US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption

from the bangs-head-on-desk dept

Is it really that hard to expect officials representing law enforcement to understand basic concepts? Earlier this week, University of Michigan hosted a debate on the whole “going dark/encryption” fight with the EFF’s Nate Cardozo (disclaimer: he has represented us on certain legal issues) and US Attorney for the Eastern District of Michigan Barbara McQuade. While the event was filmed and livestreamed, as I type this, they don’t appear to have posted a recorded version. However, it appears that Cardozo (not surprisingly) raised a key point that has been raised many times before: a US law against allowing unbroken encryption would have little impact on bad people using encryption, since there are many open source and non-US encryption products worldwide. But McQuade had a response to that… and it was kind of insane:

If you can’t read that, she said: “I think it would be reasonable to ban the import of open-source encryption software.” This is idiotic on any number of levels, and that an actual representative of law enforcement would make such a claim is immensely troubling and raises serious questions about the competency of the US Attorney’s Office in Eastern Michigan.

First off, the Open Technology Institute released a paper late last year showing that there was a ton of both open source and foreign encryption products that weren’t subject to US regulations. Another paper, released earlier this year by the Berkman Center and written by Bruce Schneier (along with Kathleen Seidel and Saranya Vijayakumar), found that there were 865 encryption products from 55 different countries on the market when they wrote the paper (it could be more by now), with 546 of those from outside the US. In other words, there are a lot of these kinds of products. So, at the very least, they’d be used by people outside of the US.

But, more to the point, a ban on importing them? We already had that legal fight, though back then it was on the question of exporting encryption. In Bernstein v. the US Department of Justice, the government sought to block Daniel Bernstein from publishing his algorithm for his Snuffle encryption system, saying it violated export laws related to exporting weapons. Eventually, the 9th Circuit ruled that software source code was speech protected by the First Amendment and any regulations preventing publication would be unconstitutional.

So, for McQuade’s “simple” solution to take hold, we’d have to first ignore the First Amendment and a ruling directly on point to the issue she thinks is an easy solution. To be clear, the court’s ruling stated:

In light of these considerations, we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine. ? If the government required that mathematicians obtain a prepublication license prior to publishing material that included mathematical equations, we have no doubt that such a regime would be subject to scrutiny as a prior restraint. ? The availability of alternate means of expression, moreover, does not diminish the censorial power of such a restraint-that Adam Smith wrote Wealth of Nations without resorting to equations or graphs surely would not justify governmental prepublication review of economics literature that contain these modes of expression.

While it’s true this technically only applies in the 9th Circuit (and McQuade’s district is outside of that circuit), it’s not like there’s a competing ruling in another district and the ruling here would be a difficult one to overcome.

Second, even if she could get past it, it would be pointless and useless. At least in the Bernstein case, the argument would be to try to block an American citizen from publishing the content — an “export” ban. An “import” ban would be an order of magnitude more futile, because anyone outside the US publishing such open source code would not be covered by US regulations, so they couldn’t be blocked from doing anything by a US court. So then any “import” ban would come down to someone being forced to magically comb the entire global internet and make sure no one from the US could ever see or find that code — which, of course, would bring us right back to questions of prior restraint and the First Amendment.

There may be reasonable arguments to be made about encryption and its impact on law enforcement, but if the argument includes such inane ideas as banning the import of strong encryption, it’s difficult to take the speaker seriously, or to conclude that they have any useful or competent knowledge on the subject at all.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption”

Subscribe: RSS Leave a comment
82 Comments
Median Wilfred says:

Re: if this goes anywhere...

That surge might happen, but it won’t happen in the USA. The Feds will start “certifying” all programmers, and licensing all programming shops, which will be all -Windows or all-Mac, because no Open Source! As soon as Law “Enforcement” figures out that they’ve driven cryptography into steganographic GIFs, they’ll start banning image files that aren’t of an appropriate type, and they’ll have Imgur and YouTube run some kind of ContentId thing that monitors for possible stego in the images or videos.

This is all part of the “Logic of Surveillance”

Jeremy Lyman (profile) says:

Re: Re:

Certainly if the brightest minds in Silicon Valley just focus their magic abilities we can rid this fair land from the scourge of pi.

Brilliant! We could solve all kinds of problems just by banning them.
Chinese air pollution? Banned.
Rising sea-level? Banned.
Poor folks? Banned.
Illegal Drugs? Double banned!
Morons in positions of authority? Whoops, never-mind that one.

