Slashdot Mirror
Burr-Feinstein Anti-Encryption Bill Is Officially Released (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: Senators Richard Burr and Dianne Feinstein released the official version of their anti-encryption bill today after a draft appeared online last week. The bill, titled the Compliance with Court Orders Act 2016, would require tech firms to decrypt customers' data at a court's request. The bill is not expected to get anywhere in the Senate. President Obama has also indicated that he will not support the bill, Reuters reports. The bill requires legislation requires communications services to backdoor their encryption in order to provide "intelligible information or data, or appropriate technical assistance to obtain such information or data." Sen. Feinstein stated, "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Then you will be compelled to hand over the key. There is no technological solution to a political issue. None. A signature on a piece of paper by a Person in Power automatically invalidates years of research by intelligent persons. Ask the British how GPS helps them when they're forced to surrender the keys.
Microsoft, Apple, and Google are all very much opposed to this. They also have massive amounts of money. We all know that contributions to campaign funds influences how politicians vote. Those companies absolutely have the collective power to kill legislation like this. As long as the real powers that be don't want this to be the law, it won't pass.
'It became necessary to destroy the town to save it', a United States major said today. He was talking about the decision by allied commanders to bomb and shell the town regardless of civilian casualties, to rout the Vietcong.
With GPG, the person that encrypted the data does not have the key, only the intended recipient does (unless they destroyed it, at which point the data is 100% irrecoverable by anyone)
I guess the point is GPG isn't useful for encrypting stored data like files on disk - its intended for encrypting data for transmission to another party, and protects it in-transit.
In the US, just over 3,000 people have died of terrorist attacks. In 21 years. How many millions die from car crashes alone each year? Are we going to start improving our public transit? No, of course not, because that's not the sexy ratings our senators here want.
The really sad part isthat these are people who voted in, they are not dictators or such. A majority of people are actually stupid enough to vote for such idiots, and it makes me wonder where our future is headed. Given the rather extreme views that have become fashionable over the last year, I don't think it's too far off we'll soon be looking at the level of control shown in Russia today. I sure hope it was worth losing our privacy, safety, and fundamental values to save us from those "evil terrorists", who haven't played a role in 99.999% of the population. Might I point out, that's not an exaggeration.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
All the time. Seriously, that's what terrorists do. Does anybody think it's a part-time thing or whatever? "Let's see Achmed... Tomorrow we'll go fishing, then we hit the beach and next week we'll plot to kill Americans. But it must be wednesday because I have bingo on monday and a garage sale on tuesday, and the rest of the week I have to fill in for Jamal who's having a jihad on non-recyclable grocery bags."
"We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Can't have both, buddy.
Then the mere existence of GPG on your machine will be enough to send you to jail. It's that simple, really. Make a few high-profile examples and the populace will get the message. As for those die-hard cryptonerds... I bet Feinstein would love to see them all in jail away from computers, where they won't bother anyone anymore. Make no mistake: those in power are not the made of the same stuff we are. They are royalty, we are small folk. If they have to destroy thousands of us to reach their goals, they will do it. Your computer is powerless against the might of the law. Obey or be destroyed. Your choice.
This is pretty much the nail in the coffin.
If her prior activities that would make an Inspector General blanch weren't enough, this monstrosity is pretty much proof-positive of her loss of mental faculties.
Personal privacy always/forever trumps national security. End of story.
Terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order.
Yeah, right.
Oh, wait, the most recent terrorist attacks in Belgium were carried out using disposable one time cell phones without using encryption of any kind.
Who are those politicians are trying to fool? Why the terrorists cannot create their own encrypted applications which do not save any data whatsoever? I mean we already have Telegram, Wire and many other apps with P2P encryption and timers which pretty much guarantee no party will ever be able to restore or decrypt the content of conversations.
Stop them from getting away with that, by the courts! First, get floozies to stop murdering their unborns!
Vote Ted Cruz 2016
All-American Canadian
We would have the most secure borders in the world.
But we don't.
So they don't care.
Secure the borders then I might believe terrorism is actually a threat.
Until then, every single politician at every level can kindly go fuck themselves.
