Intelligence Director Says Gov't Can Demand Encryption Backdoors Without Having To Run It By The FISA Court
from the keeping-secrets-from-the-secret-court dept
A set of questions from Senator Ron Wyden — directed at the Office of the Director of National Intelligence — have finally received answers. The answers [PDF] were actually given to the Senate oversight committee in July but have just now been made public.
Zack Whittaker of ZDNet has taken a look at the answers the ODNI provided and found something that indicates the government can not only compel the creation of backdoors, but can do so without explicit approval from the FISA court.
The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR), but they were only made public this weekend.
The implication is that the government can use its legal authority to secretly ask a US-based company for technical assistance, such as building an encryption backdoor into a product, but can petition the Foreign Intelligence Surveillance Court (FISC) to compel the company if it refuses.
In its answers, the government said it has “not to date” needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.
The government would not say, however, if it’s ever asked a company to add an encryption backdoor.
The way this process works is the agency requesting the backdoor or other compelled assistance runs the request by the FISA court. This process does not ask the FISA court to approve the method used, nor does it provide the court with details on the assistance sought. All the FISC determines is whether or not compelled assistance is necessary.
The ODNI maintains it has never asked for compelled decryption or the installation of backdoors… at least not under this authority. If it has, there’d be little in the way of a paper trail to prove it. The FBI, as part of the Intelligence Community, appears to be more interested in securing the help of US courts — something that would prove far more useful in the long run, considering its domestic focus.
This information comes at a critical time. The surveillance wing of the government wants Section 702 (and related authorities) renewed at the end of this year — unaltered and with at least a half-decade before the next chance of reform. So far, its two Congressional oversight bodies have been compliant with the IC’s wishes. Serious reform efforts have been dumped by both House and Senate judiciary committees, leaving only those authored by longtime surveillance state cheerleaders in the running. With limited oversight and an easy way to route around FISA roadblocks, Section 702 reform is badly needed if we have any hope of the next decade being less filled with Fourth Amendment violations than the last one.
Filed Under: backdoors, compelled assistance, encryption, fisa court, fisc, odni, ron wyden
Comments on “Intelligence Director Says Gov't Can Demand Encryption Backdoors Without Having To Run It By The FISA Court”
This kills the proprietary software industry.
Re: Re:
Yeah, only the most clueless and naive would ever buy anything but open source under this rule — and the people who are clueless and naive tend to be so careless with security that back doors would not be needed.
Re: Re:
It kills freedom and privacy.
So basically we have to assume ALL US companies are compromised.
Re: Re:
assume? They already are.
What's really funny is how you kids worry over encryption...
while using SPYWARE OPERATING SYSTEMS that report everything you do, besides full of bugs, flaws, front, AND back doors…
KNOW that you’re tracked by Google everywhere on teh internets and it’s collated with your bank info…
and CELL PHONES KNOWN TAPPED and give your location!
It’s just this ONE form of official encryption — when a custom method can be practically invulnerable. EXPLAIN THAT.
Re: What's really funny is how you kids worry over encryption...
Decaf muh brotha… decaf. 🙂
Re: What's really funny is how you kids worry over encryption...
Solvang abuse is a terrible thing.
Re: Re: What's really funny is how you kids worry over encryption...
Solvent*
Re: What's really funny is how you kids worry over encryption...
The RIAA’s days of suing children are over. The best follow-up you can manage is the army of copyright trolls like Malibu Media who are getting increasingly scrutinized by judges.
Sucks to be you, don’t it?
The government can demand safe encryption that only “good little boys and girls,” can break, but it can also demand the squaring of the circle, breaking the Second Law of Thermodynamics, and ever so many more impossible feats.
But where are the banks and other financial houses? Are they going to put up with this?
Re: Re:
Exempt.
Re: Re:
Why not? The government’s had overt access to all their data for 15 years without objection.
Re: If good-guy-only encryption is possible
If backdoors are possible without impairing Jane/Joe Citizen’s security, then changing π to an even 3 should be a snap. Think of how easy schoolkids’ calculations will be when a circle’s circumference is simply three times the diameter!
