Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Declines To Support Bill That Would Let Judges Order Tech Companies To Break Encryption (reuters.com)

Posted by BeauHD on from the controversial-bills dept.

kheldan quotes a report from Consumerist: Senators Richard Burr and Dianne Feinstein are expected to introduce a bill regarding phone encryption as soon as this week, according to Reuters. The draft text will give judges authority to order tech companies to help law enforcement when asked to -- basically, it would be a newer piece of law to fall back on than the All Writs Act of 1789, which is the one that usually sees use for this sort of thing. However, sources tell Reuters that the bill "does not spell out what companies might have to do or the circumstances under which they could be ordered to help," and therefore really doesn't necessarily change the underlying discussions at play, both in the tech world and in government. Nor does the bill specify penalties for failing to comply. The FBI recently briefed Senators Richard Burr and Dianne Feinstein on the methods used to unlock the San Bernardino terrorist's iPhone 5c. According to Reuters, the White House is declining to offer public support for draft legislation Burr and Feinstein are currently working on because the administration is "deeply divided on the issue." The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input, if any, sources familiar with the discussions said.

32 of 150 comments (clear)

  1. Translation: by Anonymous Coward · · Score: 5, Insightful

    "The White House has reviewed the text and offered feedback, but it is expected to provide minimal public input."
    Keyword - "public"
    Obama fully supports it but because it's a political season doesn't want the public backlash of not supporting civil rights.

    If he didn't support it he'd be telling the FBI to back off.. He *IS* their boss after all...

  2. Re:Tell me again... by Edis+Krad · · Score: 4, Informative

    Glad to
    http://www.macworld.com/articl...

  3. The only thing worse than partisanship... by TsuruchiBrian · · Score: 5, Insightful

    is bipartisanship. Democrats and Republicans really only come together when it is time to give themselves a raise or shit like this. Can we go back to gridlock?

    1. Re:The only thing worse than partisanship... by JackieBrown · · Score: 2

      Since you feel this way, can you vote for my candidate since - in your mind - it doesn't really matter who you vote for?

  4. President has pen, can write exec order to FBI by drnb · · Score: 4, Insightful

    Tell me again about how Obama is all in-support of the FBI and weaker consumer encryption?

    The FBI is under the President's control. The Attorney General answers to the President. The FBI answers to the Attorney General (AG).

    If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.

    The President can not tell the FBI what laws to enforce or not enforce but he can sure as hell can tell them what policies to pursue or not pursue. He has his pen and can write an executive order to the FBI.

    1. Re:President has pen, can write exec order to FBI by MachineShedFred · · Score: 2, Informative

      strangely, this President does pick what laws to enforce, and which not to.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    2. Re:President has pen, can write exec order to FBI by ZipK · · Score: 4, Funny

      If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then stops doing that.

      LMFTFY: If the President dislikes an FBI *policy* he tells the AG to stop doing that, the AG tells the FBI to stop doing that, the FBI then shares with the President selected excerpts from their files that the President would really prefer didn't end up in the hands of GOP legislators or the press.

    3. Re:President has pen, can write exec order to FBI by operagost · · Score: 2

      You got modded down, but this is clearly true. He ordered the INS to stay away from the parents of anchor babies in November 2014. This is "phone and pen" stuff. The truth is not up for debate.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    4. Re:President has pen, can write exec order to FBI by WeezulDK · · Score: 2

      He's definitely right. look at the deferred deportation program for illegal aliens... or the fact they release illegal aliens from prison INTO the US instead of deporting them.

  5. Sounds like Obama Did Some RFC On The Subject by macs4all · · Score: 4, Insightful

    Administration is Deeply Divided on the issue.

    That's code for "Yeah, everybody told us the FBI is off in left-field on this one."

    Sounds like cooler heads are starting to prevail, Thank Cthulu.

  6. Not supporting & not signing are 2 different t by sasparillascott · · Score: 4, Insightful

    Its important to remember, with regards to the this administration which has been orchestrating and allowing this all along. That not outright supporting the bill (which would immediately loose a bunch GOP support - because hey, O'bama) versus saying he wouldn't sign it are 2 very different things. O'bama is no friend of public security / privacy.

    This was before the CA shooting: https://theintercept.com/2015/...

