Burr And Feinstein Release Their Anti-Encryption Bill... And It's More Ridiculous Than Expected

from the are-they-serious? dept

They've been threatening this for months now, but Senators Richard Burr and Dianne Feinstein have finally released a "discussion draft" of their legislation to require backdoors in any encryption... and it's even more ridiculous than originally expected. Yesterday, we noted that the White House had decided to neither endorse nor oppose the bill, raising at least some questions about whether or not it would actually be released. Previously, Feinstein had said she was waiting for the White House's approval -- but apparently she and Burr decided that a lack of opposition was enough.

The basics of the bill are exactly what you'd expect. It says that any "device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data" must respond to legal orders demanding access to said information. First off, this actually covers a hell of a lot more than was originally expected. By my reading, anyone providing PGP email is breaking the law -- because it's not just about device encryption, but encryption of communications in transit as well. I wonder how they expect to put that genie back in the bottle.

But, let's dig into a few other bits of insanity in the bill. It starts out with an insane assertion, right upfront:
It is the sense of Congress that--
  1. no person or entity is above the law;
  2. economic growth, prosperity, security, stability, and liberty require adherence to the rule of law;
What an absurd way to start the bill. As we've discussed over and over again, despite FBI director James Comey's statements, no one is claiming to be "above the law" here. When they offer end-to-end encryption they're not "above the law," they're just building a system to which they don't have the key. That's like saying that the safe maker who doesn't keep copies of the keys to every safe they sell is above the law. But no one requires safemakers to keep copies of every key.

Next, the claim that economic growth, prosperity, security, stability and liberty somehow depend on all of this is ridiculous. The second this bill becomes law, the US loses a massive economic advantage. Basically all of our technology becomes suspect globally, and the entire cybersecurity industry moves off shore. It will devastate American businesses outside of the US. Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry. This is especially insane coming from Feinstein, given that she supposedly represents so many tech companies in California.
all providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders;
And they do... when they can. But what this bill requires is for tech companies to undermine the basics of encryption to make everyone less safe. This is not about disrespecting the rule of law, but about building systems as secure as possible to protect people from malicious attacks. You know, the very kinds of attacks that Senators Burr and Feinstein kept screaming about just months ago when they were demanding a bogus cybersecurity (really: surveillance) bill get passed by Congress. And yet now they want to undermine the very core concept of cybersecurity in the US.
to uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data;
And if that's literally impossible, as is the case with strong encryption or end-to-end encryption?

Let's be clear, here. This bill makes effective cybersecurity illegal. Think about that for a second. This is insane.

Then there's this kicker:
Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.
Yeah, except for the entire bill which absolutely prohibits the kind of design that basically all security experts say you need to adequately protect data and communications.

There are lots of other issues as well. As Jonathan Zdziarski notes, the bill is so ridiculously drafted that it doesn't distinguish between encrypted data and deleted data. Thus, if someone deletes all their data, companies are still on the hook to magically get it back. It also requires that any information that is requested be delivered "in an intelligible format." But what if the information itself is not intelligible? What if, prior to encrypting the data through technological means, the people doing the communications used some sort of cypher or code themselves to further obfuscate the information?

The whole thing is a mess and provides much more evidence for the fact that Feinstein and Burr have absolutely no clue what they're talking about on this particular issue. Of course, there are lots of clueless people, but it's pretty disturbing that these two particularly clueless people happen to be the highest ranking members on the Senate Intelligence Committee. Perhaps, like some others, they should talk to actual intelligence community professionals, who have also been arguing that backdooring encryption is a bad idea and puts Americans at much greater risk of being victims of computer attacks.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 8 Apr 2016 @ 8:55am

    Would this require Hasbro to be able decrypt the jumbled bag of unused letters in an electronic version of Scrabble?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 8:59am

    Will image sharing services be illegal because the service provider won't be able to decrypt steganographic messages that may or may not be in every image that's shared?

    reply to this | link to this | view in chronology ]

  • icon
    Seegras (profile), 8 Apr 2016 @ 8:59am

    Intelligence Committee lacking Intelligence

    I can't even see why this law would be so bad, it's impossible to adhere to it, because it contradicts itself.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 9:01am

      Re: Intelligence Committee lacking Intelligence

      All laws that contradict themselves and are impossible to adhere to are inherently bad because it means you're in violation of the law no matter what you do and they can fine or arrest you at their whim.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Apr 2016 @ 9:36am

        Re: Re: Intelligence Committee lacking Intelligence

        Isn't that the point. So that you can be arrested for anything?

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Apr 2016 @ 9:36am

        Re: Re: Intelligence Committee lacking Intelligence

        well you could stop using all electronic devices and all devices that use computers to control them...

