Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Efforts To Regulate Encryption Have Been Flawed, Government Report Finds (theguardian.com)

Posted by BeauHD on from the click-here-to-learn-more dept.

An anonymous reader writes from a report via The Guardian: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." Congressman Ted Lieu is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.

7 of 110 comments (clear)

  1. right hand doesn't know what the left hand is doin by Thud457 · · Score: 5, Informative

    Once the FBI started subverting TOR (developed by the Naval Research Lab to promote FREEDOM), hacking people's computers without warrents and demanding user data from ISPs without warrants, the US became a bad internet citizen and a de facto rogue state.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  2. But the Paris attackers DIDNT use encryption by LordWabbit2 · · Score: 5, Informative

    The Paris attackers did NOT use encryption!
    They used burner phones.
    The TLA's just tried to use encryption as the reason why their spy machines didn't detect squat, and to try force new encryption laws down peoples throats.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  3. Re:FTA: by Jason+Levine · · Score: 5, Informative

    They are more blurry than "Western Governments are good guys/other governments and hackers are bad guys", but the overall point is that even if you COULD trust all western governments to never abuse their encryption backdoor (a huge assumption), the mere presence of a backdoor would lead to hackers exploiting it. And, walking back the assumption, let's say you (for some reason) trust the current administration with an encryption backdoor. Do you trust the next one with it? What about the one after that? How long until an administration comes along that abuses the backdoor (whether Nixon-Whitewater level abuse or slowly encroaching on what is acceptable abuse)?

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  4. Re:Off export regulations by jeff4747 · · Score: 3, Informative

    Because for a time, the US did have better encryption than other countries - DES was good back when it was new.

    That is no longer the case, but laws move much slower than technology.

  5. Re:I'd like to... by h4ck7h3p14n37 · · Score: 5, Informative

    Some perspective, people; we've had encryption in use for over 40 years, and the actual amount of people using it to escape prosecution is almost none.

    Encryption has been around for much longer than 40 years!

    "The earliest known text containing components of cryptography originates in the Egyptian town Menet Khufu on the tomb of nobleman Khnumhotep II nearly 4,000 years ago."
    -- "Past, Present, and Future Methods of Cryptography ", http://www.eng.utah.edu/~nmcdo...

  6. Link about Paris and San Bernardino inadequate by Shadow+IT+Ninja · · Score: 4, Informative

    The link supporting the assertion that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." is not supported by the linked article. In the first place, the article is only about San Bernardino, not Paris. Second, it only says that authorities were trying to get access to encrypted data. In the San Bernardino case, there was encrypted data because the iPhone encrypts by default but there was no evidence released that the encrypted data contained anything relevant to the case. No article is linked about Paris. My understanding there was that French officials basically said that the terrorists must have encrypted there communication because they didn't detect anything. They offered no proof that encryption had been used. The assertion was like the one in San Bernardino - the suspects had used some encryption in the course of their regular use of technology, as most people do, but there was no definite statement that the encrypted communication had actually been used to plot attacks. Ars Technica reports no evidence of encryption being used.

  7. Re:So does this mean they will stop demonizing it by matbury · · Score: 3, Informative

    The Paris attackers didn't use encryption. They used unencrypted "burner" phones, which they changed frequently, and then during the attack, they took phones from their victims and used those.