Burr-Feinstein Anti-Encryption Bill
I heard they're opening for Aerosmith next month.
systemd is Roko's Basilisk.
The proposal itself may be awful, the likely consequences would be good. This could very well be the final push for many companies processing personal information to finally leave the US and settle in a country less hostile to privacy.
Make a few high-profile examples and the populace will get the message.
I don't necessarily disagree with your premise, but as a counter to this particular point... it didn't work with piracy, so why with encryption?
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Sometimes they plot to kill other people as well... just sayin'.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
The really sad part isthat these are people who voted in, they are not dictators or such. A majority of people are actually stupid enough to vote for such idiots, and it makes me wonder where our future is headed. Given the rather extreme views that have become fashionable over the last year, I don't think it's too far off we'll soon be looking at the level of control shown in Russia today. I sure hope it was worth losing our privacy, safety, and fundamental values to save us from those "evil terrorists", who haven't played a role in 99.999% of the population. Might I point out, that's not an exaggeration.
It's not just stupid people. It's also people who don't understand the issues because they have never studied encryption or computer security. Smart people and policy-makers.
It's not Republicans. It's not Democrats. It's BOTH - and the out-of-control government they control.
Quit expecting that government to solve your problems - it IS your problem.
A much better idea would be term limits and eliminating the gerrymandering of districts. Then we wouldn't get stupid bills like this.
I hear terrorists use cars, both to get to and from their crimes! We need a new bill to address this. The bill would simply provide that, if a court of law issues an order to render technical assistance or provide accurate tracking information of car, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using cars to foil law enforcement efforts and commit atrocities, even in the face of a court order. We need cars for personal transportation, but we also need to know when terrorists are using cars to kill Americans.
Feinstein is appalling but not more appalling than the idiots in the state of California - who supposedly are so intelligent and cutting-edge - who elected her and have kept her in office.
The fact of the matter is that democracy in the United States is completely broken. And most people are profoundly deluded. They get up and go to work each day in a state of delusion about what is going on in their community and their state and country, as long as there is enough crap to distract them. As the saying goes: Keep them doped on religion, sex, and tv. Only perhaps science and self-righteous PC liberalism is the new religion, and video games and other things compete with tv.
It sickens me to see the anti-Trump sentiment being vocalized especially by deluded idiots who have no solution whatsoever for the serious problems occurring other than to continue being deluded. Zuckerberg had the audacity to criticize immigration policy as he lives in a $10 million home, has private security, flies around the world and stays in 5 star hotels. Yeah, try living in the neighborhoods which are being destroyed by the hell that America is becoming and then proffer that self-righteous tripe. But its never the blood of the "humanitarians" that is spilled, is it?
I assume you're a lawyer and I am now taking your word as legal advice.
Because while car crash deaths are still a real big killer, the IS has made MASSIVE strides in reducing them, and that has been done in no small part by legislation of new safety features. Deaths both in terms of absolute numbers and deaths per 100 million miles driven have been dropping consistently since around 1970.
Not agreeing with this bullshit encryption bill, just that your example may not be showing what you want it to show.
Yes, but we don't really care, do we?
Dude. Wake up. Go educate yourself about what is actually happening, why, and what it was like before.
Thick is the fog of lies.
We all know that terrorists and mafias follow laws and will abide by the rules. It is also well known that it is impossible to develop your own encryption software if there is a law in the US forbidding it, as there are no other countries in the world. This law is definitely sensible. It will help to capture terrorist's data without creating any problem to decent citizens.
After all, no decent citizen should have nothing to hide.
I wonder why there are no laws against spam, cryptolocker, viruses, etc... it would make my life much easier.
How about you make a law to make all terrorists report themselves at the nearest police stations to be executed! That would be even easier for you, right?
Of course, not reporting in is punishable by death.
Company and government-issued phones should have to have some sort of MDM product tied to them. If San Bernardino had used something like Blackberry ES to manage their iPhone (yes, BES supports Android and iPhone) their IT department could have popped the phone open as fast as the guy assigned to the task could log into BES and find the device.