Anonymous Coward says:

US Attorney Barbara L. McQuade

Meet the U.S. Attorney:   Barbara L. McQuade, U.S. Attorney

Barbara L. McQuade is the U.S. Attorney for the Eastern District of Michigan. She was appointed by President Barack Obama. . . .

McQuade serves on the Attorney General’s Advisory Committee, and serves as co-chair of the Terrorism and National Security Subcommittee. She also serves on subcommittees addressing civil rights and border security. . . .

(Via Wikipedia.)

Anonymous Coward says:

Playing Devil's Advocate by channeling John Yoo...

While a ban on exportation of software code would be a violation of the first amendment, a ban on the importation of software would not unless it happened to be written by a US citizen abroad since first amendment rights only apply to citizens and others within this country.

Anonymous Coward says:

Re: Playing Devil's Advocate by channeling John Yoo...

Stanley v Georgia (1969)

It is now well established that the Constitution protects the right to receive information and ideas. “This freedom [of speech and press] . . . necessarily protects the right to receive . . . .” This right to receive information and ideas, regardless of their social worth is fundamental to our free society.

(Citations omitted.)

Expanding the quote-in-blockquote above which contains ellipses—

Martin v City of Struthers (1943)

The right of freedom of speech and press has broad scope. The authors of the First Amendment knew that novel and unconventional ideas might disturb the complacent, but they chose to encourage a freedom which they believed essential if vigorous enlightenment was ever to triumph over slothful ignorance. and necessarily protects the right to receive it.

(Footnote and citation omitted.)

Anonymous Coward says:

Re: Re: Playing Devil's Advocate by channeling John Yoo...

VA Pharmacy Board v VA Consumer Council (1976)

Freedom of speech presupposes a willing speaker. But where a speaker exists, as is the case here, the protection afforded is to the communication, to its source and to its recipients both. This is clear from the decided cases. In Lamont v. Postmaster General (1965), the Court upheld the First Amendment rights of citizens to receive political publications sent from abroad. More recently, in Kleindienst v. Mandel (1972), we acknowledged that this Court has referred to a First Amendment right to “receive information and ideas,” and that freedom of speech “ ‘necessarily protects the right to receive.’ ”

(Footnote and pincites omitted)

Groaker (profile) says:

Why do so many attorneys and politicians believe that they know more about every intellectual discipline than people who specialize in those fields? There are about a million attorneys in the US — they can’t all be polymaths.

I watched this ego transformation in my sister who obtained a JD at Yale in her mid 30’s — presumably old enough to have a relatively stable personality. I also saw it occur in individuals who went straight to law school after their BA.

jubjub (profile) says:

Re: Re:

Nathan F is completely on point. It isn’t about legislating math-it is about making possession of that math in certain forms illegal. Those in power are painting encryption with a similar brush to nuclear technology. For instance the physics of nuclear technology is just math but that doesn’t make it ok to post detailed equations on how to make it work in any detailed way. And I think most of us are fine with that.

Here is how I see it could play out.

1) Make any encryption w/o a backdoor for LE illegal.
2) Have Apple/Google/MS/Etc… refuse to sign any applications that contain illegal content (which is in place today).
3) Make creation/possession of non-compliant encryption tools a crime.
4) Next step would be work closely between companies and govt. to monitor for devices out of compliance (jailbreak phones are now really incriminating). Jailbreak a phone, get put on the no-fly list.

The part that slays me about this debate is our lead in technology and the jobs/GDP it creates is staggering and right where we need to be to have a successful century as a nation. For anyone to be saying that we need to gut that business by backdooring everything for all international sales is just short sighted as hell.

The reality is the meta-data plus zero day exploits should be plenty for LE in the foreseeable future to find and convict evil-doers.

Anonymous Coward says:

Re: Re: Re:

the physics of nuclear technology is just math but that doesn’t make it ok to post detailed equations on how to make it work

O RLY?

Wikipedia background on United States of America v. Progressive, Inc., Erwin Knoll, Samuel Day, Jr., and Howard Morland (W.D. Wis. 1979)

Legacy

 . . . From a legal standpoint, the case “proved to be a victory for no one”, due to the indecisive nature of its conclusion. Yet it remains a celebrated case nonetheless. In 2004, the 25th anniversary of the decision was commemorated with an academic conference at the Benjamin N. Cardozo School of Law, attended by many of the participants, at which papers were presented. Law students still study the case, which “could have been a law school hypothetical designed to test the limits of the presumption of unconstitutionality attached to prior restraints.”

