Rep. Michael McCaul Proposes 'Commission' To 'Force' Silicon Valley To Undermine Encryption

from the well,-here-we-go... dept

Rep. Michael McCaul, the head of the House Homeland Security Committee has now given a speech in which he announced plans to introduce legislation that will create a committee to undermine encryption in the tech industry:

The legislation “would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground,” Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University. “This will not be like other blue ribbon panels, established and forgotten.”

He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. “We cannot stop what we cannot see,” he said in reference to recent attacks in San Bernardino, Calif., and Paris.

Yes, the idea that it will include technologists and privacy and civil liberties folks sounds good, but it still seems like the key focus is going to be around undermining encryption. You don’t need a special commission to do the only thing you really need to do: which is to keep making ever more secure encryption. And, of course, McCaul has been among the leading voices in seeking to blame encryption for everything. A few weeks ago he insisted that the Paris attackers used encryption and in the Q&A portion after his speech yesterday he went even further directly claiming the Paris attackers used the Telegram app — something that no one else has claimed to date. He first admits that a “backdoor” to encryption is a bad idea, but then basically says, “but there must be some technological solution” before claiming that the Paris attackers definitely used encryption.

It’s a very complex issue. I think initially lawmakers thought there was an easy legislative fix where we just amend the CALEA statute, until we found out that providing a backdoor into everybody’s iPhone was not going to be a very good strategy. Not only would it provide a backdoor for the government, but also for hackers. So you’ve noticed that the language of the FBI director and the language of the Secretary of Homeland Security has shifted to trying to find a technology solution to this problem.

This part is true, but that “shift” to finding a “technology solution” still involves creating backdoors to encryption — and just not calling them backdoors. McCaul continues:

I will not tell you that it’s an easy solution, but I’ve had very in-depth discussions that I do believe there are alternatives. There are some solutions to this problem. And I think the inherent problem, and the reason why I’m advocating the formation of this commission, is because of the reluctance of both parties to sit in the same room together. And so what this legislation provides — in fact what it will mandate — that all relevant parties sit in the same room together, and in a very short period of time, provide the Congress with solutions and recommendations for legislation to deal with what I consider to, as I said in my remarks, one of the most difficult challenges of this century, in dealing with counterterrorism and basically criminal behavior.

First of all this is hogwash. People from both sides are more than willing to sit together, if there was some possible productive outcome from it, and compelling them to sit in the same room doesn’t change the facts that what they’re asking for is impossible. I don’t now how many times it needs to be said, but full encryption makes us all much safer, and you can’t magically create a technology that “only the good people” can use. No one’s demanding that law enforcement and gunmakers get together to create bullets that only hit bad people. And no one’s demanding that automakers and law enforcement get together to design cars that only nice people can drive. Why do people magically think that Silicon Valley can determine who’s good and who’s bad and set up technology so that only nice people can have their privacy protected?

McCaul then continues, falsely claiming the Paris attackers used encryption:

If we don’t do anything. Title III wiretaps and FISAs will become a thing of the past. When we saw the encrypted apps on the on the Paris attackers’ iPhone – it was Telegram. When eight attackers and numerous co-conspirators, foreign fighters from Syria, can do something like that and it’s completely under the radar screen. We know why it went undetected. It went undetected because they were communicating in the dark space. In a space where we can’t shine a light on to see these communications even if we have a court order.

Of course, this is hogwash. No one else has claimed the Paris attackers used encryption. And in fact we now know that they communicated via unencrypted SMS and that they did a lot of their planning in plain sight, with the guy behind the plans bragging to an English-language ISIS publication about his plans, and the attackers booking hotels and guest houses in their own names.

Politico followed up with staffers on McCaul’s committee to ask about this, and they admitted that McCaul was exaggerating — saying he was talking “in general about terrorists’ use of encryption” rather than specifically about the Paris attacks. Except, he said it pretty directly, which means he’s either misinformed or lying. And, yet, now he’s rushing to set up a special commission to help figure out a way to deal with this problem that he himself is exaggerating? That’s not encouraging.

McCaul later went on to repeat the “this is a difficult problem” line which misses the point. It’s not a difficult problem. It’s not that smart people don’t want to work on this, it’s that law enforcement and McCaul are asking for the impossible: encryption that protects privacy, but only for good people. And, yet, he says he needs to “force people” to solve this problem (he literally uses the phrase “force them.”)

While some have suggested that this commission could deal with many other issues unrelated to encryption (which could, potentially be a good thing), the timing of this, just as so many have been calling to undermine encryption by phrasing it as calling for “a conversation” between techies and law enforcement, combined with McCaul’s incorrect statements on encryption is worrisome.