Re: Re: If good-guy-only encryption is possible
Multiplying by three is too hard. Round it up to four, or down to two, please.
/s
Hitler would be proud!
Re: Re:
More like jealous.
Unfortunately, the Intelligence Director does not speak for the courts and he cannot overrule the courts either. LOLS
Re: "Oh we violated the law? Prove it."
Unfortunately that only matters if a real court finds out what they’re doing, and doesn’t fall all over itself the second the government utters the magic words ‘National Security’, and they don’t get their pets in FISC to write them up a classified ‘exception’.
If they so no comment, they mean yes. If the say no, they mean yes, but you’re in trouble if you dig any deeper. If they say yes, they mean Oh HELL YES!!
Re: ??
^^ “In its answers, the government said it has “not to date” needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.”
… a very vague response to Wyden’s formal request for clarification. And not enough substance to draw any objective “implication” whatsoever
Apparently only the soothsayers at ZDNET could divine any meaning in this “clarification”. Wyden is silent about it — perhaps he will send Coats another “strong” letter next summer. Coats -10 Wyden – 0
Well...
The way it’s phrased, I’m not sure there’s a problem on the legal question. The US government can <i>ask</i> any US company for any technical assistance it wants at any time for any reason. The problem is that the government seems to be kidding itself that this constitutes some kind of <i>demand</i> with force behind it.
The US government can also petition a court to compel some kind of activity for any reason it has good reason to believe might be legal. The problem is that FISA works mostly in secret, so the public has no oversight or any chance to intervene.
RE: Now it would be a good time...
For all tech/SW companies to start posting those little canary disclaimers on front pages of their sites.
If they do not do it – we have to assume the worst…
Sense of Entitlement
The envelope has been pushed so far that at this time:
1. Law enforcement feels entitled to have preemtive spying capabilities.
2. They feel entitled to steal from you.
3. They are free to murder you and kill your pets.
I have cats who’ve become complacent. They are sitting in the driveway when I get home from work (feeding time). I have to get out of the car and shoo them away. I want to get a super soaker to break them of that habit but I’m afraid that the police will drive by one day and shoot me.
Won't work with open source
I frequently use OpenSSL. Putting a back door in it renders it useless. Since it is open source everyone will know how to access the back door.
FISA court, spying, etc
We are either a CONSTITUTIONAL REPUBLIC, or we have no government at all.
Those that SERVE WITHIN our federal government get their authority from either the branch that they serve within, or from a named office within a branch. NO person, no group, no agency, no entity, etc has any authority on their own. Basically, the US Constitution and each state’s Constitution is our government and the people who serve within them – elected, hired, contracted, etc – are ALLOWED to use the authority of the branch or named office within a branch while serving IF they do the duties as assigned (in writing), take and KEEP the Oath.
The US Constitution IS the supreme Law of this nation and requires that all legislation be created in Pursuance thereof it in order to be Lawfully binding on the people. It is also the supreme Contract for ALL who serve within our governments – state and federal.
Those that serve within our governments LAWFULLY have no authority other then that delegated in writing to the branch or to the named-Office-within a branch that they serve within.
Dr. Edwin Vieira, Jr: “This has nothing to do with personalities or subjective ideas. It’s a matter of what the Constitution provides… The government of the United States has never violated anyone’s constitutional rights… The government of the United States will never violate anyone constitutional rights, because it cannot violate anyone’s constitutional rights. The reason for that is: The government of the United States is that set of actions by public officials that are consistent with the Constitution. Outside of its constitutional powers, the government of the United States has no legitimacy. It has no authority; and, it really even has no existence. It is what lawyers call a legal fiction.
