El Reg :
Analysis In the wake of the FBI's failed fight against Apple, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) have introduced a draft bill that would effectively ban strong crypto.
The bill would require tech and communications companies to allow law enforcement with a court order to decrypt their customers' data. Last week a draft copy of the bill, dubbed the Compliance with Court Orders Act of 2016, was leaked, but the new version is even worse than the discussion draft.
In the draft version, court orders could only be issued for a crime resulting in death or serious bodily harm, terrorism and espionage, crimes against minors, serious violent felonies or Federal drug crimes. In the final version, those caveats are gone, so any court order will allow the police to access the data they want.
The bill would apply to "device manufacturers, software manufacturers, electronic communication services, remote communication services, providers of wire or electronic communication services, providers of remote communication services, or any person who provides a product or method to facilitate a communication or to process or store data." That's a pretty wide net.
"No entity or individual is above the law," said Feinstein. "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so.
"Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Idiots, I tell you, they're a pair of idiots.
Related Stories
Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:
At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:
Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?
Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.
Related: Presidential Candidates' Tech Stances: Not Great
(Score: 5, Insightful) by edIII on Friday April 15 2016, @12:39AM
In this letter I'm giving her my information so that she knows where to send the police to take me to prison when the bill is signed.
There is no way that every engineer is going to roll over on this. If they make it impossible for businesses to do this, then it will become FOSS community supported efforts where nobody gets paid, and it operates on donations.
At no point is forced government backdoors going to be acceptable, and that's assuming it was even technologically possible to do in the first place.
This outlaws encryption. Period.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @12:44AM
I'm not sure who the alternatives are, but I REALLY wish Cali would get their shit together and drop that bitch like its hot.
(Score: 3, Insightful) by Anonymous Coward on Friday April 15 2016, @01:05AM
I wish there were an "Agree" moderation option.
(Score: 5, Insightful) by edIII on Friday April 15 2016, @12:53AM
They are such fucking morons.
So I'm not limited to choosing zero knowledge encryption, or end-to-end encryption as a specific design restriction, but then I am restricted to NOT use zero knowledge encryption, or end-to-end encryption.
Which is it?
Uhhh, fuck you. Even if you were going to pay me for all the associated costs of storage, you just asked me to record something every 15 fucking seconds, from every fucking line, every fucking extension..... you wouldn't record this information in production. It's useless beyond real-time diagnostics. This is just more meta data for their Eyes Of Horus.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Interesting) by Geotti on Friday April 15 2016, @04:10AM
Uhm...
A provider [...] shall
ensure that any such products, services, applications, or
software [...] be capable of com-
plying with subsection (a) [i.e. provide, or create the means to access data in an intelligible format]
So, basically this could be used to make you put in a backdoor in your zero-knowledge "infrastructure" (i.e. inside the app itself).
They're just updating the All Writs act and naming it COCOA, so Apple knows, who this is about.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @01:28AM
A threat doesn't sound like a great idea. They will probably nab you even if the bill is not signed. Of course, we can't say for sure unless this was an open letter.
(Score: 2) by edIII on Friday April 15 2016, @02:09AM
I didn't threaten her in any way. What I did was state in simple terms that her encryption proposal did in fact have serious and daunting design restrictions, and moreover, that encryption was a human right. To demand I not implement zero knowledge or end-to-end encryption solutions when she also demands I effect privacy is ludicrous. As a small business I was unfairly burdened with additional unremunerated costs not covered in her proposed bill, and my customers were unfairly denied technology to increase our levels of security and remain competitive in the global technology sectors.
In any case, I told her I was going to make a stand like the Apple employees that would quit before compromising the iPhone for "her". Whatever happened, I would never stop helping to design and implement zero knowledge and end-to-end solutions, even for free to anyone who asked. Re-education camps were mentioned, and not as hyperbole. She would need to have me reprogrammed before I assist in creating key escrow solutions that are not even technically viable, and she better remember to reprogram me to *not* vote for somebody else the next election.
Even mentioned Gandhi and MLK at the end :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @03:04AM
Welcome to the terrorist watch list.
You seem to be under the delusion that the powers that be don't see refusing to comply with their demands as "ideological extremism". Consider yourself radicalized, they do.
(Score: 5, Insightful) by edIII on Friday April 15 2016, @07:08AM
You know what... I don't care. If I'm on a terrorist watch list for having a reasonable discussion with my Senator as one of her constituents... then a terrorist I be.
