Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com)

Posted by msmash on from the taking-a-stand dept.

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.

19 of 87 comments (clear)

  1. Finally! by DaMattster · · Score: 5, Insightful

    Finally some good is being done. This will put the kibosh on the issue for good and silence federal law enforcement. No good comes from weakening encryption or building in back doors; quite the opposite. It's not a matter of if but when the backdoors get discovered and become used for nefarious purposes. I am glad this has bipartisan support, and since it does, the likelihood of it getting passed is that much stronger. We don't need to live in any more of a surveillance state than we already do. It's one thing if the FBI or whatever other LEO agency discovers a vulnerability and exploits it. Hey this does happen. It's a whole other thing to have secret back doors built in. No! Just no!

    1. Re:Finally! by Notabadguy · · Score: 4, Interesting

      Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?

    2. Re:Finally! by Desler · · Score: 2

      Some were always listening, but this has next to zero chance of passing as long as Mcconnell is running the show in the Senate.

    3. Re:Finally! by ShanghaiBill · · Score: 4, Insightful

      Which US enforcement agency do *you* think believes that the law applies to them?

      All of them. If this bill passes (unlikely), it will carry the full force of law. There is no way to "secretly" request/demand an illegal backdoor. If any tech company receives such a request, they can immediately publicize and sue. An NSL provides no protection for a blatantly illegal request.

      I know it is popular to be cynical about government secrecy and overreach on Slashdot, but to say that about this bill, which bans an inherently open action, is silly.

    4. Re:Finally! by ShanghaiBill · · Score: 3, Informative

      Oh. but you are forgetting that the NSA, CIA and FBI all have their own definitions for words.

      The only words that matter in court are the words in the law. This bill is written clearly, by lawyers. The head of the FBI, Christopher Wray, is a lawyer. He is not going to throw away his career and pension, and risk jail, by violating this law. If he verbally tells an agent to break the law, with a wink-wink, that agent will know full well than he will be thrown under the bus when it goes public. If any government official tries to do a "wink-wink" to a tech company, then that tech company can record any interaction with a government official performing official duties.

      Also, the CIA and NSA have no law enforcement powers. Any request they issue would have to be enforced by some other agency.

    5. Re:Finally! by BlueStrat · · Score: 5, Insightful

      The NSA has no leverage whatsoever to "blackmail" or "extort". Do you have any idea what the NSA is or what they do? They don't carry guns. They can't arrest or detain. They are a bunch of nerds with computers and stuff. They collect and analyze data.

      "Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups! It sure would be bad if this came out right before election night, huh? It also appears your daughter in college has committed serious copyright violations for all those TV shows, movies, and somgs she's pirated...why, there's millions of dollars in fines and serious felony charges possible here! Let's hope some anonymous tipster doesn't alert authorities! Let's rethink this "backdoor prohibition" thing, hmm?"

      "Data" is as good as a gun in destroying a person, especially one in public office. It just doesn't directly kill them physically.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    6. Re:Finally! by utopia27 · · Score: 2

      Well.. not so much "listening to their tech advisers". If you actually read the bill, it implicitly requires backdoors be installed for any CALEA-approved or court-approved surveillance. It only means that *agencies* aren't authorized to demand such a thing on their own authority. But the legislation still requires tech companies to provide some means of circumventing customer security when government demands it.

    7. Re:Finally! by Anonymous Coward · · Score: 2, Interesting

      People are missing a few major points in this drama between privacy advocates and law enforcement officials. One. The government has been arguing their case in the public sphere and using the court system to make the rulings. Two. The privacy advocates are the ones who have staked out an absolute position and can envision no circumstance where violating someone's privacy should ever be allowed. There position doesn't even recognize a valid court order as being acceptable. They have even taken the position that the US intelligence and counter intelligence agencies should extend these same privacy protections to people and organizations outside of the US. Three. If the government really wanted backdoors into encrypted devices they would already have them. The government could suggest tougher tax laws, new and expensive regulations, and increased scrutiny of companies like Apple and Google who like to play games with booking their profits outside of the US. Apple would cave in a minute. They certainly had no problem bending over for the Chinese and giving them any thing China asked for just to be allowed in the Chinese domestic market. Four. There will be no backdoor because it could not be realistically implemented and a backdoor would be like waving a red cape in front of a charging bull. Every hacker in the world would drop everything to locate this backdoor and I imagine it would take a almost a full afternoon until the found it.

    8. Re:Finally! by BlueStrat · · Score: 4, Insightful

      "Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups!

      1. You watch WAY too many movies. Can you cite even one single example of this sort of extortion actually happening in the last 40 years, by federal law enforcement, against a sitting congressman? Or anything even close to that?
      2. Do you really think that a federal bureaucrat has so much of a PERSONAL commitment to getting backdoors, that they are willing to risk spending decades in prison for political extortion?
      3. You are talking about Hollywood fantasy levels of corruption and extortion to prevent the passage of this bill. It is even more ridiculous to suppose that this type of extortion would work against tech billionaires like Tim, Larry, and Sergey, after the bill became law, which is what we were talking about.

      Tell that to the people Hoover blackmailed while he headed the FBI, tell it to all those serving prison sentences because of "parallel construction" using illegally obtained data.

      Twenty years ago you could claim that US TLAs capturing and storing data in bulk on US citizens in the domestic US was crazy-talk, but then Snowden proved that and more.

