Slashdot Mirror
White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption (reuters.com)
kheldan quotes a report from Consumerist: Senators Richard Burr and Dianne Feinstein are expected to introduce a bill regarding phone encryption as soon as this week, according to Reuters. The draft text will give judges authority to order tech companies to help law enforcement when asked to -- basically, it would be a newer piece of law to fall back on than the All Writs Act of 1789, which is the one that usually sees use for this sort of thing. However, sources tell Reuters that the bill "does not spell out what companies might have to do or the circumstances under which they could be ordered to help," and therefore really doesn't necessarily change the underlying discussions at play, both in the tech world and in government. Nor does the bill specify penalties for failing to comply. The FBI recently briefed Senators Richard Burr and Dianne Feinstein on the methods used to unlock the San Bernardino terrorist's iPhone 5c. According to Reuters, the White House is declining to offer public support for draft legislation Burr and Feinstein are currently working on because the administration is "deeply divided on the issue." The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input, if any, sources familiar with the discussions said.
or something like that. don't need those congress-critters anymore.
"The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input."
Keyword - "public"
Obama fully supports it but because it's a political season doesn't want the public backlash of not supporting civil rights.
If he didn't support it he'd be telling the FBI to back off.. He *IS* their boss after all...
Glad to
http://www.macworld.com/articl...
Trump will make this a day zero thing!
is bipartisanship. Democrats and Republicans really only come together when it is time to give themselves a raise or shit like this. Can we go back to gridlock?
Tell me again about how Obama is all in-support of the FBI and weaker consumer encryption?
The FBI is under the President's control. The Attorney General answers to the President. The FBI answers to the Attorney General (AG).
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
The President can not tell the FBI what laws to enforce or not enforce but he can sure as hell can tell them what policies to pursue or not pursue. He has his pen and can write an executive order to the FBI.
Administration is Deeply Divided on the issue.
That's code for "Yeah, everybody told us the FBI is off in left-field on this one."
Sounds like cooler heads are starting to prevail, Thank Cthulu.
Its important to remember, with regards to the this administration which has been orchestrating and allowing this all along. That not outright supporting the bill (which would immediately loose a bunch GOP support - because hey, O'bama) versus saying he wouldn't sign it are 2 very different things. O'bama is no friend of public security / privacy.
This was before the CA shooting: https://theintercept.com/2015/...
I think the powers that be just want to know what's going on.
It's for your own good, anyway, you ungrateful bastard.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Burr and Feinstein that is.
The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*. That way they can still maintain their operational integrity (i.e the warranted party does not know they are being monitored) and the rest of the populations free speech rights. This could easily be supported by All writs or Telecommunication intercept acts of many commonwealth countries.
The issue is here, that they just want to have access to peoples communications without a warrant, which is a violation of privacy no better than any other garden variety black hat access.
If the police and other agencies can't respect the very laws that they are upholding, then they are breaching the very constitution they are sworn to uphold. From the perspective of someone accessing data that makes them no different from the criminals they are chasing because they are violating constitutional rights. Unalienable rights and that laws can't be unconstitutional.
Democracy isn't driving around in a tank. Democracy is a fragile girl, vulnerable walking down the street in a bad neighbourhood, Burr and Feinstein are the creepy ones offering her a ride.
My ism, it's full of beliefs.
I am really looking forward to reading the legislative drivel that comes out of these Senators' staffs' iPads just one month after this single news story broke.
I'm sure that these smart Congressional interns will easily be able to understand and improve upon the original All Writs Act that the Founding Fathers came up with, after years-worth of thought and debate among the intellectual giants of that age.
No, it's not indecision. It's that he's smart enough to know this bill is potentially toxic to freedom, will be hard to write so that it is't unconstitutional, and is a non-starter with the non-brain-dead populace. So he wants no part of it, and he especially wants to avoid being caught up in the frenzy following the output from another go-around of the old standard political syllogism, to wit:
We must do SOMETHING. (political furor du jour, for example, "won't someone PLEASE think of the children")
This is something we CAN do. (bill du jour, that is, difficult to get right and potentially toxic encryption legislation)
Therefore, me MUST do THIS. (pass this bogus bill).
Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.
Whatever his motives there's one thing certain: Dianne Feinstein is consistent enemy of freedom and of the American people. She's an insult to the Senate and to the Constitution, the path to uphold and protect she breaks with every new freedom destroying bill she introduces.
She needs to be removed from the Senate an preferably tried for treason as the only thing she does is give aid and comfort to the enemies of freedom.
Yeah, after grinding under his boot heel for 7 years he finally decides to throw people concerned about the Constitution a bone. Way to go, what a guy, good riddance.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
I see two, or maybe three levels to this game:
What if done correctly? (-ish)
I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?
Why do they want you to think this is what is going on?
I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.
What if it is worse?
Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.
Could not agree more. It is time to remove the US from the modern, tech-centric world once and for all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
He acts like the government is doing some kind of favour to the citizens by providing protection and that somehow the citizens are obligated to give up their liberties as payment.
It's the government's FUCKING JOB to protect its citizens. They don't get to have any kind of special credit for it and they certainly don't get to have any kind of special payment (ie. private data) for it.
This reminds me of a bit that Chris Rock did a long time ago about niggers trying to take credit for shit that they are supposed to do.
Ghetto parent: "Oh, I take care of my kids!"
Chris Rock: "You're SUPPOSED to you dumb motherfucker!"
The way it's framed in the article it really just sounds like naivete. Someone told him that it was possible to "create a system where the encryption is as strong as possible, the key is as secure as possible, it’s accessible by the smallest number of people possible for the subset of issues that we agree is important." And he believed that person.