(Footnotes omitted.)

David Svarrer (profile) says:

Re: Re: Re:2 Googling the physics of nuclear technology will get you put onto a watch list

Dear Sigalrm,

The problem studying nuclear technology is not so much the watch list, but the problem that someone who may be interested in making bombs could be studying what you study.

As someone else wrote, everything needed is on the internet. Besides which, it is not very interesting to study how to make nuclear bombs. It is MUCH more interesting to study, how we, by changes in the way we humans deal with each other, can change the world such that it does not need nuclear bombs.

A nuclear bomb basically has very few problems to solve, and anyone can find all those on the internet too.

However, making a nuclear bomb will not assist solving any of mankind’s problems, which basically are of the nature of reducing our greed, and selfishness.

Those who made nuclear weapon and the few who used them, have not solved any problems with those bombs…

We have so many warheads, world wide, so we can blast the entire globe into an inferno of fire.

Besides which, I would never think that anyone are so petty (or stupid), that they cannot see / look right through what you are doing in very few days..

Some of the problems making a nuclear bomb are not related to the architecture, but to the fact that one needs some very pure Uranium 235 or 238.

The very handling of this Uranium is very very difficult….

What is your take?

Anonymous Coward says:

Re: Re: Re:3 Googling the physics of nuclear technology will get you put onto a watch list

We have so many warheads, world wide, so we can blast the entire globe into an inferno of fire.

And the only effect on global sea-level change will be to reduce the sea-level in the consequential nuclear winter.

Hey that’s an idea, let’s detonate the entire worldwide nuclear arsenal and permanently solve the sea-level rise problem.

Anonymous Coward says:

Actually, an import ban wouldn't be *that* difficult to enforce.

All you would need to do is sever all communications with the rest of the world, prevent anyone from entering or leaving the US (or at least, entering – if they want to leave they obviously don’t deserve to return) and cease all trade of any kind. It wouldn’t only prevent the import of encryption software, it would also go a long way to shutting Bernie up… And just think of the fugitives who would no longer be able to evade justice (well, the law or what passes for it in enforcement and prosecution minds…). A law and order utopia!

David says:

Re: Actually, an import ban wouldn't be *that* difficult to enforce.

See, I saw this highlighted posting and basically that’s what I wanted to say:

It’s enough. I find I agree with Trump here: secure all borders, don’t let the lunatics out, and route the Internet around the U.S. so that the NSA can use their facilities on the U.S. to their heart’s content.

This country had a good run with regard to liberty and decency, but if one wants to preserve the memory of that, one will do better never to hear from it again.

ssorrrell says:

What If Encryption Does Equal Weapons

The government has equated encryption to weapons. Doesn’t that bring the 2nd Amendment into play for American citizens? Under this line of reason, which the Feds have been following for years, the 2nd Amendment might read, “..right of the people to keep and bear Encryption, shall not be infringed”

Anonymous Coward says:

Re: What If Encryption Does Equal Weapons

2nd amendment is dead and has been for some time now. Only the people with money can afford to challenge the system enough to keep their weapons.

Police can arrest you for anything and fuck your life over and you do not even need to go to court or be convicted by judge or jury for that to happen.

Anonymous Coward says:

Re: Re: What If Encryption Does Equal Weapons

Thankfully a fair share of people that support the second amendment are willing to die standing up for their rights.

I personally believe as long as there is a second amendment the 3rd world police state those in charge seem to desire for America’s future will not come to pass.

Anonymous Coward says:

Re: Hmm.

If they can’t decrypt it, it’s illegal.

But that raises a really good point. If you can’t import encryption, how are people in the US supposed to read the encrypted files sent to them by non-USians?

Linux distributions use GPG (currently maintained in Europe) to manage and validate packages. This means that if importing was banned, any Linux distro based on Debian (such as Ubuntu) and even RedHat (CentOS) would effectively be banned in the US.

Anonymous Coward says:

Re: Re: Hmm.

“If you can’t import encryption, how are people in the US supposed to read the encrypted files sent to them by non-USians?”

Simples. Ms McQuade thinks open-source software is the problem. Import closed-source software and everything will be fine.

ps If you want to receive anything from non-USians, you are automatically suspect and watchlists exist just for such un-American traitors. So there’s that.