I'm not going to be afraid to talk to my Senators, especially about controversial and uncomfortable subjects that need to be discussed like this.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @05:08AM
You can always tell a politician, but you can't tell 'em much.
(Score: 3, Interesting) by Common Joe on Friday April 15 2016, @05:21AM
You should thank her instead for the entertainment value. Tell her you'd never break the law, but you'll be watching with popcorn as hackers infiltrate her bank accounts, email accounts, etc and steal her identity. Be sure to mention the Streisand Effect.
(Score: 2) by Phoenix666 on Friday April 15 2016, @11:53AM
Jesus, if only they would. It has been over a decade now that they've been waging war on us. Time for the same to redound on them a million-fold.
Washington DC delenda est.
(Score: 2) by captain normal on Friday April 15 2016, @04:23PM
I would love to see her and her husband's backdoor dealings brought to light.
When life isn't going right, go left.
(Score: 0) by Anonymous Coward on Saturday April 16 2016, @03:10AM
“Only a madman would give a loaded revolver to an idiot”.
-- Fredric Brown, "The Weapon"
(Score: 0) by Anonymous Coward on Friday April 15 2016, @12:52AM
Even France has now partially legalized cryptography (Loi n° 2004-575 du 21 juin 2004 pour la confiance dans l'économie numérique). Just be patient. This will pass. In the meantime, just use telnet.
(Score: 1) by topdawg on Friday April 15 2016, @12:55AM
I swear tho, it's only to protect the children...
(Score: 1, Funny) by Anonymous Coward on Friday April 15 2016, @01:09AM
The tech industry only further exacerbates the existing and very real issue that the Truth™ is not being told loudly enough. If it where, no one would WANT to use technology. To wit, all technology prevents/inhibits/impedes/distorts belief in the Truth™ so all technology is Evil™ and must be Abolished℠ by a thrice-sanctified member of the clergy who has first secured the fees for the service. We're still smarting over the flat-earth and the not-the-center-of-the-universe debacle.
(Score: 2) by SanityCheck on Friday April 15 2016, @01:03PM
It's to prove to the companies that the government has the biggest piece. Yeah that will teach them. While they secretly siphon all their profits out of the country, they will know you are the one in charge for sure!
(Score: 4, Insightful) by stormwyrm on Friday April 15 2016, @01:04AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 5, Informative) by c0lo on Friday April 15 2016, @01:10AM
Fuck Hanlon's razor** in this case, it is wilful - the bill passed through various incarnations until tabled.
It is unimaginable that nobody told them it's impossible to eat their cake and have it too.
--
**(ouch!!)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Friday April 15 2016, @12:11PM
Welcome to Washington, D.C., where reality is truly a quantum state. Whoa, we're the United Quantum States!
(Score: 2) by c0lo on Friday April 15 2016, @12:22PM
You have a nasty case of entanglement, it seems.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by Marand on Friday April 15 2016, @01:20AM
I was just reading this article [theregister.co.uk], also on The Register, which claims that Schneier told them that the wording could also affect things like lossy compression methods, because they couldn't be returned to their original state on demand. He had similar concerns about file deletion as well.
The more I see about this bill, the more ridiculous it sounds, and it started at insane.
(Score: 2) by Non Sequor on Friday April 15 2016, @03:41AM
Every law can be read in a way that makes compliance infeasible. The deal is that the courts are the ones that actually resolve what the terms in the law mean in context. Don't count on the courts to read "intelligible information or data" as "bit for bit copy". Also, pay attention to words like "appropriate" and "reasonable". These words delegate some latitude on the provisions of the law to the courts.
The much worse scenario here is not that the law is so broad that it shuts down all software. The nightmare scenario here is that they don't necessitate any engineering decisions, but they do require you to supply engineering effort to find a weakness in your own design. End-to-end encryption wouldn't be banned, but you would be forced to put some effort into finding an attack on your design. That's much, much worse than an outright ban, because an outright ban is much easier to fight. What's harder to fight, would be a law where designs where a company has control over the keys or clear data have a lower compliance cost than end-to-end encryption design. It's easier to turn over data that you're already sitting on than it is to write up and potentially implement an attack plan on a solid design.
Write your congressman. Tell him he sucks.
