Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com)

Posted by msmash on from the taking-a-stand dept.

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.

4 of 87 comments (clear)

  1. Re:Finally! by Notabadguy · · Score: 4, Interesting

    Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?

  2. They'll just push to roll it back... by Anonymous Coward · · Score: 2, Interesting

    Or push for immunity from prosecution when they DO illegally backdoor products, like they have been for 20+ years now (Go read up on the cisco and juniper backdoors, and I think a few of the smaller players too!)

  3. It's a start by mysidia · · Score: 3, Interesting

    I also want to see:

    1. Mandatory Disclosure of KNOWN security bugs in a consumer product by any governmental entity, First to the manufacturer for a designated "Fix" period, after which, all vulnerability details shall be available to the public through FOIA request.

    2. NO HORDING DEVICE OR SERVICE EXPLOITS: A security researcher, company, member of law enforcement, government, or any other party having accidentally, or intentionally: a successful defeat for a security measure on any common consumer product, OR public service must minimize the amount of proprietary or other users' data exposed during any proof of concept testing, and make minimal efforts to fully disclose their activities and all details of potential vulnerabilities to the operator of the service within 15 days of discovery, or they shall be deemed liable for holding means of fraudulent access with intent to commit a crime and fined the estimated value of the exploit not less than $10000 for a natural person, and not less than $100,000 for other persons.

    3. Prohibition against selling for a profit, importing, trafficking in, or incorporating PAID security exploits, PAID software, or COMMERCIAL devices that are designed with a specific built-in function to defeat security measures or intercept data by falsifying network or over-the-air signals or "impersonating" another device into a commercial product, or conducting security exploits in the course of business, except if the course of business is pentesting and the exploit is used in the course of business against ONLY systems fully owned by the customer within the scope of a security testing engagement, OR If the complete source code for all software and design specifications for all hardware and details of all exploits are disclosed to the public 30 days prior to the sale or release of the commercial product.

    4. Mandated Disclosures by MANUFACTURERS of the existence of ALL intentional security backdoors and remote means of access into any consumer or commercial smart phone, computer, appliance, or network device with criminal penalties for failing, AND public disclosure of any foreign governments or persons/organizations outside the manufacturer or outside the US that will have Access Credentials, Backdoor Access Procedures, Security Keys, or other Digital Signing or Decryption keys that are significant and could be used to exploit a device.

  4. Re:Finally! by Anonymous Coward · · Score: 2, Interesting

    People are missing a few major points in this drama between privacy advocates and law enforcement officials. One. The government has been arguing their case in the public sphere and using the court system to make the rulings. Two. The privacy advocates are the ones who have staked out an absolute position and can envision no circumstance where violating someone's privacy should ever be allowed. There position doesn't even recognize a valid court order as being acceptable. They have even taken the position that the US intelligence and counter intelligence agencies should extend these same privacy protections to people and organizations outside of the US. Three. If the government really wanted backdoors into encrypted devices they would already have them. The government could suggest tougher tax laws, new and expensive regulations, and increased scrutiny of companies like Apple and Google who like to play games with booking their profits outside of the US. Apple would cave in a minute. They certainly had no problem bending over for the Chinese and giving them any thing China asked for just to be allowed in the Chinese domestic market. Four. There will be no backdoor because it could not be realistically implemented and a backdoor would be like waving a red cape in front of a charging bull. Every hacker in the world would drop everything to locate this backdoor and I imagine it would take a almost a full afternoon until the found it.