David Svarrer (profile) says:

Re: Hmm. Cats napping or "engrypted griminal dingz"

Yes, you really have a point. And do you remember this “paradogma” which has almost become a mantra amongst cryptographers, “that your encryption algorithm is not really strong if it cannot be published and still stand against attacks”

The place where I stand is very simple: If I can produce a ciphertext which can be read in the other intended end, then whether or not the algorithm is in public or not, it works.

If I was a codebreaker, and I received a picture of a beautiful meadow, and the lowest bit of every 30th blue colour code was a bit of a message, and the message was on top of that encrypted with a non published, hard encryption, leaving a stronger randomness of the cipher code than even Fips-140 ii, ha ha ha ha, I would know that there is nothing I could do.

Besides which, I would need to even know, that the picture has been steganografed… There are means for finding out, however, if the message is short, and the picture is big, then surely, even detecting that the picture is steganographed is not only uphill, its impossible.

What worse is, if bits are straddled / striped, it may be possible to detect that its steganographed, but now the worst part is, that it is not possible, reversely, to detect if an 8 bit shade, 0xf4 of blue is actually part of the cipher or not part of the cipher.

Thereby, gentlemen and ladies, I have by use of one, single example, proven, that the fear of NSA, FBI, CIA that they may come across (lots of) encryption which they can not break is true.

Furthermore, if these same good agencies want to still be funded, they need then to realize that fact.

Further, they would need to use same methods themselves, which brings them at par with the criminals where communication is concerned.

Furthermore, these good agencies, will then devise new (or old) methods to intercept the criminal communication. And they would – as it was in the old days – need permission, and never seek it – and do their job, and the universe would now be able to continue unfolding as universes are supposed to unfold.

And in that reality scenario, no, one would not know if an encrypted file would contain cats napping, or cats napping plus plus 🙂

My 1 Dollar (decrypted)

ECA (profile) says:

Turning the USA into a global market

Can someone ask..
When did these folks get out of there Gold and Glass houses..LAST..
Were these folks all born and raised, and STILL living in the Florida everglades??
Can someone ask these folks to come DOWN off their HIGH mountain, and learn the language??
Please open the WINDOWS and get some fresh air into their heads…That helium is getting abit THICK..

Encryption/data compression is in Every Facet, of our lives.. From your CD/DVD/BR to Phones, data communications, Drones, DRM, computer programs, Car computers….
This is like having a police force that only speaks Turkish, and everyone has to change How they speak, because they cant understand it..we need SMARTER COPS..

Anonymous Coward says:

Encryption for some, miniature American flags for others.

We already have a sitting President and current Presidential candidates casting the encryption issue as “selfish privacy supporters”* vs. “true patriots.” Why expect more wisdom or education from those in lesser offices, regardless of the branch of government? As far down the food chain as McQuade is, be thankful she doesn’t want to outlaw electricity and promote leechcraft.

* Those whose antisocial, individual and greedy corporate choices impede policing of drug-crime, pedophilia, terrorism, serial murder, etc.

Anonymous Coward says:

“If you can’t read that, she said: “I think it would be reasonable to ban the import of open-source encryption software.””

Well in that case every country in the world should ban the import of all US open-source encryption software on the basis that the software could have a (hidden) backdoor in it that was put in place by the likes of the FBI/NSA or other US agency that does spying!

David Svarrer (profile) says:

Banning Open Source Encryption, haaaaaa ha ha ha ha

I am having almost cramps in my stomach about the candidates to the Einstein prize.

BANNING OPEN SOURCE ENCRYPTION.

Haaaaa ha ha ha ha ha ah ha ha aaaaaahhh.

First of all – ha ha – you have to find out if the ban should deal with IMPORT or EXPORT of open source.

EITHER of these options would mean that the believers in this, believes that the OPEN SOURCE ENCRYPTION is located EITHER on the INSIDE of the USA or on the OUTSIDE of the USA.

Also, depending on where it is, one want encryption banned, one must also assume that there are nobody on the “affected” side with the desired “deficiency” of encryption, who has the brain to encrypt.

Oh haaaaaa ha ha ha ha ha ha…

LONG was Professor Oommens face (from Canada), when he had created the worlds best encryption algorithm, and he spent thousands of dollars getting export permission for it, ha ha ha ha, then I pointed out, that he had de facto (ipso facto even) exported it.

