Will DNC Email Hacking Make Legislators More Friendly To Encryption?
from the Betteridge-says... dept
Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?
Some prominent Democrats have demonized end-to-end encryption, the kind that might have helped lesson the impact of this hack by making emails look like gibberish to anyone without a key. It’s only readable when a person on one end of the communication opens the email, excluding the company storing the exchange, a hacker, and law enforcement.
Senator Dianne Feinstein (D-Calif.) has led the charge on a bill that would make end-to-end encryption illegal, requiring companies be able to decrypt data if served with a court order. Hillary Clinton herself has pushed for breakable encryption, claiming that, “Otherwise, law enforcement is blind—blind before, blind during, and, unfortunately, in many instances, blind after.”
Using end-to-end encryption would have prevented attackers from accessing the content of most of the emails they obtained. It wouldn’t have prevented any content from being accessed, but would have greatly mitigated the damage.
Unfortunately, there’s a very good chance the wrong lessons will be learned from this experience.
While it would seem obvious that the best way forward would be to encourage the use of strong encryption for everyone, it’s far more likely legislators and presidential candidates will continue to try to carve holes for law enforcement access and expand government powers to “hack back” or perform preemptive attacks. The proposed Rule 41 changes will likely slide on through at the end of this year, allowing the FBI to break into computers all over the world.
Another solution suggested by Hill is to move government communications to private platforms like Gmail where end-to-end encryption can be implemented and, more importantly, handled by professionals rather than, say, a bunch of lawyers with access to the spare bedroom.
Government officials may be wary of allowing private companies to handle (and store) government communications, but the public should be just as wary of any government agency that makes a private company its official communications platform. Private platforms used for public business tend to create lots of unnecessary FOIA litigation. Without legislation in place, or additional stipulations added to contracts with private entities, government agencies will not only be able to keep malicious hackers at bay, but also pesky members of the public demanding access to officials’ communications.
The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives. The sort of hybrid approach to legislating we see far too often — whether it’s in response to Congressional insider trading or the numerous buffers placed between law enforcement officers and any form of accountability.
Filed Under: dnc, email, encryption, hacking
Comments on “Will DNC Email Hacking Make Legislators More Friendly To Encryption?”
Legislators need practical explanations
“Wait… you mean that if the server was hacked but my message was encrypted, the papers never could have printed that thing about the sheep?”
Re: Legislators need practical explanations
Tomorrow’s Headline: Bill Introduced To Outlaw Encryption Except For Government Use.
Re: Re: Legislators need practical explanations
The government should let everyone use encryption.
Not just the government.
But please !!! Please use the kind of magical encryption that law enforcement can read, but hackers cannot read.
If it doesn’t exist it can be invented. Or if not invented, it could at least be patented, which is just as valuable in court as being actually invented.
Re: Legislators need practical explanations
Or, the government could not use the internet for such things. Regarding email, a dialup based network would be more than sufficient for sending plain text types of messages (encrypted of course.)
Exemptions
Every time the government proposes banning strong encryption it always includes exemptions for itself and those it favors. (Funny, that, huh?) For example, when Hillary’s husband Bill Clinton was pushing for it while he was president, he wanted to exempt the government and bankers, among others. When asked why bankers should be exempted he replied “because bankers are good citizens”, as opposed to the rest of us outside the government.
End to End encryption is designed to protect the emails in transit, and on external servers. Would the DNC have kept the emails encrypted with the end to end encryption, and if they did, would they have kept the keys under control, given multiple people requiring access to many of the emails. It is not designed to protect drafts, or contents copied into other documents. What the DNC needed was proper whole disk encryption to help protect all their data from hacking of their machines. Security is hard, and it is easy to solve the wrong problem.
Re: Re:
Security is hard, but people mostly grow them there low-hanging fruit trees. (Attackers with a specific target in mind, of course, would just try harder.)
Disk encryption could be a thing, but I’m thinking that there isn’t really a good argument for encryption-friendliness here. But sometimes bad arguments are what you need to influence morons.
The worst end result may also be the one most likely to occur. The security of some communications may become more equal than others. Law enforcement backdoors for the public. Secure end-to-end encryption for their representatives.
I guarantee that’s what their position will be, they’re so disconnected from common sense and the people that our security is barely a passing thought. We’re seen as the enemy that they need to be protected from so they need good encryption to keep us out but all we should allowed to have is backdoored encryption at best so they can see everything we do.
‘allowing the FBI to break into computers all over the world’
and exactly what is gonna be done and said when another country finds out what the USA, yet again, has been up to? why should it have the audacity to even think that it has the right to do anything outside of the USA when it shouldn’t be allowed to pull shit like this INSIDE the USA!! and as for Feinstein, she ought to wind her neck in and try learning about stuff before she spouts off! being on a committee whilst knowing fuck all is one thing, she can/could rely on others but being a bit on the dim side concerning security and how it totally obliterates freedom and privacy rather than enhancing it, especially in a country that still keeps trying to tell the rest of the World that it is a democracy, is quite pathetic!!
Unfortunately, there’s a very good chance the wrong lessons will be learned from this experience.
This is politics! no lessons are to be learned… Just Opportunities to be Exploited!
Government has decided NOT to ban encryption!
The government has decided it should not ban encryption.
Banning encryption would make us all less safe.
Instead, the government has invested effort in developing the strongest possible encryption key. The strength of this key will keep us all safe.
Everyone must begin using this encryption key immediately.
People who refuse are obviously up to no good.
Will DNC Email Hacking Make Legislators More Friendly To Encryption?
lolno
Re: Will DNC Email Hacking Make Legislators More Friendly To Encryption?
Oops, hit enter too soon. When can I delete my comments, Techdirt?
This was supposed to say, they’ll just make the CFAA even more onerous in response. Politicians will never pass up an opportunity to make enforcement stronger when faced with the alternative of expanding freedoms.
DOD Policy
I remember many years ago when the US Air Force sent out a policy letter stating do not use encrypted email due to server issues. And that it would slow down the world
Power vs peons
Those in power have repeatedly demonstrated that they think the laws and rules should only apply to the peons…I mean the people they govern. This won’t be any different than running a private email server to get around disclosure laws, releasing classified information to further an agenda, etc..
Some people believe in different rules for the governing and the governed. Guess they forget who they’re supposed to be working for.
Spoilers
No.