So why are you backdoor-ing my phone? That question reveals how government really sees its citizens: Just like when the government promises to not use the powers it just gave itself. Encryption is a problem because LEOs can't use a bigger sledgehammer to get inside. Maybe, if the government spent time offering 'privacy' to citizens, citizens wouldn't be democratizing privacy themselves.
No 'but's: You're protecting personal data or you aren't. "Either you are with us, or you are with the terrorists." - GW Bush, 2001-09-20
Why should the presence of GPG send you to jail. I would expect that GPG is used more frequently for signing and verification, both of emails and application installation packages, than for encryption.
Plead 5th amendment. Or "I'm just transporting this USB stick".
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Senators Richard Burr and Dianne Feinstein are neither the oppressive arm of Government nor are they idiots.
They are, however, profoundly ignorant of how things work in the real (non-Beltway) world. They are of the same ilk that cannot understand that email kept on a small private server (small target) with a staff that gives a damn is quite likely a lot more secure than on a "secured government server."
They must be thinking, "the company will provide a back door and keep it secret." What a great concept. Unfortunately that idea belongs to a world where it took a whole government and a bevy of codebreakers to crack a simple substitution code - the Enigma codes. Today, a single hacker can put together thousands of cpu core resources to attack any system. If there exists a back door, if there is any way into an encrypted system, some 14 year old in Romania or Great Britian (or China!) will find it. Consider the fact that the FBI hired such to go after in iPad, and the thing was compromised in short order.
And lest we think that this is a good thing, so that governments can go after terrorists, let me pose a question on a personal level: "How big is your bank account? Would you mind if you woke up some morning and found it empty?"
There are thousands of terror targets and probably tens of thousands of would-be terrorists. There are quite literally billions of targets in the private sector. It won't make the even news for very long if Mr. Smith gets cleaned out, but to Mr. Smith it may seem pretty terrible.
And there is a worse side: Let's say that the government requires back doors everywhere. Does that mean that terrorists are going to give up and throw up their hands figuratively? Hell, no. Any competent programmer can come up with an encryption scheme not known to the government, perhaps with vulnerabiilities which are also unknown to the government. The good guys (Us!) have opened our bank accounts to the script kiddies, and the bad guys will go right on using strong encryption. The government will be right back where they are now, having to hire a hacker to break that encryption.
We will have given up the keys to our doors without putting a small dent in terrorism.
Not a good choice, imo.
Don't take life too seriously; it isn't permanent.
Make no mistake here: sending a bunch of drug users to prison did not stop drugs. It's taken way too long but people realize that now. Prohibition did not stop alcohol, the DMCA didn't even slow down piracy, and the considerable everything they've done so far hadn't given 'the message' to intelligent technology people yet.
Traitors like Feinstein are a problem to be sure, and they may be royalty, but Americans do have in their blood and in their traditions the knowledge of what to do about royalty.
And then the world wide tech sector would get a boost , and the US tech sector go bust.
What ? I never said I carred for the US tech sector. I am seeing this from the perspective of somebody in another country tech sector withshing that US politician get what they want : give us all non US firm a lot of jobs.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
We do - but we cannot have both.
Choose wisely.
Matter of degree. Almost everyone pirates or pirated something, very few encrypt compared to that.
i will have to cancel my credit cards and get new ones, and never buy anything online ever again,
Politics is Treachery, Religion is Brainwashing
You can't put the encryption genie back in the bottle. You look really dumb when you tell people you can.
I seriously just laugh every time I see this kind of foolish uneducated thinking. Don't senators have technical advisers that tell them: IT CAN'T BE DONE.
It's not even really a difficult concept to grasp, in my opinion.
how many times has a politician said one thing and then did the exact opposite when it comes time to put it down on paper
Politics is Treachery, Religion is Brainwashing
Feinstein is appalling but not more appalling than the idiots in the state of California - who supposedly are so intelligent and cutting-edge - who elected her and have kept her in office.
