Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com)

Posted by msmash on from the taking-a-stand dept.

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.

11 of 87 comments (clear)

  1. Finally! by DaMattster · · Score: 5, Insightful

    Finally some good is being done. This will put the kibosh on the issue for good and silence federal law enforcement. No good comes from weakening encryption or building in back doors; quite the opposite. It's not a matter of if but when the backdoors get discovered and become used for nefarious purposes. I am glad this has bipartisan support, and since it does, the likelihood of it getting passed is that much stronger. We don't need to live in any more of a surveillance state than we already do. It's one thing if the FBI or whatever other LEO agency discovers a vulnerability and exploits it. Hey this does happen. It's a whole other thing to have secret back doors built in. No! Just no!

    1. Re:Finally! by Notabadguy · · Score: 4, Interesting

      Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?

    2. Re:Finally! by ShanghaiBill · · Score: 4, Insightful

      Which US enforcement agency do *you* think believes that the law applies to them?

      All of them. If this bill passes (unlikely), it will carry the full force of law. There is no way to "secretly" request/demand an illegal backdoor. If any tech company receives such a request, they can immediately publicize and sue. An NSL provides no protection for a blatantly illegal request.

      I know it is popular to be cynical about government secrecy and overreach on Slashdot, but to say that about this bill, which bans an inherently open action, is silly.

    3. Re:Finally! by ShanghaiBill · · Score: 3, Informative

      Oh. but you are forgetting that the NSA, CIA and FBI all have their own definitions for words.

      The only words that matter in court are the words in the law. This bill is written clearly, by lawyers. The head of the FBI, Christopher Wray, is a lawyer. He is not going to throw away his career and pension, and risk jail, by violating this law. If he verbally tells an agent to break the law, with a wink-wink, that agent will know full well than he will be thrown under the bus when it goes public. If any government official tries to do a "wink-wink" to a tech company, then that tech company can record any interaction with a government official performing official duties.

      Also, the CIA and NSA have no law enforcement powers. Any request they issue would have to be enforced by some other agency.

    4. Re:Finally! by BlueStrat · · Score: 5, Insightful

      The NSA has no leverage whatsoever to "blackmail" or "extort". Do you have any idea what the NSA is or what they do? They don't carry guns. They can't arrest or detain. They are a bunch of nerds with computers and stuff. They collect and analyze data.

      "Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups! It sure would be bad if this came out right before election night, huh? It also appears your daughter in college has committed serious copyright violations for all those TV shows, movies, and somgs she's pirated...why, there's millions of dollars in fines and serious felony charges possible here! Let's hope some anonymous tipster doesn't alert authorities! Let's rethink this "backdoor prohibition" thing, hmm?"

      "Data" is as good as a gun in destroying a person, especially one in public office. It just doesn't directly kill them physically.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:Finally! by BlueStrat · · Score: 4, Insightful

      "Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups!

      1. You watch WAY too many movies. Can you cite even one single example of this sort of extortion actually happening in the last 40 years, by federal law enforcement, against a sitting congressman? Or anything even close to that?
      2. Do you really think that a federal bureaucrat has so much of a PERSONAL commitment to getting backdoors, that they are willing to risk spending decades in prison for political extortion?
      3. You are talking about Hollywood fantasy levels of corruption and extortion to prevent the passage of this bill. It is even more ridiculous to suppose that this type of extortion would work against tech billionaires like Tim, Larry, and Sergey, after the bill became law, which is what we were talking about.

      Tell that to the people Hoover blackmailed while he headed the FBI, tell it to all those serving prison sentences because of "parallel construction" using illegally obtained data.

      Twenty years ago you could claim that US TLAs capturing and storing data in bulk on US citizens in the domestic US was crazy-talk, but then Snowden proved that and more.

      If you don't think they use the data they gather against key government officials and bureaucrats you're either a fool or playing political games.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  2. But the Cyber! by Arkham · · Score: 3, Insightful

    "The security aspect of cyber is very, very tough. And maybe, it's hardly doable."

    I know I personally feel great entrusting the security of the American people to a bunch of geriatrics who worry about "the cyber".

