Senate Bill Draft Would Prohibit Unbreakable Encryption

buck-yar quotes a report from the Associated Press: "A draft version of a Senate bill would effectively prohibit unbreakable encryption and require companies to help the government access data on a computer or mobile device with a warrant."
The two Senators finalizing the bill announced "No individual or company is above the law," saying their goal is to ensure compliance with court orders to help law enforcement or to provide decrypted information. The ACLU's legislative counsel argued the drafted legislation represents a "clear threat to everyone's privacy and security," and the bill is opposed by another member of the Senate committee, Ron Wyden, who says it would require "American companies to build a backdoor... They would be required by federal law per this statute to decide how to weaken their products to make Americans less safe."

Write your senator

This is a good time to drop them a letter AND an email AND a phone call AND a fax while at it. Go on, do what's expected of you but too few of you actually do.

Re:Write your senator

[Z00L00K]

I have no Senator, not even an Opel Senator.

But if unbreakable encryption is forbidden then only criminals will use it.

Re:Write your senator

[FlyHelicopters]

This is a good time to drop them a letter AND an email AND a phone call AND a fax while at it. Go on, do what's expected of you but too few of you actually do.

I don't give them money, so they don't care.

https://youtu.be/Ylomy1Aw9Hk

Last Week Tonight with John Oliver: Congressional Fundraising (HBO)

Well worth 21 min of your time.

Re:Write your senator

[WarJolt]

Sounds similar to arguments the NRA has been using for years. Congress is not persuaded by logic. Let's add pieces to this. If all legal encryption is breakable then criminals would use unbreakable encryption, criminals would decrypt all law abiding internet traffic and Congress will be faced with the same reality China faces with the great firewall of China; Some tech just can't be regulated.

I love it when nerds can emasculate politicians.

Re:Write your senator

[dryeo]

Sounds similar to arguments the NRA has been using for years. Congress is not persuaded by logic. Let's add pieces to this. If all legal encryption is breakable then criminals would use unbreakable encryption

So basically the satellite tv providers, cable, game systems and all the rest would have to use breakable encryption. Yah, that is going to work.

I'm sure they'll be exceptions for certain types of large businesses

Before everyone gets up in arms about this...

[FlyHelicopters]

Was this bill introduced with the intention of passing it, or was it done for election time?

Many bills get introduced that have zero chance of passing, rather they do it so the Congresscritters can go back to their home state and say "I'm fighting for you, to stop those evil terrorists from threatening your family, vote for me!"

Re:Before everyone gets up in arms about this...

[click2005]

No this bill was introduced so when it fails and they introduce a slightly les offensive bill it will pass.

Its like how people will vote for someone based on them being "not as bad as some previous guy"

Re:Before everyone gets up in arms about this...

[dgatwood]

That needs to be repeated: the majority of Americans WANT BREAKABLE ENCRYPTION. The majority of people think Apple was in the wrong - something like 60/40 according to polls. So not an absolute majority, but not an insignificant one. Especially when it comes to politicians measuring which way the wind is blowing.

What I don't think you understand here is that the opinion of the majority of Americans is completely irrelevant to what government actually does. Completely. Most politicians couldn't give two s**ts about what the public thinks. And although that is usually counterproductive, in situations like this, it is actually the right policy. The average American doesn't have any idea what encryption is or does; they just know that it magically keeps them safe. As such, their opinion on how crypto algorithms should be designed isn't important, because their opinion is not an informed opinion.

To use an analogy here, the majority of Americans want flying cars. The fact that they won't know how to drive flying cars doesn't matter to them. The fact that it isn't currently technologically feasible to build flying cars doesn't matter to them, either. If government listened to those demands, they would pass a law saying that 25% of cars next year must fly. Doing so won't give us flying cars; it will just cause all American automakers to shut down because of their inability to comply with that law. Politicians know this, because they have listened to people whose opinions actually are informed, and as a result, they won't pass such a law no matter how many Americans might jump up and whine, "But I want my flying car NOW!"