The only other “positive” in all of this is that he’s pushing this commission as an alternative to legislation that would mandate encryption backdoors admitting (correctly) that “a legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans….” That’s absolutely true, but what, exactly, does he expect this new commission to do other than to undermine encryption and weaken those protections? And, as he made clear in his statements above, he’s still expecting this commission to suggest a legislative solution in a fairly short time period. In other words, this may not be a “legislative knee-jerk” but it sure looks like a plan to lead to knee-jerk legislation, just one where McCaul can point to some committee’s “recommendations” to cover up the fact that he’s demanding the impossible.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Rep. Michael McCaul Proposes 'Commission' To 'Force' Silicon Valley To Undermine Encryption”

Subscribe: RSS Leave a comment
90 Comments
That One Guy (profile) says:

"Here's the carrot. Yes it's rotten, but trust me, you DON'T want to see the stick."

It may be getting into tin-foil hat territory, but I can’t help but think that the ‘commission’ is expected to ‘fail’, at which point they throw up their hands, claim that since the tech companies stubbornly refuse to re-write reality that they’re just going to have to force them to do so via laws.

At this point they know that they’re asking for the impossible, they’re just trying to shift public opinion enough that they can force the tech companies to cripple encryption and make everyone less safe, and I imagine the ‘commission’ is nothing more than a bit of theater in that, designed ahead of time to ‘fail’ and hopefully make it looks like the tech companies, rather than the government and police, are the ones being unreasonable.

Anonymous Coward says:

Re: The Trurl's machine.

Well, one potential positive of this, if they find REAL representatives of all sides willing to be part of this, is that everyone can sit down in a less-politicized arena, put everything on the table, and have law enforcement and congress go: “… Oh. Right. Well at least now we’ve settled it.”

Then Congress can trumpet that they tried every avenue, and encryption is the best way to keep people safe, and some alternatives that actually work can be trumpeted by law enforcement, and everyone else goes home feeling a bit safer.

Not saying this will happen, but at least it’s a possibility.

Anonymous Coward says:

If an key can be copied from a photograph for TSA approved suitcase luggage locks, what is to stop the master key from leaking for the back door on encryption? In the end, the door is left wide open for anyone… good, curious or evil.

E-Commerce, banking, ETC would be left wide open. Lets see how well that works out.

Anonymous Coward says:

Re: Re:

And they want the consumer to be held responsible for “identity theft”.

The actual crime is that of fraud and it is perpetrated upon the businesses not the consumer. This is simple fact and yet they attempt to hold others responsible for their own lack of security and utter contempt for anything but themselves.

Anonymous Coward says:

Just what the hell is going on with congress? It just doesn’t matter how many times they try to dress this up, change its name or appearance … trying to ban or restrict Silicon Valley from implementing encryption in their devices is simply beyond the purview of congress’ powers. It would be the same as if congress tried to ban or restrict smartphones or media players from the ability to transfer audio or video to those devices.

Democrats and Republicans have all lost their minds and there is no way that such a resolution or law could ever withstand a court challenge, even if by some miracle they managed to squeeze this through both chambers of congress.

Anonymous Coward says:

> but full encryption makes us all much safer

If, tomorrow, landline telephone calls were suddenly strongly encrypted and police with a warrant couldn’t listen in, would we be instantly safer? I’m pretty sure that tapping phone conversations has been used effectively in the past and I don’t hear a lot of people bemoaning the fact that our easily intercepted telephone system is harming people daily.

Anonymous Coward says:

Re: Re:

There’s a reason most banks refuse to deal with account information over telephones. Also why most hospitals won’t give out personal information over the phone. Also why you probably shouldn’t give your SSN over a phone. You just described exactly why.

So yes, we would be instantly safer, just in a different way than you describe. A way that would affect a significantly larger portion of people than your scenario.

Anonymous Coward says:

Re: Re: Re:

There is a reason they won’t deal with account information over the telephone – authentication. It has nothing to do with encryption. If they do give you account information, it will only be after you’ve had to answer a whole bunch of questions that hopefully only you would know the answer to.

Anonymous Coward says:

Re: Re:

Landline telephone calls don’t have and keep everything about you, including your bank data, what do like, what you do, where are you, where have you been… it isn’t only the present, but a lot of your past is on the internet too.

Landline telephones don’t have the ability to control things remotely, or won’t be used to make cars by themselves (as they are already testing).