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Apr 2016 @ 10:45am

        Re: Re: Intelligence Committee lacking Intelligence

        ... it means you're in violation of the law no matter what you do and they can fine or arrest you at their whim.

        Yeah, ain't it beautiful?

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Apr 2016 @ 9:06pm

        Re: Re: Intelligence Committee lacking Intelligence

        which tends to be the desire of those who want their citizenry to have no rights

        reply to this | link to this | view in chronology ]

  • identicon
    2ez4tla, 8 Apr 2016 @ 9:01am

    Feinstein is clearly under the thumb of the TLAs. Whether they are voluntarily so or not is unclear.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 9:02am

    Outlawing forward secrecy

    This bill makes effective cybersecurity illegal.
    As other commenters elsewhere have quickly noted, the bill outlaws forward secrecy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 9:03am

    "Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity. "

    What was the point of this part? It's like putting a comment in source code that completely contradicts what the source code actually does.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 8 Apr 2016 @ 10:06am

      Re:

      A distractions for the stupid and the 'news' groups basically. By putting that in there they can try to dodge any criticism aimed at the bill by pointing to that line and saying 'No, but see, we're not requiring any changes or prohibiting any from being implemented', and 'conveniently' leave out that the bill absolutely does impose restrictions and requirements.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 3:17pm

      Re:

      jedi hand wave... these are not the laws you are looking for...

      we know it says it does this, but "trust us" it doesn't require or prohibit any specific designs, see we even said that out loud

      reply to this | link to this | view in chronology ]

  • icon
    Steve R. (profile), 8 Apr 2016 @ 9:04am

    Beyond Belief

    Thankfully, the proposal has been dropped. What continues to amaze me is that the positive legitimate uses of encryption are purposely ignored by those proposing a so-called "back door".

    The issue of encryption also raises "slippery slope" concerns. The argument is made that encryption has to be weak to facilitate law enforcement. By that train of logic, search warrants should be abolished as an impediment to "facilitating law enforcement".

    I hope that those proposing a "back door" will finally give-up based on logic. Unfortunately, I suspect that after a suitable waiting period, those proposing weak encryption will once again hysterically start beating the war drums and foaming at the mouth.

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 8 Apr 2016 @ 9:37am

      Re: Beyond Belief

      Thankfully, the proposal has been dropped

      I used "dropped" in the sense of "released." The bill hasn't been discarded -- it's been released. I changed the text in the post to clarify... sorry...

      reply to this | link to this | view in chronology ]

  • icon
    Berenerd (profile), 8 Apr 2016 @ 9:09am

    So now the NSA and other government agencies will be more transparent as it will be easier for Anonymous to hack into the backdoor of the federal encryption and show us what is really going on? And they thought Snowden was a threat to US security.

    reply to this | link to this | view in chronology ]

  • icon
    dolz (profile), 8 Apr 2016 @ 9:14am

    Except

    "It is the sense of Congress that--
    no person or entity is above the law;”

    Unless you’re a member of the ruling class.

    reply to this | link to this | view in chronology ]

  • icon
    Blaine (profile), 8 Apr 2016 @ 9:21am

    Oh, but it is

    "This is not about disrespecting the rule of law..."

    If this law or any like it pass, I will have a tremendous amount of disrespect for the rule of law.

    (I am already maxed out on my disrespect for these specific lawmakers.)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 9:22am

    Keys

    If the tech company has to provide the keys to the government why not just hand over a piece of paper that reads:

    Encryption Keys in use by our technology include numbers from one to infinity. We do not track which key goes to which device so we have instead given you all of the keys.

    reply to this | link to this | view in chronology ]

    • icon
      Cdaragorn (profile), 8 Apr 2016 @ 9:27am

      Re: Keys

      Ah, but this is where the bill's writers were truly clever.

      It doesn't say they have to provide the keys. It says they have to provide the actual data. Completely removes any possibility of getting around it and making actually useful security.

      reply to this | link to this | view in chronology ]

      • identicon
        DogBreath, 8 Apr 2016 @ 10:23am

        Re: Re: Keys

        The ideal response to the bill if it passes is to make the key so easy to remember it can be used across all hardware and platforms, and watch the system eat itself including those idiots in power.

        "Sorry Senators Burr and Feinstein, but in order to properly facilitate access to decrypt the information in accordance with the Anti-Encryption Law that you put in place, your new passwords for all your current and future accounts shall be the following: 12345"

        Malicious Compliance for the win.