(Score: 5, Insightful) by mhajicek on Friday April 15 2016, @05:23AM
The original purpose of writing laws down, back in Hammurabi's day, was to eliminate discretion and make it perfectly clear what was permissible and what would be punished and how. The modern practice of leaving everything up to discretion, interpretation, and "reasonableness" I find abhorrent.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Pino P on Friday April 15 2016, @12:27PM
The legal systems of the Five Eyes (FVEY) countries have a concept called "case law", in which a lower court is bound by decisions made by a higher court. Case law restores some of the rule of law that "reasonable" removes, as courts of appeals will slowly build up what constitutes "reasonable" in common situations. But the practical problem with this is twofold. First, information technology has tended to outpace case law. Second, creating case law costs more money for attorney's fees and court costs than startups are likely to have, especially when one party in a case has the nigh-unlimited resources of the federal government.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @06:01PM
Another problem with it is that judges tend to be authoritarians, so leaving them to make subjective decisions about what "reasonable" means is a recipe for disaster.
(Score: 2) by captain normal on Friday April 15 2016, @04:43PM
Do mean you'd prefer something like "that which is not expressively permitted, is prohibited"?
When life isn't going right, go left.
(Score: 2) by mhajicek on Friday April 15 2016, @10:07PM
More like "that which is not expressly prohibited is permitted", unlike what we have where anything an officer doesn't like can fall under "disorderly conduct" or another vague catchall.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by jcross on Friday April 15 2016, @01:44PM
On the other hand, those who, like Apple, do care about having strong encryption are presumable already expending resources in exactly that way. If you're not already devising attack plans against your own system, you can't claim much commitment to security. Now what it may do is cause only the large players to adopt serious security measures, but in some ways this is already the case.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @01:30AM
It will be like marijuana prohibition except more widely ignored.
(Score: 4, Insightful) by Runaway1956 on Friday April 15 2016, @01:44AM
This is the post I came here to make. It is *possible* for the government to shut down all for-profit corporate production of encryption. It is simply *not possible* for government to end all encryption that fails to meet their "standards".
And, if they could? It would be the same old story we've seen with all other attempts at prohibition. Alcohol, guns, cannabis, hard drugs. Ultimately, if you are convicted of some crime, and you happened to use encryption, then you get a few extra months/years tacked on to your sentence.
Remember - there are no intelligence tests for politicians. Feinstein couldn't pass a test for dog catcher, or sewerage inspector, or much of anything else, is why she went into politics.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @03:44AM
(Score: 2) by dyingtolive on Friday April 15 2016, @05:23AM
I'm picturing a situation where it's like where particular communities store cinderblocks in their trunks to make them seem weighed down with drugs/guns/whatever, but we just constantly blast random garbage under the pretense of being some kind of encryption.
Good luck both proving that the /dev/urandom i'm blasting out is both encryption and have fun trying to decrypt it while you're at it.
Don't blame me, I voted for moose wang!
(Score: 2) by captain normal on Friday April 15 2016, @04:50PM
That actually was a technique used by bootleggers, send out two or more cars weighted down with innocuous loads to draw off the law. Then sending out the car with the real stuff right behind them.
When life isn't going right, go left.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @07:30PM
good, they can drive the fees up on the products i sell. finally! use the profit for bullets...
(Score: 1, Disagree) by jmorris on Friday April 15 2016, @01:43AM
Seriously, Tim Cook thought he could act all bad ass and tell the USG to pound sand and it would look cool. Hell, he probably thought it would juice sales. So he poked the bear in about the worst possible case imaginable, one where he had zero moral ground to make a stand on. A phone that was government property that had the communications of a known terrorist on it and a unquestionably valid court order had been issued. They could have created a quick hack that would have been public key locked to only work on that one handset, the court order even explicitly said so. They could have done it ever so quietly and not stirred up a ruckus. If this showdown is going to happen, let it happen when the government has a lousy hand, or at least one worse than a tailor made best case scenario. But no, Tim thought he was invincible, that Apple could do no wrong, that the Reality Distortion Field was not only still operating post Jobs but that it could even work on the government in the midst of a terrorism panic.
So now the System is going to fight back, stupidly of course. It is the government, did anyone think it even COULD deal with these sort of issues in a smart way? Btw, this is the big reason why I'm for a smaller government; limit the damage. All the Folk who post here can see how dumb this move is, most don't see that just about everything else the government does is about as skillful.