Yep. Feinstein gets votes on two bases; her vagina, and being anti-gun. There's literally no other reason to vote for her, because everything she does is harmful. She's being supported by superannuated spoiled children who want a nanny state.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
To the American people who think they live in an absolute democracy and liberty: you need to wake up and smell the coffee. Such a society never existed and cannot exist, because it is unsustainable. The libertarian utopia is just that, an utopia. Your founding fathers were lying to you. The government must have a way to listen to what people are talking, so they can protect law and order. Whether it will be done by mandating backdoored encryption, outlawing encryption software/hardware or simply allowing physical coercion/torture does not matter. The choice is yours.
Leaving the US for a privacy Shangri La sounds appealing, but where is this place?
By my estimations, it's a small number of European countries, most of which might face EU regulations which could end up being nearly as "bad" as the US for no real gain.
Most other places don't have enough privacy protections (crooked, authoritarian governments) or if they do, are too small to resist the diplomatic pressure the US could bring to bear on their privacy practices. Further, they may be small enough that the Chinese could be tempted to tamper with their manufacturing to create hardware back doors, as one disincentive the Chinese have is an open confrontation with the US over manufacturing.
The other unintended consequence could possibly US import restrictions on the devices now that they are a product of a "foreign" company.
An alternate name for the bill could be the Burr-Fenstein Fucking Waste of Public Time And Money act.
Seven puppies were harmed during the making of this post.
Is it Burfeinstein or Bearfinestine?
OK, so let's say .gov gets the heavy hitters to break existing encryption methods.
Along comes the open source community and publishes new methods faster than .gov can keep track.
These are opportune times for geeks with advanced CS and math degrees indeed.
Wouldn't it just be simpler to pass a law requiring all terrorists to report what they are going to do 24 or 48 hours before they do it?
That Dianne Feinstein is the epitome of evil, unamerican political criminals?
http://i.cubeupload.com/T6cyLu.png
That means 100% of the reasons people vote for her are harmful. Adding sexism and unrepentant hatred of the US Constitution to the mix certainly doesn't help.
http://i.cubeupload.com/T6cyLu.png
Just googled her to see what she looks like... I find it hard to believe her vagina gets her anywhere *shudder*
"The bill requires legislation requires..."
WTF? Doesn't anyone read anything anymore?
Obama won't support it, but he will gleefully sign it if it somehow makes it to his desk. After all, if it does land on his desk, it will be because the American People lobbied their Congress to pass it, and so he will be doing the People's wwuuaaahahahhaaa sorry.. I just couldn't keep a straight face... huaaaahahaha lol lol roflmaobbq...
It's not just encryption, it's having any kind of knowledge about pseudorandomness.
I propose licensing all programmers with such knowledge along with any equipment they use to delve into such powerful and dangerous knowledge.
If we Americans still believe in Freedom ...
If we Americans still believe in Liberty ...
We should start a definite push in dealing traitors such as Feinstein a decisive blow
They should no longer be allowed to weaken our Constitution
They should no longer be allowed to undermine the spirit laid down by the founder of this great republic
Shame on Feinstein !
Shame on traitors who hate Freedom and Liberty !
Muchas Gracias, Señor Edward Snowden !
That's a great idea. This already works on the Internet, see RFC 3514.
KILL IT. KILL IT WITH FIRE.
Just adopt the George Costanza approach with her.
Anyone remember the "Keys under the doormat" paper from '97? The authors came back last year with a new paper here: https://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf
I'm going to out and say it's required reading for everyone.
I heard that terrorists and criminals are increasingly using whispering to evade law enforcement bugs and wire-taps.
The government cannot require or prohibit any specific design or operating system for any covered entity to use in complying with a court order.
I.e. nothing is out-of-bounds when complying? That seems to conflict with this:
No one is above the law. Court order recipients must comply with the rule of law.
But what if providing the data requires breaking existing laws? I'll be the first to admit I don't know legalese, but this sure is confusing.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
and not Orwellian, like, say, the PATRIOT act.
"We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Fuck you. The people need to know when the GOVERNMENT is plotting to kill Americans. Fuck those white thugs everyone calls politicians and the horse they rode in on. When will the idiotic militant and police forces wake the fuck up and realize that these pasty fucking faggots are WORTHLESS without their grunts to enforce the "laws"? The only thing we need to do to take back our country is STOP doing the evil bidding of these fucking goddamn FAGGOTS. I'm sick of this shit! Free country my ASS. It's not even a goddamn COUNTRY! (don't believe me? look it up). FUCK.
Terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order.
Given that the majority of terrorist leadership structure (technocal and non-technical) isn't domestic, and they are completely capable of writing their own encryption apps, and hosting the services outside the US,
1. How does the bill reach those users and servers Answer: It doesn't
2. How does the bill enhance/protect/maintain security of users. Answer: It doesn't
3. How does the bill enhance/protect/maintain the security of the nation: Answer: there is only a temporary benefit until terrorists get educated about the fact the government has a back door into every phone sold or service operated in the US. Terrorists will be directed to an app that does not have a back door, and is not in the jurisdiction of the bill. Instead of the current limited surveillance capability, the communications will go completely dark.
4. How does the bill deter/inhibit the security of the terrorists: Answer: Short-term detriment until they can switch the naive users to their app, long-term benefit after.
5. How does the bill enhance/protect/maintain the security of the terrorists: Answer: provides motivation to create their own app, provides backdoors in all phones/services that can be potentially exploited by terrorist organizations and other governments, like Russians and the Chinese.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
On May 12, 2011, Feinstein cosponsored PIPA.
I think this person needs to lose an election.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
...very few encrypt compared to that.
Very few people buy things online? I think the more accurate view is that very few people realize how important strong encryption is to what they already do.
Roll over and take it up the ass ?
You've been on your knees sucking the dicks of your masters from day one.
You won't do shit except complain under your breath as you file off to your work unit.
They must be thinking, "the company will provide a back door and keep it secret." What a great concept. Unfortunately that idea belongs to a world where it took a whole government and a bevy of codebreakers to crack a simple substitution code - the Enigma codes.
It's not about that. If you read the discussion draft of the proposed bill you will find the salient part is Sec. 2.4 which puts the onus of data decryption onto the service provider. There is nothing about how to implement it, just that if you encrypt it, it better be intelligible when we ask for it. There is a discussion about privacy of the individual, but it's secondary to access by the state. I uncertain if a judicial order is the same as a warrant for telecommunications intercepts however I still don't see any time limits imposed either.
And lest we think that this is a good thing, so that governments can go after terrorists, let me pose a question on a personal level: "How big is your bank account? Would you mind if you woke up some morning and found it empty?"
This is the whole point about these types of laws. It's not about "If you have nothing to hide, you have nothing to fear" it's more like "If you have nothing to loose, then you have nothing to hide".
With which we come to the hidden kicker in this proposed bill, the unmentioned meta-data retention clauses. Has anyone noticed that?
Section 4. 1. puts the onus on a license to collect all IP address, port number, routing, endpoints, protocols, both sides of a NAT, unique device identifiers (MAC address), the time, quantity and QOS information all time stamped to UTC, and more. These are targeted at Telecommunications companies, they require a warrant, but imply that the data is to be collected.
That's probably the elephant right there, it's a much larger scope than saying - hey tell us what this says. I'm unsure if it is a 4th amnd violation 'reasonable' to have a third party record your communications endpoints, it's probably happening anyway and that could be the 'reasonable' justification. Again the duration is not mentioned and I'd suggest any service provider who offers a service that only maintains meta data for your last billing cycle may be a feature of providers worth having.
Hell, no. Any competent programmer can come up with an encryption scheme not known to the government, perhaps with vulnerabiilities which are also unknown to the government.
Nope, they have that covered too in Sec 3.A.2 the orders can be issued against people providing the software. Surely this is a 5th Amnd violation. How can you be compelled to information that may incriminate you.
The good guys (Us!) have opened our bank accounts to the script kiddies, and the bad guys will go right on using strong encryption.
No, the point here is that your metadata will be stored in unencrypted form. The same demands were made of Australians because it is wasn't mandatory to encrypt the data, however it was mentioned in the bill that it should be encrypted.
The US bill doesn't even mention encrypting citizen meta data that is being recorded. This is an obvious honeypot for organized crime and as I have constantly repeated, fraud against citizens has no impact on the state, so they have little incentive to protect you from it in their quest to know everything about you.