  7. They are avoiding the right way by MrKaos · · Score: 2, Interesting

    Burr and Feinstein that is.

    The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*. That way they can still maintain their operational integrity (i.e the warranted party does not know they are being monitored) and the rest of the populations free speech rights. This could easily be supported by All writs or Telecommunication intercept acts of many commonwealth countries.

    The issue is here, that they just want to have access to peoples communications without a warrant, which is a violation of privacy no better than any other garden variety black hat access.

    If the police and other agencies can't respect the very laws that they are upholding, then they are breaching the very constitution they are sworn to uphold. From the perspective of someone accessing data that makes them no different from the criminals they are chasing because they are violating constitutional rights. Unalienable rights and that laws can't be unconstitutional.

    Democracy isn't driving around in a tank. Democracy is a fragile girl, vulnerable walking down the street in a bad neighbourhood, Burr and Feinstein are the creepy ones offering her a ride.

    --
    My ism, it's full of beliefs.
    1. Re:They are avoiding the right way by Anonymous Coward · · Score: 5, Insightful

      Wrong answer sparky! The right way is for the manufacturers to build in the strongest, hardest to break encryption and other safeguards against hacking into personal devices that they sell, and for the government, FBI, CIA, NSA, and law enforcement to realize that they can't have the backdoors and weakened encryption that they want, and that personal devices cannot be hacked even with a warrant or judges orders!

      Private citizens deserve to have privacy of the info on their devices, and privacy from having their devices tracked by ANYONE! The government and above named agencies do NOT NEED TO KNOW EVERYTHING ON EVERYONE'S DEVICES. We have already gone way to far down the road to George Orwell's 1984, its time to stop the illegal tracking and invading people's privacy!!!

    2. Re:They are avoiding the right way by Anonymous Coward · · Score: 5, Insightful

      I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.

      Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.

      And you expect me to trust them with maintaining confidentiality of encryption keys? What kind of idiot do you think I am? (We already know what kind of idiot you are)

    3. Re:They are avoiding the right way by Anonymous Coward · · Score: 3, Insightful

      "The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*."

      No. That's the Clipper Chip all over again. It was a doomed idea in the 1990s. It's just as doomed in the 2010's.

    4. Re:They are avoiding the right way by gweihir · · Score: 2

      Aaaand, fail. If you had bothered to read up on what actual security experts are saying, you would know that your plan is bogus and unworkable in practice.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:They are avoiding the right way by Plumpaquatsch · · Score: 3, Insightful

      Burr and Feinstein that is.

      The right way is to have an office of the judicature maintain a set of third party keys that law enforcement can request *with a warrant*.

      Problem those keys will leak and become public. It happened with physical keys, it will happen more easily with binary keys that can be just copied.

      --
      Of course news about a fake are Fake News.
    6. Re:They are avoiding the right way by MrKaos · · Score: 2

      I literally have a letter on my desk explaining that the government allowed my personal information which was entrusted to them to leak.

      At least they disclosed that they fucked up - still very bad.

      Before that, I received a mailed copy of tax filings with the cover letter indicating that I had requested them. I hadn't, and when I called the IRS office that sent it, they neither had any evidence of who had made the request, nor even any record that a copy had been sent out.

      Don't attribute malice to incompetence.

      And you expect me to trust them with maintaining confidentiality of encryption keys?

      No, I'm expecting a legal framework that forces law enforcement to observe proper procedures so they can do their job and still protect freedom. If we were talking about trust we would not be talking about encryption at all.

      (We already know what kind of idiot you are)

      The kind who defends your right to anonymity and stays up most of the night trawling through legislation and writing letter to politicians.

      What kind of idiot do you think I am?

      The kind of idiot who criticizes someone for defending your right to anonymity and makes them wonder why they do it.

      --
      My ism, it's full of beliefs.
    7. Re:They are avoiding the right way by orlanz · · Score: 5, Insightful

      I am sorry, but you are severely lacking in the technical knowledge of how these things work. AND you got modded a +5-Interesting on Slashdot of all places? Clearly there are a lot of folks that think in a similar vein... else I guess this would have been a open&shut case. I will try to dumb it down for you in non-IT. Sorry if I am coming off mean, but that is my emotion right now on your "technical solution" to a human problem.

