HideOnly 1 day left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideOnly 1 day left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

Share/E-mail This Story

Email This

This feature is only available to registered users. Register or sign in to use it.



Bill Introduced To Prevent Government Agencies From Demanding Encryption Backdoors

from the pushing-back-from-the-top-down dept

The FBI continues its push for a solution to its "going dark" problem. Joined by the DOJ, agency head Christopher Wray has suggested the only way forward is a legislative or judicial fix, gesturing vaguely to the thousands of locked phones the FBI has gathered. It's a disingenuous push, considering the tools available to the agency to crack locked devices and obtain the apparently juicy evidence hidden inside.

The FBI hasn't been honest in its efforts or its portrayal of the problem. Questions put to the FBI about its internal efforts to crack locked devices are still unanswered. The only "new" development isn't all that new: Ray Ozzie's "key escrow" proposal may tweak a few details but it's not that far removed in intent from the Clipper Chip that kicked off the first Crypto War. It's nothing more than another way to make device security worse, with the only beneficiary being the government.

The FBI's disingenuousness has not gone unnoticed. Efforts have been made over the last half-decade to push legislators towards mandating government access, but no one has been willing to give the FBI what it wants if it means making encryption less useful. A new bill [PDF], introduced by Zoe Lofgren, Thomas Massie, Ted Poe, Jerry Nadler, Ted Lieu, and Matt Gaetz would codify this resistance to government-mandated backdoors.

The two-page bill has sweeping safeguards that uphold security both for developers and users. As the bill says, “no agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.”

This bill would protect companies that make encrypted mobile phones, tablets, desktop and laptop computers, as well as developers of popular software for sending end-to-end encrypted messages, including Signal and WhatsApp, from being forced to alter their products in a way that would weaken the encryption. The bill also forbids the government from seeking a court order that would mandate such alterations. The lone exception is for wiretapping standards required under the 1994 Communications for Law Enforcement Act (CALEA), which itself specifically permits providers to offer end-to-end encryption of their services.

The Secure Data Act shouldn't be needed but the FBI and DOJ have forced the hand of legislators. Rather than take multiple hints dropped by the previous administration, the agencies have only increased the volume of their anti-encryption rhetoric in recent months. Maybe the agencies felt they'd have the ear of the current administration and Congressional majority, but investigations involving the president and his staff have pretty much killed any "law and order" leanings the party normally retains. This bill may see widespread bipartisan support simply because it appears to be sticking it to the Deep State. Whatever. We'll take it. Hopefully, this makes a short and direct trip to the Oval Office for a signature.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 15 May 2018 @ 11:49am

    ... and them too I suppose

    It's nothing more than another way to make device security worse, with the only beneficiary being the government.

    Oh not even close, the main beneficiaries would be the countless criminals who would be handed millions of peoples' data on a silver platter, for use and abuse. The various governments would be almost incidental beneficiaries, and vastly outnumbered by those without badges.

    reply to this | link to this | view in thread ]

  2. icon
    Ninja (profile), 15 May 2018 @ 1:53pm

    Re: ... and them too I suppose

    It all depends on the point of view. If you see this as an authoritarian, megalomaniac, voyeuristic asshole then it's all collateral damage. The government seems to be suffering with some sort of epidemic of those types.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, 15 May 2018 @ 2:21pm

    CALEA

    The lone exception is for wiretapping standards required under the 1994 Communications for Law Enforcement Act (CALEA)

    Reminder: the backdoors that were added to support CALEA have been abused by criminals in the past.

    reply to this | link to this | view in thread ]

  4. identicon
    any moose cow word, 15 May 2018 @ 3:34pm

    Anyone care to guess which US representatives just got added to the NSA watchlists?

    reply to this | link to this | view in thread ]

  5. identicon
    Personanongrata, 15 May 2018 @ 4:03pm

    Has the Horse Already Left the Barn?

    Bill Introduced To Prevent Government Agencies From Demanding Encryption Backdoors

    What if CIA/FBI/NSA (etal) had already gained access via baked in exploits that were coded/engineered into software/hardware during the design/build/debugging phases of development (some of which occurred decades ago)?

    Italicized/bold text below was excerpted from a report found at the website www.businessinsider.com titled - 14 cutting edge firms funded by the CIA:

    The Central Intelligence Agency has its own investment capital arm, and it's been pumping money into some of Silicon Valley's most innovative companies for years.

    http://www.businessinsider.com/companies-funded-by-cia-2016-9

    Italicized/bold text below was excerpted from a report found at the website www.nsa.gov titled - Technology Transfer at NSA: Moving Innovations from the Lab to the Marketplace:

    The Internet, Global Positioning Systems, Goodyear Tires … all of these products had their genesis in a federal government-sponsored lab before becoming widely available to the public. How does a technology move from a federal research facility to the commercial marketplace? At the National Security Agency (NSA), the NSA Technology Transfer Program (TTP) drives the transfer of technologies from lab to market.

    So how does the TTP transfer a technology developed for Government use to a commercial application? The TTP matches a company or entrepreneur with one or more of the 200 patented NSA technologies available for licensing. The program provides access to innovative NSA technology through a Patent License Agreement (PLA), which helps businesses achieve market advantage and differentiation — a crucial need in today's fast paced, competitive environment.

    https://www.nsa.gov/news-features/news-stories/2015/technology-transfer-at-nsa.shtml

    It alicized/bold text below was excerpted from a report found at the website techcrunch.com titled - NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users:

    The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept.

    A top-secret warrant renewal request issued by the GCHQ details the motivations behind infiltrating the products of such anti-virus companies.

    https://techcrunch.com/2015/06/22/nsa-has-reverse-engineered-popular-consumer-anti-virus- software-in-order-to-track-users/

    Italicized/bold text below was excerpted from a report found at the website www.zdnet.com titled US government pushed tech firms to hand over source code:

    The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We're not naming the person as they relayed information that is likely classified.

