Leak of US Senate encryption bill prompts swift backlash

[Disir]

WASHINGTON: Security researchers and civil liberties advocates on Friday condemned draft legislation leaked from the U.S. Senate that would let judges order technology companies to assist law enforcement agencies in breaking into encrypted data.

The long-awaited bill is emerging just as the U.S. Justice Department redoubles its efforts to use the courts to force Apple to help unlock encrypted iPhones.

The Senate proposal is an attempt to resolve long-standing disagreements between the technology community, which believes strong encryption is essential to keep hackers and others from disrupting the Internet, and law enforcement officials worried about being unable to pry open encrypted devices and communications of criminal suspects.

But the draft bill, leaked online Thursday evening, was panned as an overly vague measure that added up to a ban on strong encryption.
Leak of US Senate encryption bill prompts swift backlash

Has any candidate firmly stated opposition?

 

[JakeStarkey]

Such legislation is trying to open a door to a far right wing reactionary and fascistic repression of speech and privacy.

 

[waltky]

Senate encryption bill not looked upon favorably...

Analysts Find Little to Like in Senate Encryption Measure
April 12, 2016 | WASHINGTON — One of the most anticipated pieces of cybersecurity legislation took a step forward late last week in the U.S. Congress, but most analysts have not been kind to the new measure. The Hill newspaper published a discussion draft of the bill from Senator Richard Burr (R-NC) and Senator Dianne Feinstein (D-CA), who head the Senate Select Committee on Intelligence.

Discussion drafts are often short on detail, this one only nine pages in length, but they provide valuable insights into the priorities of its authors and the key principles they seek to establish. The bill would require “covered entities”, including digital device manufacturers, software manufacturers, electronic communication services ... or "any person who provides a product” to comply with court orders seeking access to “information or data in an intelligible format” or assistance necessary to obtain such data. That could cover many thousands of individuals as well as private tech companies, and includes emails, texts, contacts or any other information stored and shared digitally, an expansive definition.

George Washington University Distinguished Research Professor in Computer Science Lance Hoffman, who founded the school's Cyberspace Security Policy and Research Institute, says "It’s way too vague, there's too few safeguards, and I don't think there's any consequences enumerated if a covered entity doesn’t follow the law." Hoffman says, "Worse though, is where it gets down to covered entities, well that could be anybody. It might even apply to any individual who happens to use an app that obscures data in any fashion." Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution says the bill "creates a generalized obligation for...covered entities...to preserve some ability to access communications. That’s sort of the formalized back door that Silicon Valley has always warned about.'

WhatsApp and Facebook app icons on a smartphone in New York. WhatsApp says it's now using a powerful form of encryption to protect the security of photos, videos, group chats and voice calls in addition to text messages sent by more than a billion users around the globe.​

Ross Schulman, senior counsel with New America’s Open Technology Institute says the bill mandates, "Thou shalt do this’, but doesn’t grapple with any of the difficult questions of how one actually goes about doing it." But Hennessey says the bill "preserves the kind of flexibility that legislation around technology needs to preserve." She told VOA the bill is tethered to responding to court orders and is not a limitless mandate, but a clarification of Congress' expectations regarding encryption. "This is in some respects what Apple and others have been calling for: a decision from Congress, not the FBI resorting to the All Writs Act. So Congress is saying: we have decided, and this is our expectation.," Hennessey says.

Schulman tells VOA the authors of the bill "didn’t do a whole lot of hard work to think about the implications. It would make illegal whole swathes of the infrastructure that we’ve painstakingly put in place over the last 25 years to make the Internet a secure place to live and do business." Hoffman adds, "There’s little doubt this bill would certainly inhibit innovation in the United States." "What I would say to members of Congress is first, do no harm. Don’t mess up something that's given the U.S. great advantages and continues to do so. What you really need is a solid risk analysis: an examination of the web’s architecture, it’s functioning, and the consequences of any new regulatory action," Hoffman told VOA. "If you change the Internet’s architecture, you might be able to build a stronger, more secure system, but it would be a lot less useful.

MORE

 

[waltky]

Gov't. tryin' to define boundaries on encryption...

US Government Both Supports Encryption and Seeks Limitations
April 14, 2016 - The recent announcement by mobile messaging service WhatsApp that it would begin offering end-to-end encryption made worldwide headlines. That's no surprise, given the app has approximately 1 billion users across the globe.