      Imagine home builders started making very secure homes. They aren't impossible to break into, just very very difficult. Whether you have a warrant, "reasonable suspicion", or just a criminal is irrelevant and a separate topic. The house is really really hard to break into. So the city council says that all builders that build in their district must provide a master key to be kept in a safe in city hall. So they have a set of master keys to every house in the city. Assume the perfect legal framework as your described.

      You see NO issue in the above concept? None at all? You don't think a criminal will be able to eventually duplicate a master key? You don't think people's property values will go down and folks won't live there because of this?

      How about a better technical solution to what you describe. Every key generator registers new keys/passwords/personal Q&As in the legal lockbox of yours to be used by legal/moral means only. Drop the complexity of encrypting & storing data with 2 keys. If you are going to be looking up a master key for one device, you might as well have the database just find the device's main key. Remove the risk of a crook figuring out a master key and robbing everyone.

      Do you really think this is ok? This is wrong! We shouldn't be forced to have to keep our doors open for all our neighbors. The occasional inability to get into our neighbor's house for an emergency is the small price we pay for that freedom.

      People are members of society, not peasants of the collective. We are all voluntary stakeholders in our overall betterment, and should not be treated like chained slaves or prisoners staring at the shoulders of one before. Democracy is a consensus, a collective bargain. Yes, it is fragile, but that is what makes it so great. We all agree to work together for our individual and collective betterment. Not one or the other. And where those goals do not meet, the misguided agreements fall apart and no one is sacrificed.

      I think the concept that the "People" have the right to get into your personal stuff, is just wrong. They can have a right to try, but they don't have a right to be successful nor have it made easy. That is not a cornerstone or proper foundation of a good society. And this is before the absolute power corrupts, politicians will abuse this, criminals will hack it, mistakes happen, and bureaucracy buries in "human problems" come along.

    8. Re:They are avoiding the right way by SpiceWare · · Score: 4, Informative

      Third party keys are never safe, here's two real-world examples:

      The $8 key that can open New York City to terrorists

      Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos

      For digital keys all that needs to happen is the bad guys to identify who has access to them then kidnap their family members - "give us the keys or your daughter dies".

    9. Re:They are avoiding the right way by operagost · · Score: 3, Insightful

      Your mistake is expecting the government to have third-party keys, and not abuse them.

      Various levels of government have already shown they abhor the minor inconvenience of requesting a warrant. They don't like having their activities be public, lest the people question them. W had a virtual rubber-stamp FISA court, but he still went around it because he didn't want his anti-terrorism activities exposed. And they really hate when they're told no.

      A 21st century Clipper chip is not happening.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    10. Re:They are avoiding the right way by MrKaos · · Score: 2

      That's you, being "on the record" as advocating they COMPLETELY fuck it up.

      Intelligence agencies are going to suck up every bit of intelligence they can until they are forced to comply with a process to get it. Doesn't the fact that they are ignoring the constitution tell you where things are right now?

      The Clipper Chip.

      DIDN'T REQUIRE A WARRANT

      Know your history. Poking a hole in everyone's locks does NOT make anyone safer. As those holes will most assuredly be compromised, your reducing the security of a lot of people and giving out sensitive information to hackers and terrorists.

      FFS, they don't need a warrant now.I AM NOT ARGUING FOR BACKDOORS, I AM ARGUING FOR THE USE OF A WARRANT - THAT IS THE POINT jeeez

      You have advocated people no longer having the right to hard encryption, but instead only having access to SHIT encryption full of mandated holes.

      No I'm not. I am arguing for a means to control these agencies accessing the data in the first place, encrypted or not. I know it is counter intuitive and my bad for thinking that people had the capacity for holding two ideas in their heads at once, that legally recognising that encryption as a means of free speech instead of...

      But please, enlighten me. How does the US government control my access to GPG?

      a controllable munition, where they simply control distribution. That won't stop you from using it, but it only be useable to a few (as great as it is). Tell me how PGP will protect your voicemail and GPS position that tracks your position constantly when there are no authorizations needed to collect it?

      And if you recall, the source code for PGP is protected under copyright law and the first amendment as it was published in book form so as to specifically flip the finger to anyone trying to control access to it.

      Right, so how do you encrypt a call to someone who does not know how to use encryption when it is illegal to teach them how to use it?

      It's a handy dandy little tool that I can go get and verify and use to my hearts content. Legally.The one looking like a cunt here is you.

