Slashdot Mirror
Burr-Feinstein Anti-Encryption Bill Is Officially Released (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: Senators Richard Burr and Dianne Feinstein released the official version of their anti-encryption bill today after a draft appeared online last week. The bill, titled the Compliance with Court Orders Act 2016, would require tech firms to decrypt customers' data at a court's request. The bill is not expected to get anywhere in the Senate. President Obama has also indicated that he will not support the bill, Reuters reports. The bill requires legislation requires communications services to backdoor their encryption in order to provide "intelligible information or data, or appropriate technical assistance to obtain such information or data." Sen. Feinstein stated, "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
In the US, just over 3,000 people have died of terrorist attacks. In 21 years. How many millions die from car crashes alone each year? Are we going to start improving our public transit? No, of course not, because that's not the sexy ratings our senators here want.
The really sad part isthat these are people who voted in, they are not dictators or such. A majority of people are actually stupid enough to vote for such idiots, and it makes me wonder where our future is headed. Given the rather extreme views that have become fashionable over the last year, I don't think it's too far off we'll soon be looking at the level of control shown in Russia today. I sure hope it was worth losing our privacy, safety, and fundamental values to save us from those "evil terrorists", who haven't played a role in 99.999% of the population. Might I point out, that's not an exaggeration.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
All the time. Seriously, that's what terrorists do. Does anybody think it's a part-time thing or whatever? "Let's see Achmed... Tomorrow we'll go fishing, then we hit the beach and next week we'll plot to kill Americans. But it must be wednesday because I have bingo on monday and a garage sale on tuesday, and the rest of the week I have to fill in for Jamal who's having a jihad on non-recyclable grocery bags."
"We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Can't have both, buddy.
Then the mere existence of GPG on your machine will be enough to send you to jail. It's that simple, really. Make a few high-profile examples and the populace will get the message. As for those die-hard cryptonerds... I bet Feinstein would love to see them all in jail away from computers, where they won't bother anyone anymore. Make no mistake: those in power are not the made of the same stuff we are. They are royalty, we are small folk. If they have to destroy thousands of us to reach their goals, they will do it. Your computer is powerless against the might of the law. Obey or be destroyed. Your choice.
This is pretty much the nail in the coffin.
If her prior activities that would make an Inspector General blanch weren't enough, this monstrosity is pretty much proof-positive of her loss of mental faculties.
Terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order.
Yeah, right.
Oh, wait, the most recent terrorist attacks in Belgium were carried out using disposable one time cell phones without using encryption of any kind.
Who are those politicians are trying to fool? Why the terrorists cannot create their own encrypted applications which do not save any data whatsoever? I mean we already have Telegram, Wire and many other apps with P2P encryption and timers which pretty much guarantee no party will ever be able to restore or decrypt the content of conversations.
Burr-Feinstein Anti-Encryption Bill
I heard they're opening for Aerosmith next month.
systemd is Roko's Basilisk.
The proposal itself may be awful, the likely consequences would be good. This could very well be the final push for many companies processing personal information to finally leave the US and settle in a country less hostile to privacy.
The really sad part isthat these are people who voted in, they are not dictators or such. A majority of people are actually stupid enough to vote for such idiots, and it makes me wonder where our future is headed. Given the rather extreme views that have become fashionable over the last year, I don't think it's too far off we'll soon be looking at the level of control shown in Russia today. I sure hope it was worth losing our privacy, safety, and fundamental values to save us from those "evil terrorists", who haven't played a role in 99.999% of the population. Might I point out, that's not an exaggeration.
It's not just stupid people. It's also people who don't understand the issues because they have never studied encryption or computer security. Smart people and policy-makers.
Feinstein is appalling but not more appalling than the idiots in the state of California - who supposedly are so intelligent and cutting-edge - who elected her and have kept her in office.
The fact of the matter is that democracy in the United States is completely broken. And most people are profoundly deluded. They get up and go to work each day in a state of delusion about what is going on in their community and their state and country, as long as there is enough crap to distract them. As the saying goes: Keep them doped on religion, sex, and tv. Only perhaps science and self-righteous PC liberalism is the new religion, and video games and other things compete with tv.
It sickens me to see the anti-Trump sentiment being vocalized especially by deluded idiots who have no solution whatsoever for the serious problems occurring other than to continue being deluded. Zuckerberg had the audacity to criticize immigration policy as he lives in a $10 million home, has private security, flies around the world and stays in 5 star hotels. Yeah, try living in the neighborhoods which are being destroyed by the hell that America is becoming and then proffer that self-righteous tripe. But its never the blood of the "humanitarians" that is spilled, is it?
To make this point crystal-clear: Burr and Feinstein wrote the bill as idiotic as possible, as a threat to extort money from the lobbying industry in return for not passing the law, or watering it down(*).
How selfless of them, they write the opposing politicians' meal ticket!
I'm sure they'll return the favour on some other braindead "policy issue"
(*) In comparison to the leaked draft copy, they removed the limitation to certain investigations (drugs, terror, kiddiefiddling...) so as to have some wriggle-room in the following bargaining process.
Senators Richard Burr and Dianne Feinstein are neither the oppressive arm of Government nor are they idiots.
