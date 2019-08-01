from the that's-not-how-this-works dept.
Graham, Cotton Introduce Yet Another Attempt to Torpedo Encryption
On Tuesday, Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced yet another bill attempting to poke holes in data encryption, called the Lawful Access To Encrypted Data Act. This bill follows previous US efforts to weaken encryption, including March's proposed EARN IT Act and demands made by US Attorney General William Barr in his 2019 keynote address at the International Conference on Cyber Security.
A press release from the Senate Judiciary Committee—which is chaired by Graham—describes the bill as "a balanced solution that keeps in mind the constitutional rights afforded to all Americans, while providing law enforcement the tools needed to protect the public from everyday violent crime and threats to our national security." It goes on to emphasize—in both bold and italic text—that the bill would "only" require service providers to grant law enforcement a back door after a court issues a warrant.
Graham expresses his personal position in strong terms:
Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate [...] tech companies have refused to honor [court orders] and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans.
Unfortunately, as is typical for these resolutions, Graham's expressed ideas don't adhere to technological reality. In order for a service provider to "honor and assist" law enforcement investigations in the way Graham demands, it would necessarily—and fatally—have to compromise the very encryption it offered in the first place. This would apply to every consumer the provider services (American or otherwise), whether a warrant were issued or not.
Encryption doesn't work that way
Sens. Lindsay Graham (South Carolina), Tom Cotton (Arkansas) and Marsha Blackburn (Tennessee) introduced the Lawful Access to Encrypted Data Act, which would put an end to what they called "warrant-proof" encryption.
[...] The bill is targeted at companies like Facebook and Apple, which have repeatedly defended their stances by saying they have an obligation to protect the billions of innocent citizens who trust the encryption embedded in their devices and apps to shield their information from public exposure. The tech companies fear that if they provide investigators with a back door past encryption, they'll open up an avenue for bad actors to exploit the entryway.
"End-to-end encryption is a necessity in modern life – it protects billions of messages sent every day on many apps and services, especially in times like these when we can't be together," Facebook said in a statement, according to CNET. "Rolling back this vital protection will make us all less safe, not more. We are committed to continuing to work with law enforcement and fighting abuse while preserving the ability for all Americans to communicate privately and securely."
Republican senators have introduced what they have described as a "balanced" bill that would require technology companies to give law enforcement agencies access to encrypted user data.
Authorities in the United States and other countries have long tried to convince — an in some cases force — tech companies to develop and use encryption that would allow law enforcement to access encrypted data if needed. Experts have argued that adding backdoors to encryption systems would also allow malicious actors to abuse those backdoors, thus defeating the purpose of strong encryption.
Senators Lindsey Graham (R-South Carolina), Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) are making another attempt with a new bill introduced on Tuesday, which they have named the Lawful Access to Encrypted Data Act.
They claim the goal of the bill is to "bolster national security interests and better protect communities across the country by ending the use of 'warrant-proof' encrypted technology by terrorists and other bad actors to conceal illicit behavior."
The officials believe that while encryption is "vital" for securing data, communications and financial transactions, law enforcement should be given access to the information they seek if they present a warrant.
[...] On the other hand, security and privacy experts who support the use of end-to-end encryption provide journalists, activists, whistleblowers and members of persecuted groups as examples of individuals for whom strong encryption is crucial.
[...] The Attorney General would be allowed to ask companies to report on their ability to comply with court orders, but it's prohibited from forcing vendors to use specific technical methods.
Moreover, the government would compensate companies for their compliance and the Attorney General would create a prize competition to reward those who create a solution that maximizes privacy and security while allowing lawful access to encrypted data.
(Score: 0) by Anonymous Coward on Sunday June 28, @12:59AM
Encryption, that horse bolted the barn long ago.
Dumb crackas.
(Score: -1, Flamebait) by Anonymous Coward on Sunday June 28, @01:02AM (1 child)
There, now SJWs will ensure it gets cancelled.
(Score: 0) by Anonymous Coward on Sunday June 28, @01:19AM
This has been one helluva campaign season so far.
(Score: 3, Touché) by EJ on Sunday June 28, @01:06AM (2 children)
This is so silly. All they need to do is make encryption illegal. Then, the criminals won't use encryption because it's illegal.
(Score: 0) by Anonymous Coward on Sunday June 28, @01:17AM
Yep,
If it's illegal, I will give it a wide berth.
Source: Imma (minor) criminal.
(Score: 1) by fustakrakich on Sunday June 28, @01:50AM
Yes, if you are caught using unauthorized protocols, the cops will bust your door down and shoot your dog
REDЯUM
(Score: 2) by stormreaver on Sunday June 28, @01:12AM
That's great to read! So when can I expect to hear that this bill is being rescinded, as it is a HUGE threat to our national security.
(Score: 0) by Anonymous Coward on Sunday June 28, @01:13AM (1 child)
You can set up a TLS session, but the service provider--like Twitter, Failbook, or any Fediverse server in the USA--will have to keep a record of every communication it relays, in order to provide it when there is a warrant for it. Room 641A [wikipedia.org] was done quietly. This is done out in the open.
(I'm guessing "back door" is committee-speak for providing the requested information in some form or another. They just want a written record of all your conversations including pics, and they're proposing judicial "oversight" for access control.)
(Score: 0) by Anonymous Coward on Sunday June 28, @01:29AM
There are encrypted conversations going on right now that can only be stored, not decrypted, and Silicon Valley companies are enabling some of it.
TLAs want metadata, sure, but contents are even juicier.
(Score: 2) by PinkyGigglebrain on Sunday June 28, @01:53AM
La Te Da?
wasn't that the lyrics to a song long ago?
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."