(Score: 2) by takyon on Friday April 15 2016, @01:52AM
This bill will damage the government far more than it damages the tech industry. If it does somehow manage to pass the bill and damage the tech industry, that will result in more damage to the government, since there will be less profits to tax once overseas customers bail.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Nerdfest on Friday April 15 2016, @02:00AM
Yep. The tech industry can fairly easily leave. There's a friendly country north of you that's always looking for good engineers. With the way the current election's going, I don't think it would take much of a push.
(Score: 4, Insightful) by Anal Pumpernickel on Friday April 15 2016, @01:56AM
Call Tim Cook and thank him for this one
No thanks. I'll blame the ones responsible instead: The ones who created the bill.
What you're doing is like saying we should blame terrorists for the Unpatriotic Act. Yes, maybe the government reacted to the attacks by creating that law, but it was still them who decided to create the law in the end. They didn't have to react that way. The same is true here.
one where he had zero moral ground to make a stand on.
Taking a against a government that wants to impose indentured servitude upon individuals and companies gave him the moral high ground. I don't agree that the court order was "unquestionably valid". That it was the government's property is completely irrelevant.
If they wanted the data, they should have figured out how to get it themselves, without ever involving Apple. If that's difficult, too bad. They don't get to force people into indentured servitude just to make it more likely that they can decrypt the data.
Btw, this is the big reason why I'm for a smaller government
If you want smaller government, it would seem smart to applaud Tim Cook for his actions.
(Score: 2) by jmorris on Friday April 15 2016, @02:31AM
If you want smaller government, it would seem smart to applaud Tim Cook for his actions.
Ask google to define "Phyrric Victory" for ya.
(Score: 3, Insightful) by Anal Pumpernickel on Friday April 15 2016, @03:01AM
The government will use anything and everything as an excuse to increase its power. Terrorist attacks, companies not following absurd orders, people using a technology to avoid surveillance, etc. I don't think any one thing can be said to be the only factor in the government's latest power grab, but even if there was such a factor, it would still be the government's own fault in the end.
(Score: 2) by butthurt on Friday April 15 2016, @03:14AM
It wasn't only Apple. According to a CNN story [cnn.com], Amazon, Facebook, Google, Microsoft and other companies intended to write to the court in support of Apple.
I doubt that that was a realistic option in such a high-profile case as the one against Syed Farook.
(Score: 2, Touché) by Anonymous Coward on Friday April 15 2016, @03:39AM
(Score: 5, Insightful) by Azuma Hazuki on Friday April 15 2016, @04:59AM
You fucking boot-licking fascist moron. Don't you ever call yourself a libertarian or a freethinker again; you've got that huge authoritarian cock shoved so far down your throat you're farting jizz swastikas. I knew there was a reason I hated you and this is it.
I am "that girl" your mother warned you about...
(Score: 3, Insightful) by linkdude64 on Friday April 15 2016, @07:25AM
Ran out of mod points, but you'd get one.
He seriously thinks that cooperating with the bad guys and meeting their demands will somehow make them re-think their ways.
(Score: 2) by q.kontinuum on Friday April 15 2016, @11:09PM
I don't want to reference the failed appeasement-politics towards Hitler in this context, but I think I just did it anyway :-=) Appeasement of that kind usually ends bad.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by tangomargarine on Friday April 15 2016, @02:29PM
Seriously, Tim Cook thought he could act all bad ass and tell the USG to pound sand and it would look cool.
So instead he should have just rolled over and let them in? Then we're back where we're at now.
Fuck off and die.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by jmorris on Friday April 15 2016, @05:27PM
So instead he should have just rolled over and let them in?
Yes. It is about choosing which one is the "hill to die on." In the Apple case all of the cards were in the Government's hands and the demands were so reasonable that the attempt to fight turned public opinion against them to a point where such a bill could be introduced and have a dangerously high chance of actually passing.
Apple is asking for us to accept incompatible things. They demand to retain ownership and control over every piece of hardware they sell at the same time they claim they are so secure that nothing can get into them. Then they demand to be an American company when that benefits them while also, on a basis not clearly specified, to be set above our laws.
It would be possible to build a phone that were truly secure. But Apple will never be the company to deliver that product. Neither will Google for that matter. Both base their business model on control of the user.