      How does that help people who don't know how to compile software. Are you thinking of anyone else except yourself?

      --
      My ism, it's full of beliefs.
  8. an embarrassment by supernova87a · · Score: 2

    I am really looking forward to reading the legislative drivel that comes out of these Senators' staffs' iPads just one month after this single news story broke.

    I'm sure that these smart Congressional interns will easily be able to understand and improve upon the original All Writs Act that the Founding Fathers came up with, after years-worth of thought and debate among the intellectual giants of that age.

  9. Re:Declines to support == Declines to oppose by Anonymous Coward · · Score: 4, Insightful

    No, it's not indecision. It's that he's smart enough to know this bill is potentially toxic to freedom, will be hard to write so that it is't unconstitutional, and is a non-starter with the non-brain-dead populace. So he wants no part of it, and he especially wants to avoid being caught up in the frenzy following the output from another go-around of the old standard political syllogism, to wit:

    We must do SOMETHING. (political furor du jour, for example, "won't someone PLEASE think of the children")
    This is something we CAN do. (bill du jour, that is, difficult to get right and potentially toxic encryption legislation)
    Therefore, me MUST do THIS. (pass this bogus bill).

  10. Feinstein is evil by dbc · · Score: 5, Insightful

    Why is it that everything I hear from Feinstein is anti-liberty, anti-individual, and pro-goverment-power? She is the modern poster child for exactly the kind of person that the founders fought the revolution in order to rid themselves of. Be gone, you power-mad, anti-liberty, disaster of a legislator.

  11. Re: Declines to support == Declines to oppose by Anonymous Coward · · Score: 3, Insightful

    Whatever his motives there's one thing certain: Dianne Feinstein is consistent enemy of freedom and of the American people. She's an insult to the Senate and to the Constitution, the path to uphold and protect she breaks with every new freedom destroying bill she introduces.

    She needs to be removed from the Senate an preferably tried for treason as the only thing she does is give aid and comfort to the enemies of freedom.

  12. But what if it was too late already by argumentsockpuppet · · Score: 2

    There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.

    I see two, or maybe three levels to this game:
    What if done correctly? (-ish)
    I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.

    In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?

    Why do they want you to think this is what is going on?
    I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.

    What if it is worse?
    Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.

    1. Re:But what if it was too late already by bloodhawk · · Score: 2

      It has never been about whether it is technically possible. It is all about competence and the complete lack of trust in those that possess that access, They have been repeatedly shown to abuse every privilege they have, why would anyone think this would be any different?

  13. Re:Tell me again... by Anonymous Coward · · Score: 2, Insightful

    He acts like the government is doing some kind of favour to the citizens by providing protection and that somehow the citizens are obligated to give up their liberties as payment.

    It's the government's FUCKING JOB to protect its citizens. They don't get to have any kind of special credit for it and they certainly don't get to have any kind of special payment (ie. private data) for it.

    This reminds me of a bit that Chris Rock did a long time ago about niggers trying to take credit for shit that they are supposed to do.

    Ghetto parent: "Oh, I take care of my kids!"
    Chris Rock: "You're SUPPOSED to you dumb motherfucker!"

  14. Re:Declines to support == Declines to oppose by Imrik · · Score: 2

    FYI if the president doesn't sign or veto it for ten days it becomes law without his signature.

  15. Re:Why is giving law enforcement agencies access t by Aruta · · Score: 2

    Because what you are describing is key escrow, not end-to-end encryption. What WhatsApp implemented recently (I believe, correct me if wrong) is proper e2e, where only the sender and recipient have access, and even WhatsApp can't see the contents. It's exactly this kind of encryption that is being attacked and various agencies want to put backdoors in it. Also, if I encrypt data offline, and then send it (encryption completely apart from the sending medium or app), I want strong encryption without anyone but designated recipient to be able to access it. Any form of outside access would be a back door. Even explicit key escrow could be considered such, as it would require me to send the key somewhere for "safekeeping", deeply undermining the security in real sense (both sending and storage of the key would be vulnerable).

    --
    This universe shipped by weight, not by volume. Some expansion of the contents may have occurred during shipment.
  16. Re:Not supporting & not signing are 2 differen by omnichad · · Score: 2

    O'bama? He's not Irish.