        If the little people are going down with the ship, make damn sure those responsible for hitting the iceberg go down with it too.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Apr 2016 @ 10:31am

        Re: Re: Keys

        It also means any leaks of how the backdoor works, or leaks of keys are the software companies problem, and the TLA's. An object lesson in how to weaken encryption and avoid any blame when the bad guys make use of what the governments demands.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 11 Apr 2016 @ 3:05am

          Re: Re: Re: Keys

          A bit like the UK IP Bill where the ISPs are responsible for holding the Internet Connection Record data so when it's inevitably hacked and leaked the government can absolve itself of responsibility.

          reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 9 Apr 2016 @ 9:57am

        Re: Re: Keys

        It doesn't say they have to provide the keys. It says they have to provide the actual data.

        We cannot decrypt the message, so our system will start emailing you every possible message that it could have been. This process will be complete in never.

        reply to this | link to this | view in chronology ]

  • identicon
    Ambrellite, 8 Apr 2016 @ 9:24am

    Shakedown

    This isn't just a crazy bill, it's a legislative shakedown.

    reply to this | link to this | view in chronology ]

  • identicon
    Michael, 8 Apr 2016 @ 9:25am

    device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data

    Bicycle manufacturers must provide a way to facilitate a government request to read something that was sent by messenger?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 9:30am

    "Above the law"

    No, no you missed the point.

    Whenever somebody trots out the old "no person or entity is above the law" argument outside of a superhero movie or a classroom, it is not to to reinforce that everybody is equal.

    No, what they are saying is something entirely different: I am the Law and you are my subject.

    reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 8 Apr 2016 @ 9:49am

    Outlaw strong encryption then only.....

    Outlaw strong encryption then only outlaws will have strong encryption.


    section 1/1 file shortm~1.pgp
    xbtoa5 78 shortm~1.pgp Begin
    Vuojd:rXj)e'g)5"O6I'LqU7T45&QF

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 9:50am

    It seems to me that automatic bank machines communicate. I sure hope they use encrypted communications. The same for personal banking over the web. So this law requires a "backdoors" for such banking, making bank robbery so much easier and cheaper (as no firearms and/or/masks, getaway cars and so on will be required). But at least it will reduce the likelihood of modern bank robbers killing or injuring bystanders and bank employees.

    reply to this | link to this | view in chronology ]

  • icon
    madasahatter (profile), 8 Apr 2016 @ 10:15am

    Two traitors

    The two dim bulb traitors are at it again proving their existence subtracts from the sum total of human knowledge.

    reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 8 Apr 2016 @ 10:46am

    this bill is counter-intuitive and counterproductive.

    Part 1 is at odds with part 2, as has been stated, but lets take a closer look, shall we?

    1)no person or entity is above the law.


    In regards to this bill, that means NO entity is above this law, that includes the FBI, Congress, The Pentagon, The White House, the CIA, NSA, etc. because they are entities, and they cannot be above the law.


    2) economic growth, prosperity, security, stability, and liberty require adherence to the rule of law;



    I am sure that because of (1) that entities like China, Russia, Daesh, Al-Qaeda will take that with good will and NEVER EVER exploit those systems.

    Bullshit, I am sure that Russia, China would LOVE to get their hands on NSA/CIA/Pentagon deep cover operatives/operations currently in the field or in planning. I am SURE Al-Qaeda and Daesh would LOVE to get into the FBI/NSA to see which of THEIR deep cover operatives are being monitored. I am *SURE* the Pentagon would LOVE to have AF1's schematics broadcasted to the world.

    Not only is this bill counter to free speech, economic security, but it *WILL* put American lives and national security at risk. And before you go, "Oh, but WE, in Congress and the govt is not bound to this law." read again that the law specifically says "NO ENTITY", including the Entity of the US Govt. BY THE LETTER OF THE LAW.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Apr 2016 @ 12:30am

      Re:

      I quite agree - the 'no entity is above the law' would mean that all the federal 'Except us' language in various other laws doesn't apply. Should (horrors) this abomination be passed, then I can only suggest that Lal, Shimpy, NSA, the Navy, et al be named as co-defendants to any suit brought under this. After all, as RSA, TOR, etc fail to provide backdoors in the algorithms employed - right?

      reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 8 Apr 2016 @ 10:50am

    Watching politicians writing security legislation is like watching dogs trying to understand quantum mechanics.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 8 Apr 2016 @ 10:57am

      Dogs are fairly harmless, politicians not so much

      Not quite, because no matter how confused the dogs get the odds are against anything they do screwing over an entire country.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 8 Apr 2016 @ 6:39pm

        Re: Dogs are fairly harmless, politicians not so much

        Dogs might have a hard time destroying the world with a supercollider, but they'll wreck your day if you're a lamb grazing on the field.

        The problem is in this case, that these are idiots out of their league, but with power enough to be destructive.

        It's the same problem as we have with many entrenched representatives who cannot be voted out of position (the GOP can't even create a candidate liberal enough to be palatable to California) so long as they're worse than Joffrey-Satan-Hitler, we won't vote Joffrey-Satan-Hitler in to replace them.

