They’ve been threatening this for months now, but Senators Richard Burr and Dianne Feinstein have finally released a “discussion draft” of their legislation to require backdoors in any encryption… and it’s even more ridiculous than originally expected. Yesterday, we noted that the White House had decided to neither endorse nor oppose the bill, raising at least some questions about whether or not it would actually be released. Previously, Feinstein had said she was waiting for the White House’s approval — but apparently she and Burr decided that a lack of opposition was enough.
The basics of the bill are exactly what you’d expect. It says that any “device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data” must respond to legal orders demanding access to said information. First off, this actually covers a hell of a lot more than was originally expected. By my reading, anyone providing PGP email is breaking the law — because it’s not just about device encryption, but encryption of communications in transit as well. I wonder how they expect to put that genie back in the bottle.
But, let’s dig into a few other bits of insanity in the bill. It starts out with an insane assertion, right upfront:
It is the sense of Congress that–
- no person or entity is above the law;
- economic growth, prosperity, security, stability, and liberty require adherence to the rule of law;
What an absurd way to start the bill. As we’ve discussed over and over again, despite FBI director James Comey’s statements, no one is claiming to be “above the law” here. When they offer end-to-end encryption they’re not “above the law,” they’re just building a system to which they don’t have the key. That’s like saying that the safe maker who doesn’t keep copies of the keys to every safe they sell is above the law. But no one requires safemakers to keep copies of every key.
Next, the claim that economic growth, prosperity, security, stability and liberty somehow depend on all of this is ridiculous. The second this bill becomes law, the US loses a massive economic advantage. Basically all of our technology becomes suspect globally, and the entire cybersecurity industry moves off shore. It will devastate American businesses outside of the US. Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry. This is especially insane coming from Feinstein, given that she supposedly represents so many tech companies in California.
all providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders;
And they do… when they can. But what this bill requires is for tech companies to undermine the basics of encryption to make everyone less safe. This is not about disrespecting the rule of law, but about building systems as secure as possible to protect people from malicious attacks. You know, the very kinds of attacks that Senators Burr and Feinstein kept screaming about just months ago when they were demanding a bogus cybersecurity (really: surveillance) bill get passed by Congress. And yet now they want to undermine the very core concept of cybersecurity in the US.
to uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data;
And if that’s literally impossible, as is the case with strong encryption or end-to-end encryption?
Let’s be clear, here. This bill makes effective cybersecurity illegal. Think about that for a second. This is insane.
Then there’s this kicker:
Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.
Yeah, except for the entire bill which absolutely prohibits the kind of design that basically all security experts say you need to adequately protect data and communications.
There are lots of other issues as well. As Jonathan Zdziarski notes, the bill is so ridiculously drafted that it doesn’t distinguish between encrypted data and deleted data. Thus, if someone deletes all their data, companies are still on the hook to magically get it back. It also requires that any information that is requested be delivered “in an intelligible format.” But what if the information itself is not intelligible? What if, prior to encrypting the data through technological means, the people doing the communications used some sort of cypher or code themselves to further obfuscate the information?
The whole thing is a mess and provides much more evidence for the fact that Feinstein and Burr have absolutely no clue what they’re talking about on this particular issue. Of course, there are lots of clueless people, but it’s pretty disturbing that these two particularly clueless people happen to be the highest ranking members on the Senate Intelligence Committee. Perhaps, like some others, they should talk to actual intelligence community professionals, who have also been arguing that backdooring encryption is a bad idea and puts Americans at much greater risk of being victims of computer attacks.
Well off to work in the usual state or rage honey.. See you later LOL. Diane, ye old lot lizard , when will you get cancer ? I would settle for a toxic brain eating parasite, although it seems she has no brain to be parasited off of. Alas this filthy, stinking, peeno noir loving, America hating, JEW whose had about 4 husbands, is the worst, most disgusting, most despicable, vomit causing, pure evil whoooooer we may ever know. I will never go to SF cause they have to be so flamed out otherwise how does this trash get thrown back to DC (district of criminals/coonts). The disgusting part is that she overwhelming gets those yahoos to vote for it/her? Any ways check y’all later at lauch time
What’s the mantra? “If you don’t have anything to hide, what’s the worry?” What a crock! If a true election were held, Feinstein’s joo arse would be tossed on top of the trash heap in short order.
Need birth control? Just plaster the highway billboards with her and Hillary’s ugly mugs, and pregnancy rates would drop substantially! Better hand out the barf bags though! RRRRRRRRRRRAAAAAAAAAAAAALLLLLLLLLLLLLLLLLFFFFFFFFFFFFFFFFFFFFFF!!!!!!!!!!!!!!!!!!!!
That Feinswine hag and her ilk want to restrict encryption for exactly the same reason they want to restrict guns. It’s all about the pursuit of totalitarianism.
Honestly, though, I wouldn’t trust any commercial encryption anyway, or even homegrown encryption unless I really knew what I was doing. The danger of a backdoor is present in any computing device. It’s still a good idea to use encryption for routine communications where secrecy isn’t critical. But for REALLY sensitive communications, I’d go “old school” and avoid electronics altogether.
F&%k you, Feinstein
I have my own encryption software, written many years ago with no back doors, and you’re not getting your Kike nose into my encrypted documents.
End of discussion.
pretty son we’ll be passing notes in the park on trails
and so on damm that sounds like our forefathers
what they did. hmmm
Feinstein. … that btch needs a 16 foot pike stuck up her azz.
We can even fit her hubby on it.
Then bbq both of them like a pig with an apple in their mouths.
Anyone that voted for her needs to be shot.
Just die already wouldja.
Poor Apple ..;)