This isn’t like 20 years ago. Hack someone’s computer, email and social networks and you get a lot of shit about him that can fuck his life forever.

And even if there isn’t that shit in it, you even have the ability to create it, and fuck him forever.

Internet stopped being part of some sort of harmless virtual world and is part of our everyday lives now. Either we start taking things seriously, or the mess will be monumental.

Anonymous Coward says:

Re: Re: Re:

Landline telephone calls don’t have and keep everything about you, including your bank data, what do like, what you do, where are you, where have you been… it isn’t only the present, but a lot of your past is on the internet too.

Landline telephones don’t have the ability to control things remotely, or won’t be used to make cars by themselves (as they are already testing).

This isn’t like 20 years ago. Hack someone’s computer, email and social networks and you get a lot of shit about him that can fuck his life forever.

Ever seen a hacking movie from the ’80s or ’90s? It’s not that telephone calls themselves keep information about you, it’s that the telcos keep logs of the routing data, and anyone can listen in on the line during the call and record what they hear. Furthermore, TO THIS DAY modems are hooked up to landlines that don’t verify the user who is calling in, or verify that they’re the only one on the line. It’s somewhat trivial to monitor a phone call being made to, say, a hydroelectric dam gate sensor, then drop the caller part way through and pick up the communication where they left off (after the password was sent for verification).

The fact that nobody’s bothered to do this is a different issue: the Internet just makes things so much more convenient by providing one packet to rule them all: you don’t need specialized tools and knowledge if everything is speaking the same language over the same lines.

Ironically, the Internet has consolidated our data and data control/transmission mechanisms into a one-stop-shop for both law enforcement and terrorists. There is no more physical segregation of data.

And that, of course means that physical segregation will no longer prevent against abuse of that data, which is why encryption is absolutely necessary, despite the negative impact it has on those who want to do good with (legally or illegally) pilfered data.

ECA (profile) says:

LOTS OF MONEY GOING NOWHERE

I really wonder about people sometimes..
There is NO MAGIC KEY to encryption.
You dont need hardware to make it.
You dont need software to make it..
the only use of Software/hardware is making it easier, faster to transmit.
And if you GUT it out of the hardware, computers cellphones, and all the rest, they can make up their OWN software to do it…if they want.
But if you REALLY want down and dirty…DONT encrypt it..Even if the NSA scans all the signals and collects all the Forms/fashions of communication…It will take DAYS/MONTHS/YEARS to weed thru it all, to find the 1 communication you wanted…AFTER THE FACT.

Anonymous Coward says:

Hey, this is better than giving terrorists drones so that they can remotely attack us.

They will move to encrypted networks (as if you could prevent that, lol) while on our “enlightened” networks, they will find the backdoor to fuck us like:

– Messing with your bank account: lots of illegal purchases and maybe stealing your money. Sure, banks themselves might keep that encryption, but nobody talked about that iPhone that is also used as an electronic wallet or that computer that you use to check your accounts online.

– Messing with your private information to blackmail you. No need to say much about this, do I? Emails have a lot of things in them and maybe they got what you need to make that guy do what you want, or look the other way…

– Kids. This is an important point and one that should be stretched: people tend to share pics of their family (or of sports events or whatever, like many schools do), pics that potentially, could be fap material for pedophiles if found out. You just now have put the kids of all the country in a silver platter, because now, most social networks would be ripe for them to farm pics.

– Important services: dams, traffic, electric networks… Sure, some might be hard to attack (I hope that you aren’t idiot enough to force shitty encryption on a dam, but you never know), but traffic might be not that secure (and you never know what you can do with the credentials taken from someone’s mobile phone or computer, like 1234 passwords…). Imagine what a terrorist might do if suddenly, he could control the traffic lights of an important city in a rush hour for just 10 seconds… the potential mess might leave Paris strikes as purely anecdotical.

Terrorism? No need to do that. Now they get cyberterrorism! And without having to spend a single penny.

I bet that Ali the Terrorist is already celebrating this with champagne. Even if he shouldn’t drink it.

wiserabbit says:

3 year olds

Silicon Valley and a whole heck of a lot of folks have already had the conversation with pretty much everyone in Washington. Just because the federal government is acting like a bunch of three-year-olds thinking that if they ask the same question a quadrillion, they’ll get a different answer doesn’t actually negate the fact that the conversation has already taken place.

If they’re going to act like three-year-olds, then let’s start treating them like three-year-olds. Ok, we’ll put back doors in every facet of the government’s systems. Period.