... I suppose the answer is to make a fuss about it. The more people there are in the tech world who are loudly backing the other guy, the better he'll get the hint.
When it's framed that way it doesn't sound unreasonable, he's just listening to the wrong person. I'm sure there's someone there telling him that it isn't possible to do that, but how does he know who to listen to?
FYI if the president doesn't sign or veto it for ten days it becomes law without his signature.
I wonder what was the last time that happened? Do you know? I couldn't find the answer with a few minutes googling.
You are welcome on my lawn.
The White House declines to publicly support the bill during an election year you mean.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Because what you are describing is key escrow, not end-to-end encryption. What WhatsApp implemented recently (I believe, correct me if wrong) is proper e2e, where only the sender and recipient have access, and even WhatsApp can't see the contents. It's exactly this kind of encryption that is being attacked and various agencies want to put backdoors in it. Also, if I encrypt data offline, and then send it (encryption completely apart from the sending medium or app), I want strong encryption without anyone but designated recipient to be able to access it. Any form of outside access would be a back door. Even explicit key escrow could be considered such, as it would require me to send the key somewhere for "safekeeping", deeply undermining the security in real sense (both sending and storage of the key would be vulnerable).
This universe shipped by weight, not by volume. Some expansion of the contents may have occurred during shipment.
What does the government do when end users install open-source, encryption-enabled communication software, and there's no company to sue? Will they outlaw the mathematical formulas that enable encryption?
O'bama? He's not Irish.
The draft text will give judges authority to order tech companies to help law enforcement when asked to
And the summary uses the phrase "judges order tech companies to break encryption". I don't know which one of these idiot "tech websites" started this rhetoric, but it's getting really annoying. I can't figure out if they are willing Apple propagandists, or just completely retarded.
Good encryption can't be broken - It's a mathematical algorithm. What this bill is talking about is a warrant to get around security measures. Apple's idiotic anti-theft kill switch (that was also mandated by a nanny-state law from California) is not "encryption". It is a runtime process that monitors the number of attempts to enter a password and then deletes the encryption keys. It's like if you had a secure locker with a boobytrap mechanism that incinerated the contents when a brute force entry was detected. If the locker contained documentation written in a cipher that may contain information to solve a crime, and the FBI asked the company that made the locker to help them disable the boobytrap so they could try to take a look at it, you wouldn't claim they wanted to outlaw ciphers (unless you were a propagandist or moron). This whole issue is plagued with so much misinformation it's astonishing.
If it ain't broke, don't fix it.
I really think giving the courts so much power is a mistake. The law is not some special thing of such imporance that it always needs enforcement. The courts view into private matters really is too pervasive and too powerful.
Courts powers need to be extremely limited. The only people that should have no ability to hide anything from courts is the government itself. So maybe they should ammend all writs to only apply to writs where the subject is the government itself.
"I opened my eyes, and everything went dark again"
Because the NSA has already broke.
If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.
LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.
Nope, that has not been true since 2012. As the President said back then, its his last election and he never has to face the voters again, and as a result he'll have more "flexibility" on issues after the election.
Didn't he tell the DEA to stop raiding medical marijuana facilities in states where it's legal, and the DEA kept right on doing it anyway? Not even the president can keep federal law enforcement in check these days.
You missed a very important point that I hoped to make clear. The President can not tell an agency to not enforce a **law**. He can tell an agency not to pursue a **policy**.
Those DEA raids are enforcing federal *law* not some agency policy.
The FBI asking Congress to ban cell phone encryption is a *policy*. The FBI can be told don't ask for that. Congress can be told, ignore what they asked for. The President just needs to pick up that phone and pen he likes to talk about.
Did you miss the part where perfect security requires zero freedom?
That is why empires flourish, because they provide security.
and, if you aren't one of the THEM, you have nothing to lose
So until we have a review board of theocrat hostile members with full access and the power to imprison spies, police, and judges, without review or pardon on mere SUSPICION of violating civil rights, able to destroy the blue wall of silence, we can NOT let the aforementioned have access to our private communications
"I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you ..."
Just imagine how you would do it for PGP or SSH. Oh, you want to generate a new key? not permitted. You need to go to the DMZ, pay $50 and talk to their crypto people and they'll issue you your public/private pair and submit the backdoors to the appropriate government agencies.
I guess you could have a master crypto library with a master key so that you don't need to visit the ministry of Security... although it's not clear how a new OS would get a new key... it might require the OS vendor to have a government certified CA which would require audits and certifications to operate. Microsoft would love it. Audits cost easily $100k+/year. The big Linux distros could probably pull it off, except Debian... maybe they'll get a key from some university somewhere.
Of course all these agencies require independent crypto vaults to store the keys... unless you mean an ultra-master key? what if the presence of millions of derivatives of the master allows for an algorithmic weakness to pick apart the master key. No, not a good idea. I guess the $50 admin fee can go to managing the multi-billion-dollar vault-system which will go to Diebold or somebody else's brother... and it will get hacked anyway, and even after everyone rotates their keys, all their data-at-rest will have their key size reduced by a third.
Then what do you do about legacy devices? about foreign devices? what about devices exported from the U.S.? I guess you could be like Turkey and require cellphones to be on a trust list... establish more severe border controls... etc. etc.
With defenders like you, who needs attackers?
You're a moron, and an example of how we got into this mess. You've never participated in democracy other than to vote and you don't even know much about that.
My ism, it's full of beliefs.