        But seriously, I'd really like someone that's actually intelligent and actually means to run California not into the ground.

        It's a pipe dream.

        reply to this | link to this | view in chronology ]

    • icon
      Almost Anonymous (profile), 8 Apr 2016 @ 1:50pm

      Re:

      Pardon my crudity, but...
      Watching politicians writing security legislation is like watching dogs poop.
      FTFY

      reply to this | link to this | view in chronology ]

  • identicon
    bshock, 8 Apr 2016 @ 11:03am

    Sheep must not evolve armor, claws, or teeth

    California -- home of the embarrassing Ms. Feinstein -- is an odd place. Far from being a Liberal paradise, it's actually well on its way to becoming a feudal state, where the wealthy lords and ladies control the land, while peasants pay rent for the privilege of furthering the fortunes of their landlords. (Anybody who lives in the Bay Area knows exactly what I'm talking about.)

    Her Majesty Lady Feinstein has decided that it's too dangerous for the peasants to have secrets, and so she insists that we must divulge everything at the whims of her knights in blue. The wording of this bill suggests that she considers peasant vulnerability and rule of law to be inseparable.

    This sort of attitude is not at all inconsistent with California law. This state has some of the most restrictive gun laws in the country. After all, an armed peasant is a less vulnerable peasant. Regardless of which side of the gun debate you happen to be on, though, you can probably agree that Lady Feinstein's public pride in the fact of her own armed condition seems more than a little hypocritical. (Yes, Diane Feinstein famously has a permit to carry deadly weapons.) But of course self defense is a god-given right of the nobility, isn't it?

    We might excuse California if the restrictions stopped there; it's easy to imagine that few people really need to own or carry firearms today. But in the spirit of keeping peasants vulnerable, California has even declared bullet-resistant clothing illegal. That's right: apparently rule of law demands that peasants must be as vulnerable -- i.e. easy to kill -- as possible. Wear a bulletproof vest, go to jail.

    So what's next, Your Majesty? Are you going to take a cue from that silly David Lynch version of "Dune" and decree that all of us must be fitted with openly accessible "heart plugs" that allow our lives to be taken with the flick of the wrist from your deputized thugs? Or at the very least, should we all be forced by law to carry wrist restraints, so that we can truss up ourselves in an instant when so ordered?

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 8 Apr 2016 @ 6:45pm

      "Well on its way to becoming a feudal state"

      The same is true of every state in the US. Ours is and has been for decades a corporate oligarchy in which the voters are disenfranchised unless they can rally tens of millions.

      But yes, ours is a feudal state under Hollywood and Google that wishes it were a liberal democracy, rather than a feudal state under Monsanto or Pfizer or Chevron or Ford that wishes it were a conservative republic.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Apr 2016 @ 8:05am

        Re: "Well on its way to becoming a feudal state"

        Not exactly sure where you are going with this, but you do realize both parties answer to corporate interests? Its just that one is more open about it while the other lies about it.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 11:37am

    What about postal letters?

    So now every mailman in the country that handled my letter is liable for my secret decoder ring message I sent to my kid since they provided the method of commincation (Drink your Ovaltine!)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonmylous, 8 Apr 2016 @ 11:45am

    Wrong analogy

    "That's like saying that the safe maker who doesn't keep copies of the keys to every safe they sell is above the law."

    No, its like holding a paper manufacturer responsible for people burning letters after reading them.

    Burning papers and mixing the ashes is what we did before digital communications. And they had a term for that: destruction of evidence. And it was still a bullshit charge as there was no clue as to what those papers really contained.

    So now, we want to hold the paper manufacturers to blame for this huge problem (that really isn't) and force them to make fire-proof paper or pay massive fines.

    Brilliant!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 12:09pm

    Cannot wait to hear Steve Gibson or GRC.com (Security Now podcast) reaction to this....

    reply to this | link to this | view in chronology ]

  • identicon
    Nick B, 8 Apr 2016 @ 12:13pm

    Coverage

    The bill covers a ridiculous scope.

    It would ban paper shredders, data storage places(paper or datacenters) from having fire suppression systems that could potentially damage documents/data.

    If you offer a product or service that touches documents or data and have anything even remotely in your control (fire sprinklers) that can render the data unreadable you are on the hook to provide a clean copy to the government.

    reply to this | link to this | view in chronology ]

  • icon
    Matthew Cline (profile), 8 Apr 2016 @ 12:13pm

    Software which allows plugins

    What about software used for communication or storage which provides for plugins/modules/hooks which can encrypt information? Does the bill not apply there? Would it require the software to somehow authenticate the plugins/etc as being on an approved list? Outlaw such extensibility altogether?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 12:15pm

    This bill is hilarious. I can't wait until someone sues General Dynamics (or the like) over the products they produce and SELL TO THE US GOVERNMENT.

    https://gdmissionsystems.com/cyber/products/

    As a long time Californian, I can never understand how in the world my fellow citizens continue to elect the likes of Boxer (or Diane Feinstein either).

