HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

Email

by Tim Cushing


Filed Under:
dnc, email, encryption, hacking



Will DNC Email Hacking Make Legislators More Friendly To Encryption?

from the Betteridge-says... dept

Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?

Some prominent Democrats have demonized end-to-end encryption, the kind that might have helped lesson the impact of this hack by making emails look like gibberish to anyone without a key. It’s only readable when a person on one end of the communication opens the email, excluding the company storing the exchange, a hacker, and law enforcement.

Senator Dianne Feinstein (D-Calif.) has led the charge on a bill that would make end-to-end encryption illegal, requiring companies be able to decrypt data if served with a court order. Hillary Clinton herself has pushed for breakable encryption, claiming that, “Otherwise, law enforcement is blind—blind before, blind during, and, unfortunately, in many instances, blind after.”

Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained. It wouldn't have prevented any content from being accessed, but would have greatly mitigated the damage.

Unfortunately, there's a very good chance the wrong lessons will be learned from this experience.

While it would seem obvious that the best way forward would be to encourage the use of strong encryption for everyone, it's far more likely legislators and presidential candidates will continue to try to carve holes for law enforcement access and expand government powers to "hack back" or perform preemptive attacks. The proposed Rule 41 changes will likely slide on through at the end of this year, allowing the FBI to break into computers all over the world.

Another solution suggested by Hill is to move government communications to private platforms like Gmail where end-to-end encryption can be implemented and, more importantly, handled by professionals rather than, say, a bunch of lawyers with access to the spare bedroom.

Government officials may be wary of allowing private companies to handle (and store) government communications, but the public should be just as wary of any government agency that makes a private company its official communications platform. Private platforms used for public business tend to create lots of unnecessary FOIA litigation. Without legislation in place, or additional stipulations added to contracts with private entities, government agencies will not only be able to keep malicious hackers at bay, but also pesky members of the public demanding access to officials' communications.

The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives. The sort of hybrid approach to legislating we see far too often -- whether it's in response to Congressional insider trading or the numerous buffers placed between law enforcement officers and any form of accountability.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Vidiot (profile), 8 Aug 2016 @ 12:31pm

    Legislators need practical explanations

    "Wait... you mean that if the server was hacked but my message was encrypted, the papers never could have printed that thing about the sheep?"

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 1:19pm

      Re: Legislators need practical explanations

      Tomorrow's Headline: Bill Introduced To Outlaw Encryption Except For Government Use.

      reply to this | link to this | view in chronology ]

      • icon
        DannyB (profile), 8 Aug 2016 @ 2:40pm

        Re: Re: Legislators need practical explanations

        The government should let everyone use encryption.

        Not just the government.

        But please !!! Please use the kind of magical encryption that law enforcement can read, but hackers cannot read.

        If it doesn't exist it can be invented. Or if not invented, it could at least be patented, which is just as valuable in court as being actually invented.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 2:01pm

      Re: Legislators need practical explanations

      > the papers never could have printed that thing about the sheep?"

      No... because you had already violated the first rule. The first rule of Sheep Club is NEVER EMAIL ABOUT SHEEP CLUB!

      Doesn't matter if your email is encrypted, your server is secure, or anything else. Email about Sheep Club at all, and somehow, someone, somewhere will eventually expose your lanolin fetish.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 1:08pm

    Or, the government could not use the internet for such things. Regarding email, a dialup based network would be more than sufficient for sending plain text types of messages (encrypted of course.)

    reply to this | link to this | view in chronology ]

  • identicon
    Chort, 8 Aug 2016 @ 1:46pm

    Exemptions

    Every time the government proposes banning strong encryption it always includes exemptions for itself and those it favors. (Funny, that, huh?) For example, when Hillary's husband Bill Clinton was pushing for it while he was president, he wanted to exempt the government and bankers, among others. When asked why bankers should be exempted he replied "because bankers are good citizens", as opposed to the rest of us outside the government.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 1:47pm

    Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained.

    End to End encryption is designed to protect the emails in transit, and on external servers. Would the DNC have kept the emails encrypted with the end to end encryption, and if they did, would they have kept the keys under control, given multiple people requiring access to many of the emails. It is not designed to protect drafts, or contents copied into other documents. What the DNC needed was proper whole disk encryption to help protect all their data from hacking of their machines. Security is hard, and it is easy to solve the wrong problem.

    reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 9 Aug 2016 @ 11:41am

      Re:

      Security is hard, but people mostly grow them there low-hanging fruit trees. (Attackers with a specific target in mind, of course, would just try harder.)

      Disk encryption could be a thing, but I'm thinking that there isn't really a good argument for encryption-friendliness here. But sometimes bad arguments are what you need to influence morons.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 2:00pm

    The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives.

    I guarantee that's what their position will be, they're so disconnected from common sense and the people that our security is barely a passing thought. We're seen as the enemy that they need to be protected from so they need good encryption to keep us out but all we should allowed to have is backdoored encryption at best so they can see everything we do.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 2:28pm

    'allowing the FBI to break into computers all over the world'

    and exactly what is gonna be done and said when another country finds out what the USA, yet again, has been up to? why should it have the audacity to even think that it has the right to do anything outside of the USA when it shouldn't be allowed to pull shit like this INSIDE the USA!! and as for Feinstein, she ought to wind her neck in and try learning about stuff before she spouts off! being on a committee whilst knowing fuck all is one thing, she can/could rely on others but being a bit on the dim side concerning security and how it totally obliterates freedom and privacy rather than enhancing it, especially in a country that still keeps trying to tell the rest of the World that it is a democracy, is quite pathetic!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 2:31pm

    Unfortunately, there's a very good chance the wrong lessons will be learned from this experience.

    This is politics! no lessons are to be learned... Just Opportunities to be Exploited!

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 8 Aug 2016 @ 2:41pm

    Government has decided NOT to ban encryption!

    The government has decided it should not ban encryption.

    Banning encryption would make us all less safe.

    Instead, the government has invested effort in developing the strongest possible encryption key. The strength of this key will keep us all safe.

    Everyone must begin using this encryption key immediately.

    People who refuse are obviously up to no good.

    reply to this | link to this | view in chronology ]

  • icon
    radix (profile), 8 Aug 2016 @ 3:12pm

    Will DNC Email Hacking Make Legislators More Friendly To Encryption?

    lolno

    reply to this | link to this | view in chronology ]

    • icon
      radix (profile), 8 Aug 2016 @ 3:14pm

      Re: Will DNC Email Hacking Make Legislators More Friendly To Encryption?

      Oops, hit enter too soon. When can I delete my comments, Techdirt?

      This was supposed to say, they'll just make the CFAA even more onerous in response. Politicians will never pass up an opportunity to make enforcement stronger when faced with the alternative of expanding freedoms.

      reply to this | link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 8 Aug 2016 @ 6:19pm

    DOD Policy

    I remember many years ago when the US Air Force sent out a policy letter stating do not use encrypted email due to server issues. And that it would slow down the world

    reply to this | link to this | view in chronology ]

  • identicon
    Norahc, 8 Aug 2016 @ 7:04pm

    Power vs peons

    Those in power have repeatedly demonstrated that they think the laws and rules should only apply to the peons...I mean the people they govern. This won't be any different than running a private email server to get around disclosure laws, releasing classified information to further an agenda, etc..

    Some people believe in different rules for the governing and the governed. Guess they forget who they're supposed to be working for.

    reply to this | link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 9 Aug 2016 @ 5:23am

    Spoilers

    No.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.