    With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing "most of the time."

    Top secret NSA documents leaked by whistleblower Edward Snowden, reported in German magazine Der Spiegel in late-2013, have suggested some hardware and software makers were compelled to hand over source code to assist in government surveillance.

    The NSA's catalog of implants and software backdoors suggest that some companies, including Dell, Huawei, and Juniper -- which was publicly linked to an "unauthorized" backdoor -- had their servers and firewall products targeted and attacked through various exploits. Other exploits were able to infiltrate firmware of hard drives manufactured by Western Digital, Seagate, Maxtor, and Samsung.

    https://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/

    Ita licized/bold text below was excerpted from a report found at the website www.theguardian.com titled - NSA Prism program taps in to user data of Apple, Google and others:

    Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

    It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

    The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

    With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

    https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

    This Bill is nothing more than another piece of feel-good token legislation.

    The horse left the barn decades ago.

    If congress had a spine and was truly concerned with the criminal conduct being carried out under the pitch dark cloak of official government secrecy (for our safety of course) it would move to immediately defund the criminals responsible for this dystopian surveillance state nightmare we all inhabit.

    reply to this | link to this | view in thread ]

  6. icon
    ECA (profile), 15 May 2018 @ 5:25pm

    Re: Has the Horse Already Left the Barn?

    1/2 smart..
    Lets see..
    MS had a Bot in the music program that lasted from 1998- 2005..and NO AV found it..
    NORTON, sends messages to the CORPS 2 weeks befor Consumers??
    AV companies HAVE TO KNOW/SEE/FIND a Virus before they can stop it..If no one mentions it, samples it..THEY CANT DO ANYTHING..
    (LOVE QUICK SCAN/NOT) easy trick for quick scan is to scan by DATE..and NOT the windows files..

    Easier to make Program BOT to watch you, as then if found can be re-installed..
    Once a hardware Bug is found, the person can kill the phone..
    THERE ARE 3 buttons in MANY PHONES...Off/ON/IM A POLICE AGENT...REALLY..
    Its how they can locate you in emergency by GPS on your phone, as LONG AS ITS LIVE/WORKING...Good battery..

    WHO here knows about the NO RING HARDWARE for the old phones?? You can Actually, call a number and it WONT RING, and listen to whats happening in the house..
    And if you want your name on a list...go find and buy this..

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 15 May 2018 @ 5:45pm

    Encryption backdoors cannot be enforced outside the United States.

    One other secession idea that would succeed more than any other is for New York City to secede from both the state of New York, and the United States, and becomes its own city state, like Singapore is.

    Internet services in the Republic Of New York would no longer be subject to United States laws, if this happened.

    The Republic Of New York, if it existed now, would be the 12th largest economy in the world, and would the infrastructure to allow Internet firms to relocate there, and be beyond the reach of the remaining United States.

    I could see Yahoo, Google, and other companies relocating there, if it happened, so that US laws, including SESTA and the DMCA, would no longer apply to them

    And the citizens of NYC would vote for it, if it were put to a vote, becuase NYC is heavily Democrat, while the rest of the state is Republican, so it could happen.

    This will also make SESTA unenforceable, as websites in the Republic Of New York would not be subject to United States laws. The United States Government would not be able to enforces its laws there.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 15 May 2018 @ 6:24pm

    Re:

    I thought that it was Texas, and only Texas, that legally was in a position to do that, even though it has been argued that it would not be allowed.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, 15 May 2018 @ 6:39pm

    Re: Re:

    There are all kinds of crazy secession movements going on now, including 4 different ones for California.

    California, for example, could join a Republic Of Northern Mexico, a Republic Of Pacific, join Washington and Oregon and be annexed to Canada, or become its own country.

    I think California will take one of those four paths, somewhere down the line. If it does not become its own country, it will becomes part of either Canada, the Republic Of Pacifica, or the Republic Of Northern Mexico.

    reply to this | link to this | view in thread ]

  10. identicon
    Thad, 16 May 2018 @ 10:00am

    Re: Has the Horse Already Left the Barn?

    ...you do know that Congress is made up of 535 people, right? It's not entirely fair to speak of them as if they're all the same, and the failure of Congress as a deliberative body to handle this issue correctly somehow indicates that the representatives currently trying to deal with it are insincere in their efforts.

    reply to this | link to this | view in thread ]

  11. icon
    ECA (profile), 16 May 2018 @ 11:56am

    Re: Re: Has the Horse Already Left the Barn?

    Thad,
    Yep, knew it..
    And wondered why we are paying them Equal to 360k per year for 1/2 years work..
    Then they have taken down so many Consumer laws its getting real bad out here.. We have 3 agencies responsible for the Food in this country, from Field to Store. And they have said they cant do it, they can only get to 8% per year. And how many food poisonings around the States??

    Im waiting for the absence of pollution laws to REALLY HIT..

    And with those 500+, you would think abit of common sense would be SOMEPLACE..

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 16 May 2018 @ 4:49pm

    Re:

    They already were being watched.

    reply to this | link to this | view in thread ]

  13. icon
    :Lobo Santo (profile), 17 May 2018 @ 12:50am

    More Better!

    Rather than a law, we should enshrine something like this into the United States Constitution via Amendment.

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, 17 May 2018 @ 2:05am

    Spam solutions checklist

    You guys should start compiling something like the old checklist of why ideas for fighting spam won't work.

    It'd be nice to be able to boil down articles to sarcastic "why this encryption idea is stupid" checklists.

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, 18 May 2018 @ 10:47am

    A bill like this isn't necessary. The fourth amendment already covers this.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.