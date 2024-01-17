from the ROT-13-is-too-secure dept.
Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:
At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:
Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?
Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.
Another day, another U.S. law enforcement official calling for regulation and weakening of encryption. This time, Michael Steinbach, assistant director in the FBI's Counterterrorism Division, has told Congress that Internet communication services are helping ISIS/ISIL and other terrorist groups as they are now "Going Dark," and the FBI needs a "front door":
As far as the FBI is concerned, private companies must "build technological solutions to prevent encryption above all else," the Washington Post reports Steinbach as saying. That's a pretty sharp reverse ferret from the FBI, which four years ago was recommending encryption as a basic security measure. But Steinbach said evildoers are hiding behind US-made technology to mask their actions.
Steinbach told the committee that encrypted communications were the bane of the agency's efforts to keep the American public safe from terror. But the FBI wasn't insisting on back door access to encryption; rather, it wants companies to work directly with law enforcement where necessary. "Privacy above all other things, including safety and freedom from terrorism, is not where we want to go," Steinbach said. "We're not looking at going through a back door or being nefarious."
Instead the FBI wants a front door; a system to allow it to break encryption created by US companies. Understandably, US tech firms aren't that keen on the idea, since "we have borked encryption" isn't much of a selling point.
How do the candidates for the presidency of the US do on technical issues?
Two companies (Tusk Ventures and Engine) on startups, government and policies evaluated the candidates on
- privacy & security
- intellecutal property
- education, talent and workforce
- broadband access and infrastructure
Overall conclusion:
Clinton B+
Sanders B
Cruz D
Kasich D+
Rubio C+
Trump F
There's little explanation on the methodology though. Seems to be "This candidate has said something on this once/twice/often" - not the forefront of academic rigor.
Nevertheless: I am (somewhat) curious about this. So my questions to SoylentNews:
- How would you grade the candidates on the above issues?
- What are your reasons for those grades?
[There is some background on the categories and the thinking behind the scores in their 2016 Candidate Report Card (pdf). Do note that part of the scoring in the "education, talent and workforce" category is based on: "High-skilled Immigration Reform: Does the candidate support expanding opportunities for global technical talent and entrepreneurs to work in U.S.?" -Ed.]
El Reg :
Analysis In the wake of the FBI's failed fight against Apple, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) have introduced a draft bill that would effectively ban strong crypto.
The bill would require tech and communications companies to allow law enforcement with a court order to decrypt their customers' data. Last week a draft copy of the bill, dubbed the Compliance with Court Orders Act of 2016, was leaked, but the new version is even worse than the discussion draft.
In the draft version, court orders could only be issued for a crime resulting in death or serious bodily harm, terrorism and espionage, crimes against minors, serious violent felonies or Federal drug crimes. In the final version, those caveats are gone, so any court order will allow the police to access the data they want.
The bill would apply to "device manufacturers, software manufacturers, electronic communication services, remote communication services, providers of wire or electronic communication services, providers of remote communication services, or any person who provides a product or method to facilitate a communication or to process or store data." That's a pretty wide net.
"No entity or individual is above the law," said Feinstein. "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so.
"Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
Idiots, I tell you, they're a pair of idiots.