The government will be right back where they are now, having to hire a hacker to break that encryption.
If the bad guys have their own encryption software then there is simply no access to their communications. The demands are on providers to decode communications when they receive a judicial order and the endpoints, volume and duration when issued a warrant.
We will have given up the keys to our doors without putting a small dent in terrorism.
Not a good choice, imo.
My ism, it's full of beliefs.
As I read it, providing a toll that simply tries all possible keys is compliant, even if it cannot be expected to break the encryption within the lifetimes of any party involved or the service life of the hardware. The bill doesn't require that you make things insecure, only that you comply with requests to attempt to break the security after the effect. It does not even require that the attempts be successful.
I've learned that any bill with the word Feinstein attached to it will be based on ignorance and fear. How this idiot keeps getting re elected is beyond my comprehension.
On May 12, 2011, Feinstein cosponsored PIPA.
I think this person needs to lose an election.
Me too, but why do you think that the morons who elected her will grow a brain cell before the next election.
Do you have ESP?
Comment removed based on user account deletion
CGP Gray just released a really good video on encryption.
Bullshit. Tens of billions of dollars in the US go into making roads safer every year. We spend tens of billions of dollars on making roads safer by doing things like making roads wider, increasing sight lines and slowing down traffic with roundabouts. In spite of your inflated ego, there are people driving other directions than yours, and traffic light timing is not a solvable problem, just optimizable for a very small set of conditions, which change with the seasons.
You're an arrogant, ignorant ass.
Different government agencies use different price per human life saved methodologies. Most agencies, such as the car regulation, pollution, etc. regulate only if the cost is less than $10 million per life saved. The EPA sets it at 7.4 million. Some agencies won't even require safety regulations if the cost exceeds $2 million.
Terrorism based agencies are a radical shift. When terrorism is involved, the idiots are willing to spend up to $180 million to save a single life. (https://www.schneier.com/blog/archives/2008/07/costbenefit_ana.html)
I propose that we legislate a maximum cost per human life saved at $20 million (adjusted for inflation, annually). This would wipe out most of the stupid expenses by federal anti-terrorism agencies, but still allow them to do their job.
excitingthingstodo.blogspot.com
Feinstein's vagina is harmful? I can see that. More so than my gun anyway.
The tobacco industry deliberately plotted to kill Amecicans in way larger proportion that the 9/11 Saudis. The food industry via sugar over intake also kills much more people than terrorists. The government kills much more Americans with unjustified wars.
Actually anything threatening the top wealthy 1% is considered as much more dangerous than when threatening the 99% rest.
Atlay eastlay itlay ashay ipartisonbay upportsay. Osay uyay ancay eesay utway aaway arstangledspay upidstay ongresscray eeway avway.
This sig has been encoded with rot-13 twice.
Is in US House or Senate - No trust at all, should probably be placed in a padded room for their own protection
Is in the state House or Senate - Very little trust but they likely don't need to be in a padded room
I heard someone once say that a person runs for local or state office only because their deepest darkest secret keeps them from running for higher office. Probably some truth in that somewhere...
While you're right about the status quo, you're wrong about what attitude to take regarding it.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Ever see the little padlock on your URL bar? Yeah.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Make no mistake here: sending a bunch of drug users to prison did not stop drugs.
They know it doesn't stop drugs. They just don't care.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
And a one-time pad is unbreakable by any means except obtaining the one time pad if it is not misused.
Unbreakable encryption is within the technical reach of practically anyone.
It's not even hard. Exchange of the one time pad is inconvenient.
--PM
I recall her stance on abortion being a bigger issue than guns in her first election (in 1992). Actually I don't remember guns coming up at all back then, but maybe you remember that.
She also has incumbent inertia going for her now, which shouldn't be underestimated.
"First they came for the slanderers and i said nothing."
> Feinstein gets votes on two bases; her vagina, and being anti-gun.
You mean, pro-safety. She's trying to protect us from Republicans that almost all have guns and constantly kill us.
And constantly rape us too. They make me want to die. I hate life because of those gun owners.
This and those fucking gun owners almost always eat meat which is destroying the planet.