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Apr 2016 @ 4:16am

      Re:

      This bill is hilarious. I can't wait until someone sues General Dynamics (or the like) over the products they produce and SELL TO THE US GOVERNMENT.

      Selective enforcement.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 12:29pm

    I wouldn't worry about. It's not like it's gonna go anywhere. Burr and Feinstein are just grandstanding early, like Wyden.

    reply to this | link to this | view in chronology ]

    • icon
      klaus (profile), 8 Apr 2016 @ 1:16pm

      Re:

      I agree that the bill will go nowhere, it'll make the US a tech desert. But I take exception to your comment on Wyden; he's no grandstander. I think he has principles, a rare quality for a politician.

      reply to this | link to this | view in chronology ]

  • icon
    Violynne (profile), 8 Apr 2016 @ 12:32pm

    It is the sense of Congress that--

    no person or entity is above the law;
    economic growth, prosperity, security, stability, and liberty require adherence to the rule of law;

    Why the hell aren't all laws started this way.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 12:53pm

    Obama waffles

    Yesterday, we noted that the White House had decided to neither endorse nor oppose the bill
    Notwithstanding yesterday's Reuters report discussed in the previous Techdirt article, in a competing story from yesterday, The Hill's Cory Bennett reports that deputy White House press secretary Eric Schultz says the President hasn't reached any decision. (“Encryption bill sent back to White House for Obama review”)
     . . . After the administration reviewed an initial draft and offered edits in March, several people with knowledge of the discussions said this week that officials had chosen to publicly stay out of the heated debate.

    The White House shot down those reports on Thursday.

    “I am sure we will take a look at what they are proposing and be in touch,” White House deputy press secretary Eric Schultz told reporters aboard Air Force One. “The idea that we’re going to withhold support for a bill that’s not introduced yet is inaccurate.”

    Burr said he was hearing the same thing from the administration.

    “A decision has not been made,” he told reporters.
    This is at least a different spin than the Reuters story, and offers the highlighted statement from the White House deputy press secretary. (Contrast with the Reuters story, which says: “A White House spokesman declined to comment on the pending legislation, but referred to White House press secretary Josh Earnest's statements on encryption legislation.”)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 1:03pm

      Re: Obama waffles

      ( Oh, and fwiw, h/t Max J. Rosenthal at Mother Jones
      White House deputy press secretary Eric Schultz insisted the report was wrong and that the bill was still under review. "The idea that we're going to withhold support for a bill that's not introduced yet is inaccurate," he told reporters aboard Air Force One.
      )

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 1:14pm

      Re: Obama waffles

      Yesterday's Reuters report was bylined Mark Hosenball and Dustin Volz. In a story dated today (Friday) they update us with further information on the White House response to Burr-Feinstein.

      Leak of Senate encryption bill prompts swift backlash”, by Dustin Volz and Mark Hosenball, Reuters, Apr 8, 2016
      President Obama is expected to be personally briefed by White House chief of staff Denis McDonough on the proposal on Monday, sources said.

      But the administration remains deeply divided over encryption and views it as too controversial to offer public support or opposition for the bill as it is currently written, according to sources.

      A White House spokesman told reporters Thursday the administration had not decided whether to support the measure, as it is still in a draft stage.

      reply to this | link to this | view in chronology ]

      • icon
        Leigh Beadon (profile), 8 Apr 2016 @ 5:30pm

        Re: Re: Obama waffles

        Interesting. We'll probably get something out on that next week (or on the administration's clear position, if it's decided on one by then).

        reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 9 Apr 2016 @ 1:02am

        Re: Re: Obama waffles

        But the administration remains deeply divided over encryption and views it as too controversial to offer public support or opposition for the bill as it is currently written, according to sources.

        Yeah, nice attempt at a dodge on their part, but no, I'm not buying it. There has been plenty of time to become educated on the subject, and more than enough people in the field have spoken up saying how dangerous undermining encryption is that to claim to be 'undecided' at this point is just an attempt to avoid voicing an opinion counter to the evidence that's been presented.

        I think the real 'problem' facing them is that they would really like to voice support for the bill, but they know the public backlash for doing so would likely be significant(and during election season at that), and so they're stuck pretending to have to 'consider the matter' and 'weigh the pros and cons'.

        If by some disaster the bill does make it through and gets enough votes to pass I'm sure he will sign it, even as he pretends that he's only doing so because he has to, the lawmakers have spoken and he has no choice but to go along with the general consensus.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Apr 2016 @ 7:59am

          Re: Re: Re: Obama waffles

          the public backlash for doing so would likely be significant (and during election season at that)
          Don't overestimate the level of popular concern about the issue.

