected to introduce a bill regarding phone encryption as soon as this week, according to Reuters. The draft text will give judges authority to order tech companies to help law enforcement when asked to -- basically, it would be a newer piece of law to fall back on than the All Writs Act of 1789, which is the one that usually sees use for this sort of thing. However, sources tell Reuters that the bill "does not spell out what companies might have to do or the circumstances under which they could be ordered to help," and therefore really doesn't necessarily change the underlying discussions at play, both in the tech world and in government. Nor does the bill specify penalties for failing to comply. The FBI recently briefed Senators Richard Burr and Dianne Feinstein on the methods used to unlock the San Bernardino terrorist's iPhone 5c. According to Reuters, the White House is declining to offer public support for draft legislation Burr and Feinstein are currently working on because the administration is "deeply divided on the issue." The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input, if any, sources familiar with the discussions said.
about how Obama is all in-support of the FBI and weaker consumer encryption?
or something like that. don't need those congress-critters anymore.
"The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input."
Keyword - "public"
Obama fully supports it but because it's a political season doesn't want the public backlash of not supporting civil rights.
If he didn't support it he'd be telling the FBI to back off.. He *IS* their boss after all...
Trump will make this a day zero thing!
is bipartisanship. Democrats and Republicans really only come together when it is time to give themselves a raise or shit like this. Can we go back to gridlock?
Tell me again about how Obama is all in-support of the FBI and weaker consumer encryption?
The FBI is under the President's control. The Attorney General answers to the President. The FBI answers to the Attorney General (AG).
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
The President can not tell the FBI what laws to enforce or not enforce but he can sure as hell can tell them what policies to pursue or not pursue. He has his pen and can write an executive order to the FBI.
Administration is Deeply Divided on the issue.
That's code for "Yeah, everybody told us the FBI is off in left-field on this one."
Sounds like cooler heads are starting to prevail, Thank Cthulu.
Its important to remember, with regards to the this administration which has been orchestrating and allowing this all along. That not outright supporting the bill (which would immediately loose a bunch GOP support - because hey, O'bama) versus saying he wouldn't sign it are 2 very different things. O'bama is no friend of public security / privacy.
This was before the CA shooting: https://theintercept.com/2015/...
Burr and Feinstein that is.
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*. That way they can still maintain their operational integrity (i.e the warranted party does not know they are being monitored) and the rest of the populations free speech rights. This could easily be supported by All writs or Telecommunication intercept acts of many commonwealth countries.
The issue is here, that they just want to have access to peoples communications without a warrant, which is a violation of privacy no better than any other garden variety black hat access.
If the police and other agencies can't respect the very laws that they are upholding, then they are breaching the very constitution they are sworn to uphold. From the perspective of someone accessing data that makes them no different from the criminals they are chasing because they are violating constitutional rights. Unalienable rights and that laws can't be unconstitutional.
Democracy isn't driving around in a tank. Democracy is a fragile girl, vulnerable walking down the street in a bad neighbourhood, Burr and Feinstein are the creepy ones offering her a ride.
My ism, it's full of beliefs.
I am really looking forward to reading the legislative drivel that comes out of these Senators' staffs' iPads just one month after this single news story broke.
I'm sure that these smart Congressional interns will easily be able to understand and improve upon the original All Writs Act that the Founding Fathers came up with, after years-worth of thought and debate among the intellectual giants of that age.
He's literally indecisive. Depending on how much legislative support the bill has, it can be read as tacit allowance for whichever direction it may be headed.
There will always be custom end to end encryption
Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.
Give the FCC the power to ban encryption! And to punish (1 Trillion US Dollars per CEO) Companies who employ encryption!
That eliminates "deals" with US Congress and White House!
No More Secrets!
It is nice the President thinks we're fetishizing our phones.
But why is government so interested in readying every American's data?
Without a warrant. I would call that beyond creepy.
The answer is to hack their devices and expose all their unsavory dealings.
Just like the Panama papers.Politicians voluntarily resigning left and right is the antidote to these power-hungry fools.
Go through their back doors hackers till they beg for mercy (double-entendre intended)!!!