Or do they also believe that every time a three-year-old sticks a fork in a light socket, the entire population of the entire planet should get zapped?

Anonymous Coward says:

Re: 3 year olds

“acting like a bunch of three-year-olds thinking that if they ask the same question a quadrillion, they’ll get a different answer “

They’re not talking to the technically literate, by design.

Every Congress critter has to line up for airtime to remind their voters that they are:

1/ Doing Something Very Important and Serious

2/ Being Somebody Very Important and Serious

3/ On Top Of The Very Serious Issue

4/ On Top Of The Very Serious Crisis Of The Day-Century-Forever

5/ Not Let “Them” Get Away With Anything

6/ Awake

shanen (profile) says:

Re: Mathematically impossible?

Ha! You haven’t seen how well he gerrymandered his own district. Considering his own incompetence and stupidity, he must be some kind of idiot savant genius at rigging elections.

And you thought elections were about voters picking politicians, didn’t you? It’s the OTHER way around, with phools like McCaul picking their voters first!

Trails (profile) says:

Even if they pull it off

it won’t work.

Strong encryption is out of the bag, and short of major evolutions in quantum computing or solving the whole P vs NP thing, there’s no getting around it.

The oldies have (re)fallen into the trap of thinking technology comes from a place invented by a guy named “Head of Technology”. Technology is sometimes messy and organic in its evolution, it defies control.

Even if they get Apple and Google and Microsoft and, and, and to backdoor encryption, the motivated will use (and evolve) OSS crypto tools, and the motivated include the bad guys. Those “common folk” not skilled enough to leverage this will be left with their asses in the wind.

David says:

Let's kill the US tech industry.

That’s what this will do. Any ‘magic key’ encryption that’s developed in the US will ONLY be bought by US companies if they are required by law to buy it. No foreign company will purchase the products, since it would undermine their best interests, and will buy non-US products instead. Anyone coming into the country to do nefarious deeds will not use the US-only encryption.

The only purpose of this is to spy on American Citizens. Just like in the movie Sneakers.

Anonymous Coward says:

The legislation “would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground,” Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University.

Chairman McCaul continued “If the former refuse to compromise encryption, they will be shot in the head by the latter. A new group of techies and civil libertarians will then be brought in, shown the bodies, and given the same challenge. This will continue as long as necessary, and eventually all the smart people will be dead and and then someone’ll give us what we want.”

Anonymous Coward says:

It looks like it is time to clean house of all the incumbents and attempt to get candidates that actually understand the technology they are attempting to make laws about. All this FUD has warped any sign of commonsense out of Washington.

On one hand they scream about being hacked because their databases are open to be read and on the other hand scream about the one thing that could save them the indignity.

It’s time for some serious spring cleaning in the political houses as well as in government employment.

Brent Ashley (profile) says:

Process flow

Ok, so assuming they succeed and the govt has back-door keys for all SSL traffic, for instance. Now they have to not only do deep-packet-inspection, but decryption too. They now have the “clear” stream, but maybe the payload is wrapped with another level of end-to-end encryption. Even if that is also back-doored, it needs decrypting, only to find another layer, and another, and the final payload maybe contains steganography and other methods. Where does it stop? (hint: it doesn’t). Right, so they have determined that there is some random-looking data I have sent. What if I want to send a megabyte of random/entropy bytes to someone? Will I be branded a criminal?

Anonymous Coward says:

Re: Process flow

“What if I want to send a megabyte of random/entropy bytes to someone? Will I be branded a criminal?”

You have to ask?

Given sufficient malice (did I mean incompetence?) any string of random bytes can be carefully decoded, in the right light, on a day with a y in the name and a year with 4 digits, as a SyNNIshTARr!-!misPeldedumled!,.b)(ignore 31673 bytes because we say so)EtErrorrysTpLotke*!

Anonymous Anonymous Coward says:

Hard Work Ahead

Everybody has this wrong, wrong, wrong. It’s not about creating a backdoor, it’s about getting whom they call terrorists to THINK there is a backdoor so they won’t use encryption.

Now reasonable people already know that at least in the Paris attacks encryption was not used (at least none found yet and plenty of unencrypted leads available) but the money hasn’t been spent on creating an imaginary backdoor to fool them thar terrorists into believing that encryption is compromised and should not be used. If the money isn’t spent, then there is no possible way that any backdoor could be created, imaginary or not. If enough money is spent the backdoor created can be imagined to be bigger, better, faster, and more far reaching. If you are looking right at the backdoor and can’t see the backdoor, you just aren’t imagining hard enough, or haven’t been paid enough, whichever fits the current need.