          Even in Silicon Valley, encryption battle yields more yawns than yelps”, by Bruce Newman, Mercury News, Apr 8, 2016
          With Congress poised to consider draft legislation that would give the FBI -- or any law enforcement agency with a court-ordered warrant -- the right to examine everyone's encrypted data, the other back-door-kicking shoe appears ready to drop.

          But even as the two sides square off in the ongoing struggle between security and privacy, Brent Fried -- a UC Berkeley junior who was rushing into the International House Cafe to study for midterms this week -- pulled out his iPhone's earbuds and shrugged.

          "I don't understand why it's such a huge deal," he said. "It hasn't been much of an issue for me."
          Perhaps even worse than overestimating the popular interest in the issue would be overestimating the level of popular opposition to something like Burr-Feinstein.

          All too easy to get yourself in big room with a few thousand people mostly agreeing on something—and forget that a big room like that may not really be representative in a nation of 300 million and change.

          reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 9 Apr 2016 @ 5:58pm

          Re: Re: Re: Obama waffles

          If by some disaster the bill does make it through and gets enough votes to pass I'm sure he will sign it, even as he pretends that he's only doing so because he has to, the lawmakers have spoken and he has no choice but to go along with the general consensus.

          If Congress is in session when it hits his desk he can do nothing and hope nobody notices.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 9 Apr 2016 @ 8:34pm

            Re: Re: Re: Re: Obama waffles

            He could, but would he?

            Either our President is a surveillance- / police-state- / national-security-maximalist, or the guy who has a gun to his head is.

            We've not seen his opinion evolve until after it's clear the direction the votes are going.

            reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 9 Apr 2016 @ 9:59pm

              Re: Re: Re: Re: Re: Obama waffles

              "Either our President is a surveillance- / police-state- / national-security-maximalist, or the guy who has a gun to his head is."

              Toe-may-toe, toe-mah-toe.

              reply to this | link to this | view in chronology ]

  • icon
    limbodog (profile), 8 Apr 2016 @ 1:57pm

    Yup

    Feinstein is a big part of why I will never become a democrat.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 9 Apr 2016 @ 12:46am

      Re: Yup

      And Burr's a republican. This isn't a Democrat/Republican thing, this is a 'Dangerous idiots who don't know what they're talking about' thing, or perhaps a 'Who cares what it does to the public, the power of the government is more important.'

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 2:00pm

    sorry

    I feel the need to apologize for Dianne Feinstein every time I hear of her doing something stupid. I didn't vote for her, but I still feel responsible (being a California resident)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 2:01pm

    Get rid of this ridiculous bill and put one in place that says any Senator on the Senate Intelligence Committee has to actually be intelligent and also understand the damn technology they oversee.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 2:56pm

    How about a bill that makes it illegal for Feinstein to propose any bills? Even better, one that makes it illegal for her to even have a job in the government?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 3:49pm

    I'll certainly need an array to store recorded traffic entering and leaving my VPN on my home server. Otherwise, who knows what my roommates get up to that LEO's might want to see. And that's only the beginning.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 4:17pm

    can someone please just "deal" with feinstein...like now? Every time I hear this goddamn witch's name its something to do with weakening our privacy and killing piracy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 4:34pm

    "(b) DESIGN LIMITATIONS.---Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity."

    The inclusion of the above means, to me, that the requirement for providing the data or assistance with getting it applies only WHERE POSSIBLE, and does not mean systems or software must be dumbed down to provide for governmental wants later (no back-doors are required here). I admit I've only glossed over this so far, but am I misinterpreting anything here? If it does require back-doors, where exactly in the bill does it do so?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 4:46pm

      Re:

      I admit I've only glossed over this so far, but am I misinterpreting anything here?
      Yes. It does indeed appear you are misinterpreting the bill. Try reading it a little bit more slowly and carefully.

      If English is not your first language, then you should consider indicating particular words that you're having trouble translating into your native language.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Apr 2016 @ 4:54pm

      Re:

      The whole thing is ridiculous and very poorly written and even(hypothetically) if there isn't something stating that there needs to be backdoors in there the government, law enforcement and the courts can very easily interpret it to mean that they will indeed have to have backdoors.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Apr 2016 @ 8:52pm

        Re: Re:

        It's so pompous, I don't think it stands a snowball's chance in hell of passing. And even if it did, the chances of me abiding by it, are the same.

        reply to this | link to this | view in chronology ]

    • icon
      Leigh Beadon (profile), 8 Apr 2016 @ 5:35pm

      Re:

      If it does require back-doors, where exactly in the bill does it do so?

