White House Urges Companies To Protect Data From Russian Hacks With Encryption; While Congress Looks To Effectively Outlaw Encryption

from the protect-yourself-against-congress dept

Earlier this week, the Biden administration urged companies to protect against potential cyberattacks from Russia, which seems like pretty good advice:

The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed.  There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.

The announcement lists a variety of ways in which companies should defend themselves against such cyberattacks including things like making use of multi-factor authentication and backing up your data. But then there’s this very wise suggestion:

Encrypt your data so it cannot be used if it is stolen;

And, this is a good idea, and it’s great that the White House is urging others to follow it. However, it does seem worth noting that this is happening at the exact same time that Congress is still considering the EARN IT Act, which is a clear attack on encryption. And while supporters of the bill like to pretend that the EARN IT Act is not attacking encryption, the bill’s main sponsor, Senator Richard Blumenthal directly admitted to a Washington Post reporter that of course the point of the bill was to attack encryption and to make sure companies couldn’t “hide” behind it.

All this does is highlight one of the many ways in which the EARN IT Act is so dangerous and so problematic. At a time when encrypting our data is more important than ever, as even the White House acknowledges, the idea that Congress is moving forward with plans that will deliberately weaken the ability of companies to offer encrypted services seems not just preposterously short-sighted, but downright dangerous.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “White House Urges Companies To Protect Data From Russian Hacks With Encryption; While Congress Looks To Effectively Outlaw Encryption”

Subscribe: RSS Leave a comment
ECA says:

To wonder

But, but.
Hacking has many ways and means, including Backdoors into the OS. A Name/password + verification may help most. But Data?
What data do they want, that isnt already out there?
They could just Ddos attack the major servers, at the interlinks that connects Each system to the next.
Just go after the Main Hub that the ISP/Tier 1, system is at.

This comment has been deemed insightful by the community.
Jordan says:


Couldn’t encryption be seen as a type of protected speech? if you speak to a friend in a language the police don’t understand while being listened in on, are you committing a crime? No. If I send a letter to a friend in a code I created and don’t provide the government a code, am I breaking the law?

Can the government mandate I provide a backdoor to private communication be inferred as compelled speech?

ke9tv (profile) says:

Re: Protected speech? Maybe.

Bernstein v United States is close to being on point, but the case wasn’t actually resolved because the government loosened the regulations right before it would have lost. That keeps the case from being binding precedent, so the Government succeeded in its mission to punish those who have the temerity to speak freely with ruinous legal costs. By the time the case wound down, four judges had already ruled that prohibiting the export of encryption was an infringement upon the freedom of speech.

Apple cited Bernstein in its refusal to hack the iPhone belonging to the San Bernardino shooter. Once again, the Government delayed the case until the key question was moot. Once again, the Government was going eventually to lose – every judge who reviewed it said that the order to decrypt the phone was indeed compelled speech.

I don’t think it’s actually possible to answer such a question in the US court system. The government effectively has the ability to prolong a case beyond a single human lifetime. Justice moves so slowly that if nothing else resolves a case, it will simply end with the natural death of a litigant.

That One Guy (profile) says:

Simple solution, the companies just need to Nerd Harder(tm) so that only Good Guys have on-demand/whim access and Bad Guys are stopped cold by encryption.

Just ask any of those gunning for encryption, they’ll be happy to tell you that if the tech companies just tried harder they’d be able to easily create Good Guy Only encryption and it’s only their laziness that keeps them from doing so.

Anonymous Coward says:


The tech companies can use their own encryption on there own servers, as they can decrypt that data at a drop of a warrant or subpoena. What the security services hate is personal decryption, as they cannot serve a warrant without warning the target of their interest, as they cannot get the decrypted data from big tech, but only from the target.

Anonymous Coward says:

Encryption comes in different flavors. Encryption for transmission is different from encryption for storage. Encrypting your own data is different from encrypting data for third parties, and different from handling data encrypted BY third parties. And a lot of discussion of encryption just sorta lumps all of that into one category.

The White House recommendation mostly lumps it all under one heading, but is (probably) thinking only of the storage encryption.

EARN IT attacks one category (currently) – data handled for third parties.

So… hypocritical, yes. Perverse (in the sense of being in direct opposition), not so much.

jojo_36 (profile) says:


Yeah, I guess. But it also (potentially and [un]intentionally) affects these:
-The legal fabric of the Internet
– Minorities who use the internet (I.e. LGBTQ, etc.)
-First and Fourth Amendment Protections
-Making it harder to catch actual CP offenders
-the relation between websites, states, and the national level.
-E2E Encryption
-And of course, blowing a hole into Section 230 just because it’s easier to find scapegoats than it is to solve complex problems.

But yeah, just data for third-party. Let’s go with that.

Anonymous Coward says:

Your naive if you think the nsa can’t acess txt messages, browsing data and non encrypted messages. Us Companys are constantly being hacked users banks financial services government agency’s need to use encryption to protect users and the users customers data and privacy this is especially important when so many workers work from home and have acess to company servers to do work
There’s 100s of government agency’s they do not all have one voice or opinions on data security and privacy its obvious some Politicans have always wanted to outlaw encryption for the public or for services and apps used by the public even if it puts the public security and privacy at risk

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...