… the famous case Norton v. Shelby County… The Court said: “An unconstitutional act is not a law; it confers no rights; it imposes no duties. It is, in legal contemplation, as inoperative as though it had never been passed.” And that applies to any (and all) governmental action outside of the Constitution…” (end quote)
Archibald Maclaine, North Carolina’s ratifying convention: “If Congress should make a law beyond the powers and the spirit of the Constitution, should we not say to Congress, ‘You have no authority to make this law. There are limits beyond which you cannot go. You cannot exceed the power prescribed by the Constitution. You are amenable to us for your conduct. This act is unconstitutional. We will disregard it, and punish you for the attempt.’”
“A constitution is designated as a supreme enactment, a fundamental act of legislation by the people of the state. A constitution is legislation direct from the people acting in their sovereign capacity, while a statute is legislation from their representatives, subject to limitations prescribed by the superior authority.” Ellingham v. Dye, 231 U. S. 250.
“The basic purpose of a written constitution has a two-fold aspect, first securing [not granting] to the people of certain unchangeable rights and remedies, and second, the curtailment of unrestricted governmental activity within certain defined spheres.” Du Pont v. Du Pont, 85 A 724.
“The constitution of a state is stable and permanent, not to be worked upon the temper of the times, not to rise and fall with the tide of events. Notwithstanding the competition of opposing interests, and the violence of contending parties, it remains firm and immoveable, as a mountain amidst the strife and storms, or a rock in the ocean amidst the raging of the waves.” Vanhorne v. Dorrance, supra.
James Madison: “Government is instituted to protect property of every sort; as well that which lies in the various rights of individuals, as that which the term particularly expresses. This being the end of government, that alone is a just government, which impartially secures to every man, whatever is his own.”
Justice William O. Douglas, dissenting opinion, Colten v. Kentucky, 407 U.S. 104 (1972): “Since when have we Americans been expected to bow submissively to authority and speak with awe and reverence to those who represent us? The constitutional theory is that we the people are the sovereigns, the state and federal officials only our agents. We who have the final word can speak softly or angrily. We can seek to challenge and annoy, as we need not stay docile and quiet.”
IME is a fully fledged completely functioning back-door. WAKE UP.
"If it has, there’d be little in the way of a paper trail to prove it."
No need. The Intel Management Engine is a fully fledged completely functioning back-door with a completely awful cover story – yet you still remain unwilling to see it for what it is. Why is that, Tim? Wake up and smell the obvious (its much much better than epoxying wool over your own eyes).
Again, Question 12 is not answered – not at all. The answer is only obfuscated as per the norm with these utterly lawless individuals. Asked was if there is a REQUIREMENT that a citizen must FIRST BE SUSPECTED OF WRONGDOING PRIOR TO AN INQUIRY OCCURING. The only answer given was that the inquiry must be formulated to provide FII, or evidence of criminal activity (if used by the FBI). Note, it does not, under any circumstances, establish if BEING SUSPECTED OF WRONGDOING is required prior to making the inquiry (regardless of how crafted). In other words, the answer, as is, permits for wholesale fishing in two areas: (1) FII, and (2) evidence of criminal activity. The ODNI then subsequently tries to imply that said fishing expedition is “somehow” deemed to be in harmony (definition of “comport”) with the 4th amendment, and the FISA, according to the FISC… an obvious falsehood.
Well, Mr. Wyden, if you’re reading this (and let’s face it, you read TechDirt) it’s up to YOU to demand clarification of questions 12’s answer. Will you seek it?
Should have asked yes or no questions and hit the airhorn everytime the answer was anything but a yes or no. Said airhorn under their seats for propper impact.
Have armed marines standing behind each of the chairs to encourage not walking out early during the questioning.
I wonder how many would go deaf or have a potty emergency during the process?
> In its answers, the government said it has “not to date” needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.
Because most of the companies in Silicon Valley and the wider “tech” industry are willing participants.
Does all of this spying accomplish anything?
This seems like blatant-enforcement-of-the-status-quo territory, since they can’t track terrorists who whose SMS unencrypted, but are happy to freak out over teens sexting each other and rob people with too much money trying to fulfill their American dreams.
I wonder if all these hacks of government agencies are being done with government-mandated backdoors (at least when they’re not being done with government-withheld day-zero vulnerabilities.)