Will DNC Email Hacking Make Legislators More Friendly To Encryption?
from the Betteridge-says... dept
Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?
Some prominent Democrats have demonized end-to-end encryption, the kind that might have helped lesson the impact of this hack by making emails look like gibberish to anyone without a key. It’s only readable when a person on one end of the communication opens the email, excluding the company storing the exchange, a hacker, and law enforcement.
Senator Dianne Feinstein (D-Calif.) has led the charge on a bill that would make end-to-end encryption illegal, requiring companies be able to decrypt data if served with a court order. Hillary Clinton herself has pushed for breakable encryption, claiming that, “Otherwise, law enforcement is blind—blind before, blind during, and, unfortunately, in many instances, blind after.”
Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained. It wouldn’t have prevented any content from being accessed, but would have greatly mitigated the damage.
Unfortunately, there’s a very good chance the wrong lessons will be learned from this experience.
While it would seem obvious that the best way forward would be to encourage the use of strong encryption for everyone, it’s far more likely legislators and presidential candidates will continue to try to carve holes for law enforcement access and expand government powers to “hack back” or perform preemptive attacks. The proposed Rule 41 changes will likely slide on through at the end of this year, allowing the FBI to break into computers all over the world.
Another solution suggested by Hill is to move government communications to private platforms like Gmail where end-to-end encryption can be implemented and, more importantly, handled by professionals rather than, say, a bunch of lawyers with access to the spare bedroom.
Government officials may be wary of allowing private companies to handle (and store) government communications, but the public should be just as wary of any government agency that makes a private company its official communications platform. Private platforms used for public business tend to create lots of unnecessary FOIA litigation. Without legislation in place, or additional stipulations added to contracts with private entities, government agencies will not only be able to keep malicious hackers at bay, but also pesky members of the public demanding access to officials’ communications.
The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives. The sort of hybrid approach to legislating we see far too often — whether it’s in response to Congressional insider trading or the numerous buffers placed between law enforcement officers and any form of accountability.