Oommen felt very offended, and even pushed his stupid lawyer on me, who threatened me with law-suits etc., for insulting him. (There went that friendship)…

However, he exported it, as he had patented it. 21 months after patenting – it is being published. So, the world had it, via his patent registration. VOILA.

And, Anonymous Coward, I think we would add to the list of what should be banned, to make it even longer than what the Taliban’s banned to make ban of open source encryption workable.

(Are they called Taliban, because of that they have banned Tali – and does Tali mean: “The whole world” ??)

Even before computers, we had such advanced encryption algorithms, so that these were practically unbreakable.

Even the Caesar Cipher was a pretty good transposition cipher, …

OOOpppps. We forgot – we would also ban mathematics in schools, and ban political learning. Ban the idea that something is right or wrong. (We are slowly descending to Maoist China in the 1920’s)…

And if now someone by mistake should begin to utter words which could direct someone to think that we need something which can disguise communication, then decapitate them…

We have now joined Stalin Russia …

Finally we need to have a thought police, which can do early identification of wrong thoughts and deviating thinking, and eliminate those. This is now a mix of George Orwells 1984, Stasi and a communist implementation we saw in the 1970’s in Denmark, called “Tvind Skolen” – the school named Tvind.

Hilarious. Simly Hilarious. Not that I don’t like Hilary or want him involved…

Today I have laughed 🙂

My 1 Dollar

afn29129 (profile) says:

Still imcomplete....

This doesn’t cover software that has already been imported (or sourced domestically). It’s way way way too late to stuff this genie back into it’s bottle.

Actually whole-disc encryption has been readily available for about 22 years now (that’s Windows 3.0 era).

SFS (Secure File System) for Win 3.0,3.1 3.11wfw, and DOS. Written in New Zealand.

Anonymous Coward says:

All this tells me is they believe they already have a way into open source encryption. By limiting it to the US (as is their thought) they still get to see it all.

While you can argue that open source is the ability to examine the code, how many of you can actually do that yourself without depending on someone else’s expert opinion? Even here can you guarantee the compiler engine has not been already broken or some backdoor method put in it to take a look? Not to mention the problem that was exposed with the random number generator being anything but random thanks to the NSA, it’s money, and influence.

John Fenderson (profile) says:

Re: Re:

“how many of you can actually do that yourself without depending on someone else’s expert opinion?”

I do.

But crypto is a bit unique in that you can look at compromised crypto code all day long and not be able to see the compromise. Back doors are rarely explicitly coded, but usually take the form of a slight weakness introduced into the computations to make later cracking easier.

Those computations are arcane and VERY easy to get wrong without noticing. Especially by people who are not experts in the mathematics of cryptography.

joat says:

In other news...

The DOJ has decided to ban all languages except English since most officers of the law only understands English. This also means that if you speak a second language and try to travel to the US you will be denied entrance (editor note: if you want to travel the US and gain entry just don’t tick the box that you are bi- or multilingual on the customs entrance form).

Mr. Sean Thomas Upid Esq. of the DOJ explained that this will make the American people safe and the US great again since this will stop all terrorists entering the country.

Mr. Trump welcomed the news and commented that all the murderers and rapist wouldn’t be able to cross the border either now so there wouldn’t be a need for a wall any longer.

web invader says:

encrypion

ssad thing they call encryption dark stuff for olice feds goverments sad thing now trying catch up warn veybody bad things about big ECR thing but used in banks stuff ans other take granted sad thing fed should get ahead and stat understanding encrytion or fight going messy bloody thing what code is used like driving a car and do you think spies and drug runners and terriorst will not use next thing fight and defeat next thing u need understand it to fight it use it for good

Feldie47 (profile) says:

Just like the old days

This is just like the old days when they banned Fannie Hill and Henry Miller’s works. Every kid managed to somehow get a copy and trade it. That was 60 years ago. No internet, no globalization, just pure motivation.

Don’t these people ever realize that censorship – of anything – just never works. It just makes people more curious than ever.

People who don’t give encryption a second thought will then give it a third and a fourth. They’ll probably use it for the thrill.

Xpectant Mommies little monster says:

There is only one endgame

Total servaillance all the time, monitoring of your email, SMS, Calls, Web, All cameras.. because if not there is going to be another 9/11 I don’t understand why no one understands this , If I cannot see you masterbate, people funded by the US government, trained by the US government, living with Agents of the US govenment would will be able to kill 3000 people.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...