      The very next provision after the one you quoted.

      "A provider ... shall ensure that any such products, services, applications or software ... be capable of complying."

      At best, the two provisions contradict each other. More accurately, the one you quoted is a weak attempt to deny that they are doing exactly what they are doing: mandating how software and devices must be designed. It's providing some tiny, meaningless leeway.

      Basically the part you quoted is saying "You can give us a master key, or a separate entrance, or a hidden recording device, or an infrared camera, or a doorman with orders to let us in - it's totally up to you!"

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Apr 2016 @ 8:43pm

        Re: Re:

        Thank you for laying that out clearly (and politely). So if I'm reading you correctly, you're saying those two parts, taken together, require a back-door of some sort, but not of any particular sort. However, if I'm not mistaken, a court of law must also take into consideration "Notwithstanding any other provision of law", in which, right off the bat, it conflicts with CALEA: "(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; (b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services." I cant see the bill passing with such an immediate glaring conflict with existing law. Of course, I could be mistaken, but it just looks like they're trying to project the illusion of doing something without actually doing anything (usually called grandstanding when so close to an election).

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 11 Apr 2016 @ 4:20am

          Re: Re: Re:

          This subchapter does not authorize...

          Nor does it prohibit.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 11 Apr 2016 @ 6:03am

            Re: Re: Re: Re:

            Yeah... CALEA does not authorize law enforcement to require a specific design, and it does not authorize law enforcement to prohibit adoption of a specific design... And?

            reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 11 Apr 2016 @ 6:14am

          Re: Re: Re:

          I think they would argue that this new bill doesn't require or prohibit any specific design or feature. The specific design is up to the phone maker, they just have to ensure they can comply with search orders.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 11 Apr 2016 @ 7:45am

            Re: Re: Re: Re:

            Which is why I said, "require a back-door of some sort, but not of any particular sort". And why I subsequently brought up CALEA, which doesn't authorize law enforcement to make a "per se" requirement, which is exactly what is happening when someone legislates against specific circumstances (inability to comply) that can only be avoided by the inclusion of a back door, seeing as the end result is the same as requiring one to begin with. Feinstein thinks she's being slick, but Homie don't play that shit, etc..

            reply to this | link to this | view in chronology ]

            • icon
              nasch (profile), 11 Apr 2016 @ 8:03am

              Re: Re: Re: Re: Re:

              I understand what you're saying, I'm just pointing out that they have a path to make an argument that this bill does not in fact conflict with CALEA. Whether a court would buy that argument is unknown at this time.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 11 Apr 2016 @ 8:51am

                Re: Re: Re: Re: Re: Re:

                Whether a court would buy that argument is unknown at this time.
                Why would a court care?

                Entrenchment of Ordinary Legislation: A Reply to Professors Posner and Vermeule”, by John C. Roberts and Erwin Chemerinsky, California Law Review, 2003, p.1783 (p.11 in PDF):
                The Court applies this principle with equal force to the U.S. Congress. In Reichelderfer v. Quinn, the Court stated flatly that one Congress cannot impose its will on its successors.
                (Hyperlink added. Note that footnote 34, while citing 287 U.S. 315, 318, appears to get the year of the case wrong. Google shows this case as 1932.)

                The will of a particular Congress … does not impose itself upon those to follow in succeeding years.

                So why would a court care that a later legislative enactment sub silentio amends an earlier act?

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 11 Apr 2016 @ 9:12am

                  Re: Re: Re: Re: Re: Re: Re:

                  John C. Roberts and Erwin Chemerinsky
                  Incidentally, DePaul University College of Law Dean Emeritus and Professor of Law John C. Roberts should most probably NOT be confused with the more notorious John G. Roberts Jr.

                  reply to this | link to this | view in chronology ]

                • icon
                  nasch (profile), 11 Apr 2016 @ 9:12am

                  Re: Re: Re: Re: Re: Re: Re:

                  So why would a court care that a later legislative enactment sub silentio amends an earlier act?

                  The argument would be that this bill does NOT do that. Am I not explaining this clearly?

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 11 Apr 2016 @ 9:16am

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    The argument would be that this bill does NOT do that. Am I not explaining this clearly?
                    You're not explaining why it would matter whether it does or doesn't.

                    I think that motivation is a necessary predicate for any worthwhile argument: Contrariwise, if it doesn't matter, then it just doesn't matter…

                    reply to this | link to this | view in chronology ]

                    • icon
                      nasch (profile), 11 Apr 2016 @ 9:34am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re:

                      You're not explaining why it would matter whether it does or doesn't.