    --
    - Vincit qui patitur.
  3. Conservative here - please get Trump out. Ryan is by raymorris · · Score: 3, Informative

    I'm a conservative. #NeverTrump

    Virtually all congresscritters vote on all the bills without ever reading most of them, especially budgets. I only know of one representative in Congress who has ever read a federal budget. Paul Ryan WROTE, not just read, multiple federal budgets. For any and every congresscritter, I can find areas where we disagree as to the best policy. Ryan is no exception, I don't fully agree with anyone, on everything. He is also by far the best informed, smartest person we've had in Congress in many years. And squeaky clean on ethics. Whikle he doesn't always come to the same conclusions I do, his conclusions are based on *really* knowing his stuff, knowing wtf he's talking about. Frankly, me disagreeing with Paul Ryan about federal policy is like me disagreeing with Stephen Hawking about physics theories - we both have our own opinions; one of us knows wtf they are talking about it, and it isn't me.

    Paul Ryan's departure will hurt the country when he's replaced with another "we have to pass the bill to find out what's in it" person.

  4. It's a start by mysidia · · Score: 3, Interesting

    I also want to see:

    1. Mandatory Disclosure of KNOWN security bugs in a consumer product by any governmental entity, First to the manufacturer for a designated "Fix" period, after which, all vulnerability details shall be available to the public through FOIA request.

    2. NO HORDING DEVICE OR SERVICE EXPLOITS: A security researcher, company, member of law enforcement, government, or any other party having accidentally, or intentionally: a successful defeat for a security measure on any common consumer product, OR public service must minimize the amount of proprietary or other users' data exposed during any proof of concept testing, and make minimal efforts to fully disclose their activities and all details of potential vulnerabilities to the operator of the service within 15 days of discovery, or they shall be deemed liable for holding means of fraudulent access with intent to commit a crime and fined the estimated value of the exploit not less than $10000 for a natural person, and not less than $100,000 for other persons.

    3. Prohibition against selling for a profit, importing, trafficking in, or incorporating PAID security exploits, PAID software, or COMMERCIAL devices that are designed with a specific built-in function to defeat security measures or intercept data by falsifying network or over-the-air signals or "impersonating" another device into a commercial product, or conducting security exploits in the course of business, except if the course of business is pentesting and the exploit is used in the course of business against ONLY systems fully owned by the customer within the scope of a security testing engagement, OR If the complete source code for all software and design specifications for all hardware and details of all exploits are disclosed to the public 30 days prior to the sale or release of the commercial product.

    4. Mandated Disclosures by MANUFACTURERS of the existence of ALL intentional security backdoors and remote means of access into any consumer or commercial smart phone, computer, appliance, or network device with criminal penalties for failing, AND public disclosure of any foreign governments or persons/organizations outside the manufacturer or outside the US that will have Access Credentials, Backdoor Access Procedures, Security Keys, or other Digital Signing or Decryption keys that are significant and could be used to exploit a device.

  5. That's part of what started this. Naming names by raymorris · · Score: 4, Informative

    Yes, this is a continuation of an effort that began when some in Congress thought that the FBI was lying to them about their efforts to force Apple to crack a phone.

    The reps who introduced this bill are:

    Rep. Zoe Lofgren (D-Calif.) introduced the legislation along with Reps. Ted Lieu (D-Calif.), Jerrold Nadler (D-N.Y.), Matt Gaetz (R-Fla.), Thomas Massie (R-Ky.) and Ted Poe (R-Texas).

    Reps involved starting in April were:
      Zoe Lofgren (D-Calif.), Darrell Issa (R-Calif.), Jerrold Nadler (D-N.Y.), Jim Sensenbrenner (R-Wis.), Ted Lieu (D-Calif.), Ted Poe (R-Texas), Jared Polis (D-Col.), Matt Gaetz (R-Fla.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio).

  6. Re:It won't matter, look at recent history by phantomfive · · Score: 3, Informative

    It's worth mentioning that Senator Obama went out of his way, took a break from campaigning, to vote "yes" on that bill.

    --
    "First they came for the slanderers and i said nothing."