She is trying to protect us from republicans that are shooting us. Shooting us.
Once elected, congresspersons and senators can do what they please until the next election with no fear of recall. This means citizens have to vote them out in the next election cycle. Voters have short memories unless the transgression was particularly egregious.
There are two things missing at the federal level which would help ore representative government be more responsive to the peoples wishes:
1. Recall of congresspersons and senators with a 66% super majority.
2. Initiative and Referendum.
They are the terrorist. They're attempting to terrorize millions of people with this and other heavy handed laws. They want to run the major metropolitan city areas as prisons and force everyone to live in small stacked confined spaces... voluntarily of course, and to pay for the privilege.
If aliens don't need encryption to coordinate the extermination of all humans neither do terrorists.
I sort of agree with you, BUT, you can't say zuckerberg has audacity to say blah while at the same time using trumps name in the same paragraph. They are one in the same. Zuckerberg is a future Trump. Watch it unfold.
I've never wanted anyone to die before but she needs to retire or croak before she can do more damage.
When are the terrorist plotting to kill Americans? All the time. Seriously, that's what terrorists do. Does anybody think it's a part-time thing or whatever?
I personally think they are human beings, not machines. There is literally no way what you are saying could be true. If you demonize the people responsible for terrorism, you will never be smart enough to stop them.
She had a good reputation and championed Democrat causes for years, but now she's just a sellout for big business and the movie industry.
Feinstein needs to switch to Republican or Independent because she is in no way a Democrat anymore, and she hasn't been for years.
Frankly I don't know how she can do these terrible things that go against everything her constituents believe in.
This bill appears to be just another uninformed effort by old establishment leaders who have little clue on the technology policy and its implications to the fundamental rights under the constitution. Cut to the chase. Why don't they just include a clause to outlaw putting a security code on your phone. That way anyone can access your information if they really need it. Better yet, require registration when you buy a lock from a store, requiring you to provide a copy of you key to the nearest police officer...just in case they need or feel they might need to access your personal property or information.
It may appear overboard, but efforts to legislation like this are just this simplistic and silly.
It was never intended to stop drugs. Its all about shoveling more (taxpayer) money around under the guise of stopping drug use.
Because this bill would require any vendor, writer or provider of encrypted communications to have a way to decrypt it would also require any form of TLS connection to not have perfect forward secrecy. This would mean having like in the earlier DOD era, having a separate crypto' suites for US use that exclude the option.
I mention this because it is not going to happen, the cat is out of the bag and it would require rewriting the core of every TLS implementation everywhere.
Last night I figured out how to extort money out of big tech companies if the Feinstein-Burr bill becomes law. It requires that any company which has provided encryption technology render technical assistance in order to provide unencrypted versions of information in response to court orders.
So, here's what you do:
1) Choose a company which provides any existing encryption products which don't have backdoor and will host data for you in some form. Good choices might be Apple, Google, or Microsoft. For Microsoft you can use their BitLocker product to encrypt things. For Apple or Google, you can just use OpenSSL's command line to do the encrypting. There are likely some other companies that would work, but those are the first which come to mind.
2) Find a co-conspirator who is willing to sue you.
3) Create some key piece of information which is relevant to the potential court case.
4) Choose an amount of money which is quite large, but is within the potential budget of the company.
5) Do some calculations like this spread sheet does: https://docs.google.com//1hsvO2RBXWYxMMMCaDx5CASPy2l/edit (although I'm not sure these numbers are correct because I'm not sure they account for the efficiency of doing this with GPUs instead of CPUs) to figure out how long the key will have to be to be in order to cost the target amount of money. Assuming their figures are correct, then 86 bits would be the correct answer.
6) Choose an encryption function which uses more bits than that. So let's go with 128-bit AES for this example.
7) Encrypt the key piece of information with it.
8) Make a second file which contains notes about what algorithm is used and contains all but your target number of bits of the key. So in this case, 128-86 yields 42, so we put the first 42 bits of the key in the file.
9) On the storage provided by your target company, store the encrypted data and the unencrypted second file.
10) Ensure that all other copies of the data and the key have been completely and utterly destroyed, but keep references to its existence.