There are exactly two groups of people whose opinions matter in this case: law enforcement and the technology industry. Law enforcement's opinions matter because they're in the trenches, and they think they know what tools they need to get their jobs done. The opinions of people in the tech industry matter because they're the ones who can say whether or not what they are asking for A. is feasible, and B. can be done in a way that doesn't completely destroy the security of the system as a whole. Nobody else's opinion matters in this debate, because nobody else has sufficient knowledge of the ramifications of such a law (including, apparently, much of Congress).

It would be laughable to allow government positions to be decided by a bunch of uninformed people merely because they scream their ignorance at a louder volume than the rest of us. That's the surest way to governmental collapse, and is the reason that most politicians quickly erect an intern-powered bozo filter around their inbox....

Geeks are losing this battle. The simple problem is that people want encryption to be like a safe: a thing you use to keep The Bad Guys out, but which The Good Guys can still bust open if necessary. People flat-out don't want unbreakable encryption or perfectly secure phones. See that earlier story about the dad trying to get Apple to unlock his late son's iPhone. People side with the father. They want it to be possible to break into encrypted things.

No, people want to be in control of their lives. Some of them wrongly believe that banning encryption will give them more control. We merely must educate them about the fact that doing so will actually give them far less control.

In some cases, governments go too far in trying to create the illusion of control, such as many of the things our government did after 9/11. However, the people grasping for power after 9/11 were mostly unopposed. The airline industry has always been on the verge of bankruptcy, and they weren't about to try to fight the government to keep them from forcing all of those changes, because they wouldn't have survived. In contrast, the government is now going up against the three largest companies on the planet Earth (Apple, Google, and Microsoft)—companies that make essentially 100% of the world's smart

Re:Before everyone gets up in arms about this...

[Tom]

While I agree with you in general, you are too strict and don't understand the concept of democracy. Look:

There are exactly two groups of people whose opinions matter in this case: law enforcement and the technology industry.

That is a technocracy, not a democracy. Rulership by the people means exactly that. If people are uninformed, make them informed. That is the actual reason why we have representative democracy (i.e. parliaments and such), because a small group of people whose sole job it is actually has the opportunity to become informed and then decide.

Of course, the current political system doesn't work that way because they don't (any of that), but at least that is the idea.

People should decide, otherwise we end up in what we have in Brussels: A technocratic government completely detached from the people it governs making decisions purely on administrative merit.

Re:OSS

[Anonymous+Brave+Guy]

Or does the US Congress think that they pass laws for the whole planet?

Was that a serious question? ;-)

Feinstein ain't no Einsten

[Space+cowboy]

She's just a paranoid old woman who's so scared about "the terrorists" that she's willing to give up ... what's the line ? Oh yeah, "essential liberty" ... sounds familiar somehow.

I happen to work on De Anza Blvd, and I was looking out the window when the proverbial was hitting the fan with Apple and the FBI, there was suddenly a cavalcade of blacked-out sedans overriding the lights sequence, with police blowing their horn as someone (my assumption here is that it was the senator, no-one else really gets that level of police co-operation) halted the normal traffic lights sequence so this entire entourage could turn into Infinite Loop.

So, Diane was going to yell at Tim. I have some reasonable hope that Tim told her to stick it where the sun don't shine, but I think he's more polite (not to mention politically astute) than I, so I'm sure he came up with a gentlemanly way to say it.

The good news is that she won't be re-elected because she's not going to run any more. She's too old (thank $deity) so we have a chance of getting someone in who isn't a complete fucking moron when it comes to national security. There's no way this state will elect a republican, so we're stuck with her until then. She gets a lot of votes, and I really hope that's just people voting along party lines because if people actually *want* her policies, well... shit, time to leave.

Good

[shawn2772]

This is good. Not the bill, but this is the correct place for this debate, in the legislature, not the courts. Now we just need to make sure it loses, and for the right reasons.

Cameron vs Panama Papers

[flyingfsck]

The Congressmen should speak to PM Cameron of the UK about the need for privacy and encryption. He seems to have gotten a change of heart following the Panama Papers leak. Anyhoo, all encryption is breakable. It may just take a while...

Second Amendment Issue?

[AF_Cheddar_Head]

Follow along with me:
Cryptograghy is subject to ITAR (International Traffic in Arms Regulations)
This means the Federal Government treats Cryptography as an Armament
What does the second amendment say: "the right of the people to keep and bear Arms, shall not be infringed"
Hey NRA time to step up and defend the Second Amendment against the heinous assault. Slippery slope and all. You don't want these guys coming after your guns do you.