What was surprising, and mostly unnoticed, was the role the U.S. government ultimately played in making that happen, as well as the often messy ways different parts of the same government can be seen as working at cross-purposes. WhatsApp encryption uses a protocol known as Signal, originally developed for a stand-alone encryption app by Open Whisper Systems. The head of Open Whisper Systems, the pseudonymous "Moxie Marlinspike," worked to build a strong, shielded communication application. But sometime around 2012, funds began to dry up.

FBI Director James Comey has warned that spreading encryption on smartphones was "harmful" to law enforcement.​

Enter the Open Technology Fund, or OTF. It's a publicly funded incubator of digital security systems run by Radio Free Asia (a sister broadcaster of VOA; both are overseen by the Broadcasting Board of Governors, which operates its own anti-censorship and web circumvention efforts). OTF quickly saw the uses of Signal for journalists, human rights activists and others living under authoritarian rule. In 2013, OTF gave $455,000 to Marlinspike and Open Whisper Systems; later, in both 2014 and 2015, it funded Open Whisper with $900,000 each year, leading to a total of $2,255,000.

A man holds up his iPhone during a rally in support of data privacy outside an Apple store in San Francisco, Calif., Feb. 23, 2016. Protesters lashed out at a government order requiring Apple to help unlock an encrypted iPhone.​

"Clearly, Open Whisper Systems was a success," said Rohit Majahan, Radio Free Asia's head of public affairs. "It's very important for journalists and their sources, protecting the people they're talking to, as well as Internet rights advocates, human rights defenders and dissidents in countries around the world." So what's surprising about that? OTF's participation in helping build and distribute encryption tools like Signal came at the same time other parts of the U.S. government — notably the FBI — began actively warning that the spread of unbreakable encryption threatens to take U.S. national security into "a very dark place."

‘Unfree’ places

See also:

Microsoft Sues US Government Over Data Requests
April 14, 2016 — Microsoft has sued the U.S. government for the right to tell its customers when a federal agency is looking at their emails, the latest in a series of clashes over privacy between the technology industry and Washington.

The lawsuit, filed on Thursday in federal court in Seattle, argues that the government is violating the U.S. Constitution by preventing Microsoft from notifying thousands of customers about government requests for their emails and other documents. A U.S. Department of Justice spokesman declined to comment.

The Microsoft logo appears outside the Microsoft Visitor Center in Redmond, Washington, July 3, 2014. In a lawsuit filed April 14, 2016, Microsoft is suing the U.S. government over a federal law that lets authorities examine customers’ email online files without customers’ knowledge.​

The government's actions contravene the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, the suit argues, and Microsoft's First Amendment right to free speech. Microsoft's suit focuses on the storage of data on remote servers, rather than locally on people's computers, which Microsoft says has provided a new opening for the government to access electronic data.

Using the Electronic Communications Privacy Act (ECPA), the government is increasingly directing investigations at the parties that store data in the so-called cloud, Microsoft says in the lawsuit. The 30-year-old law has long drawn scrutiny from technology companies and privacy advocates who say it was written before the rise of the commercial Internet and is therefore outdated. "People do not give up their rights when they move their private information from physical storage to the cloud," Microsoft says in the lawsuit. It adds that the government "has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations."

Surveillance battle

 

[Wildman]

Such legislation is trying to open a door to a far right wing reactionary and fascistic repression of speech and privacy.

right wing.........? are you out of your mind or simply a lunatic ? if anything it has to be a liberfool concoction, they are the ones who want to know of and control everything a person does or says, some are traumatized by a written word!!!

 

[Manonthestreet]

What pretty lie of a title did they give this draft......to make the rubes believe they arent doing what they are.......like Affordable care act...love that one

 

[JakeStarkey]

Such legislation is trying to open a door to a far right wing reactionary and fascistic repression of speech and privacy.

right wing.........? are you out of your mind or simply a lunatic ? if anything it has to be a liberfool concoction, they are the ones who want to know of and control everything a person does or says, some are traumatized by a written word!!!

Nah, you have it backwards. The far right reactionaries believe in a powerful government when it comes to supposed security issues. If we cannot be secure in our 4th amendment protections without the government getting a warrant, we need to vote the government out.