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
I see two, or maybe three levels to this game:
What if done correctly? (-ish)
I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?
Why do they want you to think this is what is going on?
I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.
What if it is worse?
Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.
I mean a judge already ordered Apple to do the FBI's job, and Apple refused. Congress passed laws keeping illegal immigrant invaders outside of the USA. The President chose to ignore the law. A sitting president is not supposed to be making treaties with foreign powers, but he can make agreements with them.
What I am trying to say is there are soo many laws on the books already. Anyone of these laws may be reinterpreted or alternatively ignored to coincide with the wishes of the ruling party.
Let's just make everything illegal. That way they the ruling party can just arrest you if you need to be arrested. The other solution would be to abolish all laws, and that way the ruling party will be free to impose it's will unencumbered by the stupid laws.
In either case we would have exactly no change from what we currently have. Laws are completely meaningless. What matters is POWER. The weak shall be trodden into the dust of oblivion, and then made a scape goat for the havoc that the more violent elements of society reek on the world. This is as it should be, and can not be changed. The law is just a thin veneer of respectability on what is essentially the will of the mighty. I would rather live in a country that does not need this pretence.
"Of all forms of tyranny, the one I most fear is the tyranny of the law."
-Sponge Bob Square Pants.
Why is giving law enforcement agencies access to data always referred as a backdoor?
egulations-standards-encryption-applies-34675 - have a look at this document.
Is it because it conjurers up the image of a key left under the door matt that anyone could stumble across and then use to let them themselves in and steal all of your property?
Let's take the example of Apple's iMessage which uses end to end encryption. Apple generates the encryption keys, they are the key holders. In theory they could give those keys to the NSA who would then have real time access to messages.
iCloud- Apple can gain access to phone back ups whenever they want.
(Fell free to replace the word Apple with Google or Microsoft if you prefer).
But those obvious weak points, which could be exploited by criminals, are never referred to as backdoors, why?
technology essay topics – featuring encryption law drawbacks.
The White House declines to publicly support the bill during an election year you mean.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Because what you are describing is key escrow, not end-to-end encryption. What WhatsApp implemented recently (I believe, correct me if wrong) is proper e2e, where only the sender and recipient have access, and even WhatsApp can't see the contents. It's exactly this kind of encryption that is being attacked and various agencies want to put backdoors in it. Also, if I encrypt data offline, and then send it (encryption completely apart from the sending medium or app), I want strong encryption without anyone but designated recipient to be able to access it. Any form of outside access would be a back door. Even explicit key escrow could be considered such, as it would require me to send the key somewhere for "safekeeping", deeply undermining the security in real sense (both sending and storage of the key would be vulnerable).
This universe shipped by weight, not by volume. Some expansion of the contents may have occurred during shipment.
What does the government do when end users install open-source, encryption-enabled communication software, and there's no company to sue? Will they outlaw the mathematical formulas that enable encryption?
O'bama? He's not Irish.
Before Homeland Security was created, there were the FBI and the CIA ( internal and external ) agencies.
Now they are all under the same "share information" requirements wrt terrorism. But - the inevitable scope creep occurs,
and they all want to know what everyone emails, texts, says in conversation, where they go, what they buy, what their
medical records show, what they sell, and who they 'connect' with.
No, I say. They do not need to know all of that. not of citizens.
Foreigners, illegals, and - maybe, ONLY maybe - members of radical organizations,
( extreme militia, KKK, Nation of Islam, 'power gangs'..... proven felony-level organizations and members. maybe. ).
If I text anyone anything of a nature I consider to be private, I do not want anyone - repeat: anyone - else to be able to read it.
Voyeurism, perverted voyeurism, and peeping, is and should not be a government ability.
And we do know it will happen - an office pool on whether or not the little guy ( # 54781 ) manages to snag
the little woman ( # 388874 ) will happen, if it hasn't already. Office personnel talk/gossip:
" Hey guys - this black chick ( # 8144293 ) got drunk and slept with this asian pizza delivery guy ( # 9822251)"
" Well, poor John Doe ( name anonymous, # 2988117 ) has sphincter cancer and needs a prosthetic asshole..."