                      Are you saying it's perfectly fine for this bill to conflict with CALEA, and that means CALEA is effectively amended? Maybe I misunderstood you.

                      reply to this | link to this | view in chronology ]

                      • identicon
                        Anonymous Coward, 11 Apr 2016 @ 10:00am

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                        Are you saying it's perfectly fine for this bill to conflict with CALEA, and that means CALEA is effectively amended?
                        CALEA was enacted by the 103rd Congress, and was signed by President Clinton in 1994.

                        If the current, 114th Congress duly enacts a new law, then we get a new law. Tell me why it wouldn't just be that simple—especially in any question regarding interpretation and construction of the new statute?

                        reply to this | link to this | view in chronology ]

                        • icon
                          nasch (profile), 11 Apr 2016 @ 10:16am

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                          I asked a yes or no question, you could just answer it...

                          As for your question, ask the AC who thought it would be a problem.

                          reply to this | link to this | view in chronology ]

                          • identicon
                            Anonymous Coward, 11 Apr 2016 @ 10:41am

                            Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

                            I asked a yes or no question, you could just answer it...
                            Oh c'mon nasch. You've been hanging around here long enough to know the stock-off-the-shelf answer to any kind of question like that would usually be—
                            “Well, it depends.”
                            In this specific context, though, I'd continue to say that the question itself depends on whether its answer makes any kind of meaningful difference.

                            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 5:39pm

    Dianne Feinstein has always been bad at maths.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Apr 2016 @ 5:45pm

    Even without reading it I am certain it benefits them at the same time it makes everyone else less safe.

    Those 2 have proven they are traitors through and through.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 8 Apr 2016 @ 6:51pm

    I wonder how this is going to affect open source.

    When the code is available and no-one takes credit for providing the compiled version, or the company in question is outside the US, what happens then?

    Can this be enforced?

    Is this going to do anything but vector consumer dollars outside the US?

    reply to this | link to this | view in chronology ]

  • identicon
    Whatever, 9 Apr 2016 @ 9:01am

    Finally, fantastic news for a change.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Apr 2016 @ 5:03pm

    I actually completely support this legislation. I think it is the best bill of the last 30 or so years. SSL is the worst thing that has ever happened to my business, An0nym0usH4x3rs4H1r3

    reply to this | link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 10 Apr 2016 @ 2:00pm

    When?

    Get real California! When are you going to fire Feinstein? She represents a large part of California's tech sector, and she ISN'T doing her job! Show her the door!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Apr 2016 @ 7:57am

    Typical Dem move

    Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry.

    Since when is the Democratic party every been concerned about the economy or America's prosperity?

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 14 Apr 2016 @ 11:58am

      "concerned about the economy or America's prosperity"

      The GOP has? Ever? Reaganomics? Trickle-Down Theory? Opening the door for lobbyists? War-profiteering?

      The problem with partisan thinking is that both sides are generally corporatist and protectionist and representatives need to be in order to get those sweet, sweet campaign contributions.

      Our government is now intrinsically corrupt, and only serves the monied interests. It's actually worse than Feudalism in a way since there is no acknowledgement of the value of the general population (as laborers, soldiers and consumers), so most of them are shortsighted enough to regard us shlubs as filth to be socially cleansed.

      reply to this | link to this | view in chronology ]

  • identicon
    topfatcat, 9 May 2016 @ 1:57pm

    Burr-Feinstein bill

    Suppose an encryption mechanism signed everything it encrypts with a unique pointer (unique to that data). That pointer only has meaning to the provider of the encryption mechanism. It is a pointer to the encryption key used to encrypt that data. The pointer is useless to anyone but the provider. When faced with a court order the provider may use the pointer to provide the required encryption key.
    This should mean that I can encrypt my data with the confidence that it can only be read by me, some one I give the encryption key to, or someone who has a court order to read it. Of course, the provider has to be trustworthy, as my bank is now!

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 9 May 2016 @ 3:11pm

      Re: Burr-Feinstein bill

      Of course, the provider has to be trustworthy, as my bank is now!

      Not just trustworthy, but secure. Criminal organizations and foreign nations would be trying to break in and steal the information needed to make use of the pointers you describe. And eventually one or more of them would probably succeed.

      reply to this | link to this | view in chronology ]

      • identicon
        topfatcat, 9 May 2016 @ 8:30pm

        Re: Re: Burr-Feinstein bill

        "trustworthy" would obviously include "secure".
        Criminal organizations can probably break any encryption if they think there's enough money to be gained. We live in a world where everything has some risk. The goal is to reduce the risk while attaining other goals as well.

        reply to this | link to this | view in chronology ]

  • identicon
    Jon, 25 May 2016 @ 9:50pm

    expel them

    this proposal cannot be forgiven, contact your senators, the only acceptable resolution to such an egriegious proposal is the expulsion of Barr and Feinstein from the US Senate.

    If they want to propose utterly idiotic legislation there is plenty of room in the House of Representatives.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.