(Score: 1, Interesting) by Anonymous Coward on Friday April 15 2016, @06:10PM
You seem to want to blame everyone but the government for the government's own actions, and then you claim that you want a small government. People should fight and oppose the government at every turn, not let them trample over us merely because the government may do something worse in response to our resistance. The government is made up of authoritarian thugs; you shouldn't negotiate with authoritarian thugs.
(Score: 2) by tangomargarine on Friday April 15 2016, @06:29PM
In the Apple case all of the cards were in the Government's hands and the demands were so reasonable that the attempt to fight turned public opinion against them to a point where such a bill could be introduced and have a dangerously high chance of actually passing.
That must be why the government decided to drop the case, because they were so confident of winning, right?
They demand to retain ownership and control over every piece of hardware they sell at the same time they claim they are so secure that nothing can get into them.
Just because I have a really good lock on my front door doesn't mean I let burglars pitch a tent in my yard.
Then they demand to be an American company when that benefits them while also, on a basis not clearly specified, to be set above our laws.
Well yeah, the whole tax haven thing. But that's just standard greed.
It would be possible to build a phone that were truly secure.
Funny, it sounds like they've done a pretty damn good job already with the next version of the phone our TLA homeboys wanted so desperately to get in the pants of. Which was actually out already, so they anticipated the problem.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Informative) by Anonymous Coward on Friday April 15 2016, @02:04AM
Techdirt [techdirt.com] points out this quote from a recent encryption debate:
"I think it would be reasonable to ban the import of open-source encryption software" -- US Attorney for the Eastern District of Michigan Barbara McQuade
...
Yeah.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @02:12AM
Seems sort of fitting. For a long time, the position of the US government was to put export restrictions in place to keep the strong stuff in the US and let everyone else (including bad guys) using the weak stuff. After finding out that didn't work, now they have an import restriction to keep the weak stuff in the US and let everyone else (including bad guys) use the strong stuff.
(Score: 2) by fido_dogstoyevsky on Friday April 15 2016, @11:54AM
...the position of the US government was to put export restrictions in place to keep the strong stuff in the US and let everyone else (including bad guys) using the weak stuff. After finding out that didn't work, now they have an import restriction to keep the weak stuff in the US and let everyone else (including bad guys) use the strong stuff
So Burr and Feinstein are like Doug and Dinsdale Pirhana [montypython.net] starting "The Other Operation"?
It's NOT a conspiracy... it's a plot.
(Score: 2) by butthurt on Friday April 15 2016, @02:49AM
Perhaps she understands that OpenSSH and LibreSSL are imported from Canada. [openbsdfoundation.org] Then again, perhaps Hanlon's razor applies.
(Score: 2) by bitstream on Friday April 15 2016, @03:02AM
Big wall of USA coming soon to a tier-1 router near you? H1-B visas for Chinese consultants will skyrocket..
The normal approach is to assume that politicians are dumb. But then analyzing the system and gaming theory. Perhaps the clues are right there?
(Score: 2) by FakeBeldin on Friday April 15 2016, @03:47PM
And it would also kind of be necessary to ban teaching of modern cryptosystems such as AES. And quite possibly even DES, because increasing key-size and going triple-des (or even beyond) will make it a PITA. Hell, even teaching XOR will become evil, because $ONE_TIME_PAD.
(Score: 2) by dltaylor on Friday April 15 2016, @02:17AM
Normally, I'm a fan of the concept "it is not necessary to ascribe to malice that which is adequately explained by stupidity", but in the case, SHE HAS BEEN TOLD that a back door is going to be used by criminals. She REALLY does not care how much damage is done to her constituents, state, or country. She's just so fond of being "on the inside" of the TLAs, that she will sacrifice everything else to stay there. Too bad she's not the senator being replaced this year.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @03:39AM
Yes, any back door will be used by criminals. And the most dangerous criminals are the criminals who happen to be in the government, as they have staggering amounts of power and resources. As J. Edgar Hoover and countless others throughout history demonstrated, the government (or even just some people in the government) gladly use its power to crush political opponents, dissidents, activists, lawyers, and whistleblowers.
(Score: 0) by Anonymous Coward on Friday April 15 2016, @04:32AM
Chin up. She could fall ill, die, or resign.
(Score: 2) by bitstream on Friday April 15 2016, @03:10AM
Do these people know there's many countries outside their jurisdiction that flat don't give a sh-t about their rules?