Yeah - it will make it harder for the justice ( no caps ) league to capture drug dealers and pedophiles - they will have to
do it the old-fashioned way. Which means they have to go somewhere and do something. Possibly dangerous.
That, of course, is their job. Not sitting in front of a screen, scanning for interesting bits ( like someone in their mothers basement).
The draft text will give judges authority to order tech companies to help law enforcement when asked to
And the summary uses the phrase "judges order tech companies to break encryption". I don't know which one of these idiot "tech websites" started this rhetoric, but it's getting really annoying. I can't figure out if they are willing Apple propagandists, or just completely retarded.
Good encryption can't be broken - It's a mathematical algorithm. What this bill is talking about is a warrant to get around security measures. Apple's idiotic anti-theft kill switch (that was also mandated by a nanny-state law from California) is not "encryption". It is a runtime process that monitors the number of attempts to enter a password and then deletes the encryption keys. It's like if you had a secure locker with a boobytrap mechanism that incinerated the contents when a brute force entry was detected. If the locker contained documentation written in a cipher that may contain information to solve a crime, and the FBI asked the company that made the locker to help them disable the boobytrap so they could try to take a look at it, you wouldn't claim they wanted to outlaw ciphers (unless you were a propagandist or moron). This whole issue is plagued with so much misinformation it's astonishing.
If it ain't broke, don't fix it.
You are now forced to do what the government says, no matter what. Now get on your knees Apple and suck it.
Every time I hear "Senate Intelligence Committee" I think of the Orwellian ministries (Ministry of Peace, Truth, etc).
Diane is a doublepluscunt.
I really think giving the courts so much power is a mistake. The law is not some special thing of such imporance that it always needs enforcement. The courts view into private matters really is too pervasive and too powerful.
Courts powers need to be extremely limited. The only people that should have no ability to hide anything from courts is the government itself. So maybe they should ammend all writs to only apply to writs where the subject is the government itself.
"I opened my eyes, and everything went dark again"
There is no way to get around it. Diane Feinstein is the unabashed fascist in the Senate. America will be better off when she is out of the Senate.
With defenders like you, who needs attackers?
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.
Nope, that has not been true since 2012. As the President said back then, its his last election and he never has to face the voters again, and as a result he'll have more "flexibility" on issues after the election.
Didn't he tell the DEA to stop raiding medical marijuana facilities in states where it's legal, and the DEA kept right on doing it anyway? Not even the president can keep federal law enforcement in check these days.
You missed a very important point that I hoped to make clear. The President can not tell an agency to not enforce a **law**. He can tell an agency not to pursue a **policy**.
Those DEA raids are enforcing federal *law* not some agency policy.
The FBI asking Congress to ban cell phone encryption is a *policy*. The FBI can be told don't ask for that. Congress can be told, ignore what they asked for. The President just needs to pick up that phone and pen he likes to talk about.
"I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you ..."
Just imagine how you would do it for PGP or SSH. Oh, you want to generate a new key? not permitted. You need to go to the DMZ, pay $50 and talk to their crypto people and they'll issue you your public/private pair and submit the backdoors to the appropriate government agencies.
I guess you could have a master crypto library with a master key so that you don't need to visit the ministry of Security... although it's not clear how a new OS would get a new key... it might require the OS vendor to have a government certified CA which would require audits and certifications to operate. Microsoft would love it. Audits cost easily $100k+/year. The big Linux distros could probably pull it off, except Debian... maybe they'll get a key from some university somewhere.
Of course all these agencies require independent crypto vaults to store the keys... unless you mean an ultra-master key? what if the presence of millions of derivatives of the master allows for an algorithmic weakness to pick apart the master key. No, not a good idea. I guess the $50 admin fee can go to managing the multi-billion-dollar vault-system which will go to Diebold or somebody else's brother... and it will get hacked anyway, and even after everyone rotates their keys, all their data-at-rest will have their key size reduced by a third.
Then what do you do about legacy devices? about foreign devices? what about devices exported from the U.S.? I guess you could be like Turkey and require cellphones to be on a trust list... establish more severe border controls... etc. etc.