      If you don't think they use the data they gather against key government officials and bureaucrats you're either a fool or playing political games.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  2. They'll just push to roll it back... by Anonymous Coward · · Score: 2, Interesting

    Or push for immunity from prosecution when they DO illegally backdoor products, like they have been for 20+ years now (Go read up on the cisco and juniper backdoors, and I think a few of the smaller players too!)

  3. But the Cyber! by Arkham · · Score: 3, Insightful

    "The security aspect of cyber is very, very tough. And maybe, it's hardly doable."

    I know I personally feel great entrusting the security of the American people to a bunch of geriatrics who worry about "the cyber".

    --
    - Vincit qui patitur.
  4. Conservative here - please get Trump out. Ryan is by raymorris · · Score: 3, Informative

    I'm a conservative. #NeverTrump

    Virtually all congresscritters vote on all the bills without ever reading most of them, especially budgets. I only know of one representative in Congress who has ever read a federal budget. Paul Ryan WROTE, not just read, multiple federal budgets. For any and every congresscritter, I can find areas where we disagree as to the best policy. Ryan is no exception, I don't fully agree with anyone, on everything. He is also by far the best informed, smartest person we've had in Congress in many years. And squeaky clean on ethics. Whikle he doesn't always come to the same conclusions I do, his conclusions are based on *really* knowing his stuff, knowing wtf he's talking about. Frankly, me disagreeing with Paul Ryan about federal policy is like me disagreeing with Stephen Hawking about physics theories - we both have our own opinions; one of us knows wtf they are talking about it, and it isn't me.

    Paul Ryan's departure will hurt the country when he's replaced with another "we have to pass the bill to find out what's in it" person.

  5. It's a start by mysidia · · Score: 3, Interesting

    I also want to see:

    1. Mandatory Disclosure of KNOWN security bugs in a consumer product by any governmental entity, First to the manufacturer for a designated "Fix" period, after which, all vulnerability details shall be available to the public through FOIA request.

    2. NO HORDING DEVICE OR SERVICE EXPLOITS: A security researcher, company, member of law enforcement, government, or any other party having accidentally, or intentionally: a successful defeat for a security measure on any common consumer product, OR public service must minimize the amount of proprietary or other users' data exposed during any proof of concept testing, and make minimal efforts to fully disclose their activities and all details of potential vulnerabilities to the operator of the service within 15 days of discovery, or they shall be deemed liable for holding means of fraudulent access with intent to commit a crime and fined the estimated value of the exploit not less than $10000 for a natural person, and not less than $100,000 for other persons.

    3. Prohibition against selling for a profit, importing, trafficking in, or incorporating PAID security exploits, PAID software, or COMMERCIAL devices that are designed with a specific built-in function to defeat security measures or intercept data by falsifying network or over-the-air signals or "impersonating" another device into a commercial product, or conducting security exploits in the course of business, except if the course of business is pentesting and the exploit is used in the course of business against ONLY systems fully owned by the customer within the scope of a security testing engagement, OR If the complete source code for all software and design specifications for all hardware and details of all exploits are disclosed to the public 30 days prior to the sale or release of the commercial product.

    4. Mandated Disclosures by MANUFACTURERS of the existence of ALL intentional security backdoors and remote means of access into any consumer or commercial smart phone, computer, appliance, or network device with criminal penalties for failing, AND public disclosure of any foreign governments or persons/organizations outside the manufacturer or outside the US that will have Access Credentials, Backdoor Access Procedures, Security Keys, or other Digital Signing or Decryption keys that are significant and could be used to exploit a device.

  6. That's part of what started this. Naming names by raymorris · · Score: 4, Informative

    Yes, this is a continuation of an effort that began when some in Congress thought that the FBI was lying to them about their efforts to force Apple to crack a phone.

    The reps who introduced this bill are:

    Rep. Zoe Lofgren (D-Calif.) introduced the legislation along with Reps. Ted Lieu (D-Calif.), Jerrold Nadler (D-N.Y.), Matt Gaetz (R-Fla.), Thomas Massie (R-Ky.) and Ted Poe (R-Texas).

    Reps involved starting in April were:
      Zoe Lofgren (D-Calif.), Darrell Issa (R-Calif.), Jerrold Nadler (D-N.Y.), Jim Sensenbrenner (R-Wis.), Ted Lieu (D-Calif.), Ted Poe (R-Texas), Jared Polis (D-Col.), Matt Gaetz (R-Fla.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio).

    1. Re:That's part of what started this. Naming names by diginess · · Score: 2

      I wonder where Rand Paul is in that list? Conspicuously missing.

  7. It won't matter, look at recent history by bagofbeans · · Score: 2

    Remember AT&T installed traffic monitoring equipment in their San Francisco switching office at the behest of the NSA?

    Illegal under FISA.

    In 2008 Bush signed the FISA Amendments Act which granted retroactive immunity to telecommunications companies for past violations of FISA.

    1. Re:It won't matter, look at recent history by phantomfive · · Score: 3, Informative

      It's worth mentioning that Senator Obama went out of his way, took a break from campaigning, to vote "yes" on that bill.

      --
      "First they came for the slanderers and i said nothing."
  8. Re:Doing what they're paid for by Desler · · Score: 2

    Good point! We should just allow an authoritarian police state to be formed instead!

  9. PS: Rand Paul is a Senator. This is a house bill by raymorris · · Score: 2

    If it wasn't clear above, they just introduced this bill in House of Representatives. Rand Paul is a Senator. The bill has a long way to go before Paul would be looking at it.