And the latency to those places are low.
Perhaps there will be a sign on a stick at the border.. [Mad house ahead, be sane and turn back].
A few Americans has even moved to what some people in the past has considered to be B-countries because when adding civil structure, taxes, prices, health, housing, job opportunities etc it does no longer add up in favor.
(Score: 2) by RamiK on Friday April 15 2016, @03:55AM
SCOPE OF REQUIREMENT
A covered entity that receives a court order referred to in paragraph (1)(A) shall be responsible only for providing data in an intelligible format if such data has been made unintelligible by a feature, product, or service owned, controlled, created, or provided, by the covered entity or by a third party on behalf of the covered entity.
This bill does not ban strong encryption. It simply limits entities to IaaS*. People could still buy a remote VM instance and VNC\RDP to it. They'll then install OSs with Public Domain encryption** that requires a password on boot, encrypts the storage, and only work with end-to-end public domain implementations of encryption protocols. The license will have to be lettered to make the running instance explicitly owned by the clients and not by the entity selling it or some third party.
Effectively, not only will this bill not ban strong encryption, it will force end-to-end strong encryption for storage purposes as well as remote compute. It will also likely force Intel, ARM and AMD to release their micro-controller encryptions to the public domain.
Overall, this is a great bill and we should all support it.
*Infrastructure as a service. As opposed to Platform as a service (Google App Engine and Microsoft Azure) and Software as a service (Web Hosting).
**Licensing retains ownership by the writer. EULAs in closed source software and free software licenses retain ownership by the developers making them responsible to provide decryption. The only way to overcome this is to use Public Domain encryption since the third party scope means you can't setup a shell outside the US to write the encryption part of your product for you.
compiling...
(Score: 0) by Anonymous Coward on Friday April 15 2016, @10:15AM
Licensing retains ownership by the writer. EULAs in closed source software and free software licenses retain ownership by the developers making them responsible to provide decryption. The only way to overcome this is to use Public Domain encryption since the third party scope means you can't setup a shell outside the US to write the encryption part of your product for you.
You forget the part where if you provide encryption as part of your service you're still required to be able to backdoor it.
Cool thing for me, since I'm a cryptographer and can make my own crypto algorithms just for me, and thus they can't stop me from using the ciphers without infringing 1st amendment rights (but they can ramp up the COINTELPRO harassment campaign against us cryptographers [that's why crypto conferences aren't in the USA anymore]).
(Score: 2) by RamiK on Saturday April 16 2016, @06:13PM
You forget the part where if you provide encryption as part of your service you're still required to be able to backdoor it.
Read this again:
feature, product, or service owned, controlled, created, or provided
Simply put, don't provide encryption.
As a software programmer, implement a general purpose script extension system.
As a hardware designer, replace your cryptography extensions with FPGA.
As a cryptographer, review anonymous scripts in an open academic journal wiki while releasing your reviews under public domain.
Is this a feature making data unintelligible? No more than any other general purpose interpreter, CPU or abacus.
Do you own this product, or service? Nope. Can't own what's under public domain.
Do you control this product, or service? Nope. Can't own what's under public domain.
Did you create this product, or service? Nope. anonymous wrote the script. You just reviewed it.
Did you provide this product, or service? Nope. You just reviewed it in a journal after it was posted anonymously \ fell off a truck.
Like I said, this bill is a blessing in disguise. It will force open computing like never before.
compiling...
(Score: 2) by FakeBeldin on Friday April 15 2016, @09:48AM
You know, here in Europe we've had 2 horrendous and major scandals involving basements (Dutroux in Belgium and Fritzl in Switzerland). It's curious that Feinsteinn and Burr have yet to jump on the "save children - outlaw basements" bandwagon.
Seriously, are American houses required to have front doors (or back doors) the police can break down? No? But but but!
Is it illegal to have a bunker that the government cannot access if you want to keep them out? Yes? Ask the folks in Tornado Alley how they feel about such laws.
(Score: 3, Informative) by jmorris on Friday April 15 2016, @05:31PM
Seriously, are American houses required to have front doors (or back doors) the police can break down?
Yes, they do. Just a bit of misdirection in that they specify a maximum strength so that the fire department can break it down.
(Score: 2) by Fnord666 on Friday April 15 2016, @04:29PM