I know, imagineering can be tough, which is why only Disney has succeeded at it so far, but with enough money, and little effort along with some group imagining from Congress, it can be accomplished. Think about it, back in the ’70’s Disney imagined a world where IP was meant to be purchased and repurchased and repurchased ad infinitum and here we are 40 or so short years later and they have almost achieved their goal. See, imagineering works.

So if there is a failure in achieving a backdoor it will be the fault of a lack of imagination, or a lack of faith that a backdoor can be imagined into reality, or not enough money spent in Silicon Valley to get them to drink the correct brand of cool-aid and imagine job accomplished.

Oh, and at the same time getting people to recognize only government approved terrorists which are the ones that exist because government says they do and not because government looked in a mirror. Imagine Up people!

Anonymous Coward says:

The problem with encryption that the good guys can use to stay private but the bad guys can’t isn’t the encryption, it’s that we can’t always tell the good guys from the bad guys. Once you take the good/bad part of that out then you just have encryption that can be broken by other people, which isn’t very useful.

Lawrence D’Oliveiro says:

“No one's demanding that law enforcement and gunmakers get together to create bullets that only hit bad people.”

But isn’t that the argument of the gun-lovers, that their bullets are only for use against bad people? You mean they tend to hurt good people far more than they hurt bad people?

I’m shocked—shocked, I tell you! Say it isn’t so!

Anonymous Coward says:

Re: “No one's demanding that law enforcement and gunmakers get together to create bullets that only hit bad people.”

“isn’t that the argument of the gun-lovers?”

NO, it is not the argument of our “gun loving” FOUNDING FATHER… you should already know that.
but if YOU want to renounce the constitutional right to shoot back at the government, you are free to do so.

Almost Anonymous (profile) says:

Compromise

He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. “We cannot stop what we cannot see,” he said in reference to recent attacks in San Bernardino, Calif., and Paris.

Let’s make a deal, Rep. Michael McCaul. Since we now know that none of the largely publicized terrorist attacks used encryption in any meaningful way, why don’t you stop what you fucking well CAN see before you start fighting shadows? When you’re able to stop terrorist attacks that don’t use encryption on a reliable basis, then we’ll revisit the subject of encryption, ok?

jilocasin (profile) says:

Rep. Michael McCaul is a genius...

Rep. Michael McCaul is a genius, all we need to do to accomplish the impossible is to bring together a disparate group of people into the same room. Just think of all the things that are now possible:

  • perpetual motion machines
  • limitless clean free energy
  • software without bugs
  • gravity that falls up
  • healthy junk food
  • painless way to reverse climate change
  • an end to poverty
  • and end to disease
  • eternal youthful life

It’s just a matter of finding the right group of people to put together in the same room.

Although I think even the good ‘ol McCaul would be unable to;

  • find an honest politician
shanen (profile) says:

McCaul is a worthless TOOL and a coward, too

I don’t actually want to claim to be brave, though I have done a few things that might have looked that way, and even come close to death a few times–but I shure (sic) know a yellow-belly coward when I sneeze at one, and I sneeze at McCaul, my very own fake representative to Congress. None of the comments nor the article mentioned gerrymandering, but that’s the ONLY way this worthless tool could have been elected to the House of so-called Representatives.

McCaul’s district was created for him in a massive gerrymandering about 12 years ago, but he is such a worthless piece of garbage that they had to repack it again a few years ago. He does NOT represent Austin, which is supposed to be the largest city in the country without a SINGLE actual Representative in the House. Neo-GOP partisan dictatorship at its worst.

(I should retract that statement, because whenever you say it’s the worst, they go farther. Most recently, my own vote was disenfranchised by the new voter ID system created to solve the fake and nonexistent problem of voter fraud. Disenfranchising large numbers of voters certainly WILL influence actual elections, while a few double voters never could. If there were many fake voters, then the odds of getting exposed and arrested would rise rapidly. NO such problem.)

Never heard McCaul say anything that wasn’t worthless or cowardly or both. He even contributed in his own typically minor way to my renunciation of my birthright Texian citizenship. I now regard myself as a stateless American.

Personanongrata says:

Defective Group Think on Capitol Hill

Why do people magically think that Silicon Valley can determine who’s good and who’s bad and set up technology so that only nice people can have their privacy protected?

Because these people are cretins and they believe in unicorns.

Maybe when Rep. Michael McCaul (R-Texas) is finished chasing unicorns he would be so good as to convene a ‘Commission’ To ‘Force’ the US government to obey the US Constitution?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...