11) Proceed with the lawsuit and have your co-conspirator find out about the file in discovery.
12) Have them obtain a court order requiring the target company render technical assistance. Now, to comply with the court order, they must spend approximately $10 million dollars to brute force the remaining bits of the key.
13) Offer to have talks about settling the lawsuit, but only if the company is also involved in those talks.
14) Hint that this could all go away for a much smaller amount, like only $100,000 especially if the target company were willing to pay.
15) Once they pay up, drop the lawsuit thus vacating the court order.
Some of these are pretty good, I must say. For a chuckle, anyway.
This old decrepit ugly cunt needs to catch cancer and die, just like the cancer she's trying to inject into america
This is slashdot. Owning a gun is supposed to be terrible here.
Shouldn't the free speech-protecting provision of the us constitution's first amendment be taken to imply the right to say things jack-booted government thugs can't understand?
The problem with Feinstein is that there's no real option. California won't elect a Republican senator, and no Democrat will run against Feinstein. :/
Maybe she's a vagina-model. You know, like David Duchovny's character in Zoolander, who was a hand-model.
Not the OP but... Tell me, o great brave cyberwarrior of the universe, how many evil corporations did you defeat today? How many governments were routed by your might? Tell me about the armies of millions cowed by your prowess. Tell me. We're all waiting to hear about your legendary feats, Neo from the Matrix.
Politicians do weird thinks like sponsor/vote-for bills they don't want passed for image reasons and or to do cross party vote trading. The trick is playing chicken with the number of votes required to pass or knowing you can bury it later in committee if it happens to pass.
The problem is things like this are often posturing.
As I recall, the fifth amendment *does* technically still work if you're the one they're going after and are the one holding the key.
Doesn't work so well if someone else is holding the key or if you're the one holding the key for someone else. And let's face it. That's 99% of encryption in use today. Someone else holds the key.
The single biggest threat this law creates is the need to have passwords a company can decrypt. If a court order requests the password of an account, a company is required to provide said password. This means you must now store your user passwords in a method you can decrypt. Nope, nothing wrong with that! I guess Senator Burr was getting jealous of all the attention the NC GOP was getting from HB2 that he wanted to try and upstage them.
It is? I've been coming here since 2002. I dont remember anyone turding on gun ownership. I would think most of the crusty old beards here would right at home with the cold, unyielding machined reliability of guns. Along with the personal responsibility of owning such machines that are every bit as lethal as a car.
How could both those things not be right up the alley of everyone here?
Since when have slashdotters ever clamored for the government to protect them from themselves?
http://i.cubeupload.com/T6cyLu.png
Maybe but it sure seems like only the real wack jobs make it to the national level.
That's just because they get more publicity. Trust me that the local guys are every bit as weird as the national guys and frequently even weirder.
Amen brother..and Wyoming and Montana are sounding better by the day.
" ... We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Translation: "We are vegans that eat meat."
Diane "Banker-Buttlicker" Feinsten, the dragon lady with no fucking heart.
...
Why the hell Californians keep electing her I'll never understand.
Do you think it might have something to do with the influence of money in US elections? ;)
This isn't about terrorism or surveillance. This is much more boring and insidious. Look at her donor list. Five defense contractors in the top 15 each with "cyber war" divisions. Someone will have to build this new backdoored encryption and it will cost at least a few hundred million. Northrop Grumman is one of her and Burrs top donors. I predict NG wins a very carefully run competition for the contract.
refactor the law, its bloated, confusing and unmaintainable.
Won't someone just vote her pernicious backside out of office already? How much more damage must she do to the US before we wise up?
as a resident of California I can not support or approve of this action by Feinstein.
We also need, more importantly, a GOVERNMENT WE CAN TRULY TRUST! And, we need that FIRST. And, we need it WITHOUT the greedy, manipulative fingers of corporations.
Self-importance and self-indulgence is the root of ALL evil.
The bill appears to cover companies who make things. Is there any mention of what individuals may do? The CALEA act provides that telecommunication providers must allow law enforcement to monitor communications involving a specific person, but doesn't forbid the use of ciphers by the people at the end points.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
n/t