Burr-Feinstein Anti-Encryption Bill Has No Support, Won't Be Moving Forward Anytime Soon

from the but-a-corpse-can-always-be-exhumed-and-'Weekend-at-Bernied'-back-into-ac dept

Some good news has arrived: the Feinstein-Burr anti-encryption bill is now little more than a cooling corpse in the legislative mortuary.

Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said.

Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers.

But, as Miracle Max pointed out, "mostly dead" is still "slightly alive." There are caveats hidden in Reuters' eulogy. Taking the bill out of the running for "this year" doesn't necessarily mean Burr/Feinstein won't take it out of cold storage after the regime change. It also doesn't rule out revived interest in backdooring encryption should an exploitable tragedy occur in the coming months. Never bet against the House/Senate. Bad ideas -- along with ECPA/FOIA reform attempts -- are perennial, but only the former draw strength from the deaths of US citizens. And you can never count out the undying support of law enforcement agencies, which have quite a bit of pull in national and state legislatures.

But even the usual supporters of government surveillance had their problems with the anti-encryption effort. Senator Lindsey Graham backed away hurriedly once he became aware of what was actually at stake.

“I was all with you until I actually started getting briefed by the people in the Intel Community,” Graham told Attorney General Loretta Lynch during an oversight hearing in the Senate Judiciary Committee. “I will say that I’m a person that’s been moved by the arguments about the precedent we set and the damage we might be doing to our own national security.”

This is what happens when you actually converse with the "smart people" at tech companies. This explains why FBI Director James Comey would rather talk about "smart people," rather than to them. (Shorter Comey: "Nerd harder, nerds.") Nothing chills anti-encryption fervor more than the cold water of reality. Comey would rather be guided by faith and his belief in his own "rightness" than take the chance of being informed about how wrong he actually is.

Feinstein and Burr have a lot of pull and are in the intelligence community's inner circle. But if they can't get this done -- even in the wake of a mass shooting that dovetailed into a legal battle over iPhone access -- it's unlikely they'll be able to round up the support they need until after a new president is in place. And even that's no guarantee. But for now, the bill is going nowhere, and that's something.

Filed Under: dianne feinstein, encryption, going dark, richard burr

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 31 May 2016 @ 8:05am


    Politician e-mail leaks are a non-sequiter here. Their e-mails are already stored unencrypted in most cases. (At-rest e-mail encryption is not well deployed even among the technically adept. I think it is safe to say it is unheard of among the political elite.) Any e-mail not stored with at-rest encryption is vulnerable in four places:

    1. On the sending machine, in the Sent folder
    2. In transit between an e-mail client and server or between servers, if you can catch it in transit and it is either unencrypted or the TLS connection uses a breakable cipher
    3. On the recipient's mail server (or, in some cases, at rest on an intermediate server that has not yet finished delivery)
    4. On the recipient's machine, in the Inbox or similar folder

    Attacking (1), (3) or (4) is much easier than attacking (2), since you can only do (2) if you happen to be able to sniff traffic between the machines when those machines choose to communicate and they use a transport that is either cleartext or easily breakable. This bill, if passed, would make sniffed traffic from (2) easier to break. It would also likely make at-rest e-mail encryption more vulnerable, but since most people do not use that even now, making it more vulnerable does not make politician's e-mail more vulnerable. Attacking 1/3/4 is about cracking into the machine (password guessing, bruteforce, or general malware) and then copying out the helpfully cleartext e-mail from the system's drive. None of that becomes easier when breakable encryption is standard.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.