They brought this on themselves

[sjames]

The NSA and FBI brought this on themselves. Before all the spying on everyone, parallel construction, and warrant less use of stingray plus secret courts, nobody was all that much interested in consumer products with unbreakable encryption.

If they want to blame someone for this, they need to look in a mirror and understand that their operations are just plain creepy and incompatible with a free country. They are starting to smell like the Stasi and a significant portion of the citizens of this country don't care to give them any more of a foothold.

Re:Deal

[qeveren]

A one-time pad is pretty close, in that you can never really tell when you've actually decoded it.

Think a step further

[Elfich47]

Let's take this law to its logical conclusion. No one in power cares about individuals download pgp and encrypting their email. Everyone cares when money gets involved.

All "trusted" internet commerce where you plug in your credit card number is dependent upon encryption strong enough to prevent credit card and identity theft. If this law were to pass no internet commerce company would be able to use encryption strong enough to prevent people from stealing credit card numbers by skimming traffic. It may take a little bit (hours or days) but someone skimming Amazon or bank traffic will start being to pull out credit card and account numbers and the trust of internet banking will be destroyed for years.

This is what will prevent strong encryption from going away- the encryption has to be available to all users for it to be useful. People, credit card companies and insurance companies will not tolerate money being stolen whole sale that we have not seen yet. Yes I am aware that people get their card numbers stolen everyday. Removing encryption would guarantee that your card is stolen the first time you use your card on the internet.

Re:This...

[tnk1]

It will work *very* well, just not at the ends that these Senators want.

Do you know how painful it is to work with European companies thanks to how shitty Facebook and company were with cooperating?

Now a law that ends all unbreakable encryption will make it impossible for me to convince anyone in Europe that they won't be owned the second they send some data over. Even though our app doesn't require any sort of private information, or take any credit cards.

Yes, the Europeans in that case will be technically wrong, but who can really blame them for not being at least a little gunshy in that regard? They not going to want to have to closely inspect every single purchase they make of a product where they can't make an assumption that we are making a good faith attempt to protect them because our fucking government won't let us.

These Senators are idiots and appear to want us to lose all our international business for some stupid terrorist fearmongering bullshit.

Re:This...

[fustakrakich]

Unenforceable; impractical; in the final analysis, stupid.

You folks still aren't getting it. The law provides probable cause against anyone using unbreakable encryption (like such a thing exists). If the cops can't decipher your communications, they can bust the door down, take everything and arrest you on mere suspicion.

The sad thing is that these laws are such an easy sell to the panicky and actually very authoritarian public.

And there's that name, Feinstein, again. Fascism in a dress.

No such thing

[fyngyrz]

Unbreakable encryption -- outside of direct coercion of the sender or receiver -- is trivial. Here's an encrypted message from me:

"The cockatrice is in the jacuzzi"

Let me know when you can decrypt it without directly coercing me. You're allowed to use any intellectual or computing resources available to anyone on the planet. Or all of them. Until you can, there's no way, literally no way to make unbreakable encryption inaccessible to anyone with a vocabulary larger than a parrot's (on second thought, that might be enough anyway.) Making such a thing illegal to do, or use, is completely impractical.

You can punish someone for using it, if you can catch them at it.

Re:This...

[ATMAvatar]

Or what has become increasingly popular: charge the person's possessions with a crime and take them to increase yearly revenue. In some years, the police have taken more from people than burglars.

Re:This...

[delt0r]

It is not like this is a new situation. For quite a while when there was "export" restrictions on encryption you couldn't really communicate to the US with decent security. Within the US was fine. Within the EU and the rest of the world was better. Even off shore US companies couldn't use strong encryption because it was still "exporting" it. I know at least several occasions were companies i worked for would not use US companies for this reason.

Re:This...

[Tom]

Yes, the Europeans in that case will be technically wrong, but who can really blame them for not being at least a little gunshy in that regard?

We would be technically wrong, but procedurally correct, because if you have laws like that, plus secret courts and gag orders, staying as far away as possible is the only way to keep data safe.

The secret courts are the worst. You know when we over here had them the last time? It was in Nazi Germany.