They are, however, profoundly ignorant of how things work in the real (non-Beltway) world. They are of the same ilk that cannot understand that email kept on a small private server (small target) with a staff that gives a damn is quite likely a lot more secure than on a "secured government server."
They must be thinking, "the company will provide a back door and keep it secret." What a great concept. Unfortunately that idea belongs to a world where it took a whole government and a bevy of codebreakers to crack a simple substitution code - the Enigma codes. Today, a single hacker can put together thousands of cpu core resources to attack any system. If there exists a back door, if there is any way into an encrypted system, some 14 year old in Romania or Great Britian (or China!) will find it. Consider the fact that the FBI hired such to go after in iPad, and the thing was compromised in short order.
And lest we think that this is a good thing, so that governments can go after terrorists, let me pose a question on a personal level: "How big is your bank account? Would you mind if you woke up some morning and found it empty?"
There are thousands of terror targets and probably tens of thousands of would-be terrorists. There are quite literally billions of targets in the private sector. It won't make the even news for very long if Mr. Smith gets cleaned out, but to Mr. Smith it may seem pretty terrible.
And there is a worse side: Let's say that the government requires back doors everywhere. Does that mean that terrorists are going to give up and throw up their hands figuratively? Hell, no. Any competent programmer can come up with an encryption scheme not known to the government, perhaps with vulnerabiilities which are also unknown to the government. The good guys (Us!) have opened our bank accounts to the script kiddies, and the bad guys will go right on using strong encryption. The government will be right back where they are now, having to hire a hacker to break that encryption.
We will have given up the keys to our doors without putting a small dent in terrorism.
Not a good choice, imo.
Don't take life too seriously; it isn't permanent.
We do - but we cannot have both.
Choose wisely.
You can't put the encryption genie back in the bottle. You look really dumb when you tell people you can.
I seriously just laugh every time I see this kind of foolish uneducated thinking. Don't senators have technical advisers that tell them: IT CAN'T BE DONE.
It's not even really a difficult concept to grasp, in my opinion.
Feinstein is appalling but not more appalling than the idiots in the state of California - who supposedly are so intelligent and cutting-edge - who elected her and have kept her in office.
Yep. Feinstein gets votes on two bases; her vagina, and being anti-gun. There's literally no other reason to vote for her, because everything she does is harmful. She's being supported by superannuated spoiled children who want a nanny state.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
An alternate name for the bill could be the Burr-Fenstein Fucking Waste of Public Time And Money act.
Seven puppies were harmed during the making of this post.
at 32,675/yr in the US, I think it's still a pretty safe argumentative gambit to suggest that if we're going to be terrified, it should be of our fellow drivers rather then some IS.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
If we Americans still believe in Freedom ...
If we Americans still believe in Liberty ...
We should start a definite push in dealing traitors such as Feinstein a decisive blow
They should no longer be allowed to weaken our Constitution
They should no longer be allowed to undermine the spirit laid down by the founder of this great republic
Shame on Feinstein !
Shame on traitors who hate Freedom and Liberty !
Muchas Gracias, Señor Edward Snowden !
Just adopt the George Costanza approach with her.
...very few encrypt compared to that.
Very few people buy things online? I think the more accurate view is that very few people realize how important strong encryption is to what they already do.
CGP Gray just released a really good video on encryption.
Last night I figured out how to extort money out of big tech companies if the Feinstein-Burr bill becomes law. It requires that any company which has provided encryption technology render technical assistance in order to provide unencrypted versions of information in response to court orders.
So, here's what you do:
1) Choose a company which provides any existing encryption products which don't have backdoor and will host data for you in some form. Good choices might be Apple, Google, or Microsoft. For Microsoft you can use their BitLocker product to encrypt things. For Apple or Google, you can just use OpenSSL's command line to do the encrypting. There are likely some other companies that would work, but those are the first which come to mind.
2) Find a co-conspirator who is willing to sue you.
3) Create some key piece of information which is relevant to the potential court case.
4) Choose an amount of money which is quite large, but is within the potential budget of the company.
5) Do some calculations like this spread sheet does: https://docs.google.com//1hsvO2RBXWYxMMMCaDx5CASPy2l/edit (although I'm not sure these numbers are correct because I'm not sure they account for the efficiency of doing this with GPUs instead of CPUs) to figure out how long the key will have to be to be in order to cost the target amount of money. Assuming their figures are correct, then 86 bits would be the correct answer.
6) Choose an encryption function which uses more bits than that. So let's go with 128-bit AES for this example.
7) Encrypt the key piece of information with it.
8) Make a second file which contains notes about what algorithm is used and contains all but your target number of bits of the key. So in this case, 128-86 yields 42, so we put the first 42 bits of the key in the file.
9) On the storage provided by your target company, store the encrypted data and the unencrypted second file.
10) Ensure that all other copies of the data and the key have been completely and utterly destroyed, but keep references to its existence.
11) Proceed with the lawsuit and have your co-conspirator find out about the file in discovery.
12) Have them obtain a court order requiring the target company render technical assistance. Now, to comply with the court order, they must spend approximately $10 million dollars to brute force the remaining bits of the key.
13) Offer to have talks about settling the lawsuit, but only if the company is also involved in those talks.
14) Hint that this could all go away for a much smaller amount, like only $100,000 especially if the target company were willing to pay.
15) Once they pay up, drop the lawsuit thus vacating the court order.