Tech Experts Condemn Proposed Law Targeting Encryption
Lucy Nicholson / Reuters
Technologists and policy experts wasted little time bashing soon-to-be-released encryption legislation, a draft of which appeared to have been published online and circulated late Thursday night.
The preliminary version of the bill — the authenticity of which has yet to be confirmed by its congressional co-sponsors — aims to resolve what the FBI and Justice Department have deemed the "going dark" crisis by restricting the types of robust encryption that companies like Apple, Google, and WhatsApp offer to their customers.
Senators Dianne Feinstein and Richard Burr did not immediately respond to a request for comment early Friday morning.
The "Compliance with Court Orders Act of 2016" would require any American messaging app or device manufacturer to hand over plain-text communications in response to a judge's order.
The legislation does not propose how companies might workaround their own encryption in order to give readable messages to law enforcement, it states only that they must do so.
A draft of the proposal states that "a covered entity that receives a court order from a government for information or data shall provide such information or data in an intelligible format."
In the instance that companies can't defeat their own security features, they must "provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order."
For businesses that provide the type of strong encryption where only intended recipients can read a message (and in which the company itself does not have access to the secure communications) the bill poses an unprecedented challenge. The bill's critics — many of whom have rejected the proposal as unworkable and wrongheaded — say that seems to be precisely the point.
"Let's be really clear: the Feinstein/Burr bill outlaws the technologies that keep your data most secure, and/or require backdoors into them," wrote Kevin Bankston, the director of New America's Open Technology Institute.
"I could spend all night listing the various ways that Feinstein-Burr is flawed & dangerous. But let's just say, 'in every way possible,'" wrote Matt Blaze, a computer science professor at the University of Pennsylvania, who also played a key role in the Clinton-era policy debates around encryption.
For years, law enforcement officials have been warning policy-makers of the potential challenges posed by widespread encryption. When speaking to Congress and to the public, FBI Director James Comey has shared his concerns over terrorists and criminals being able to conspire without fear of government eavesdropping.
Comey has been a vocal advocate for altering the types of encryption American companies offer, favoring older security protocols that allow firms to decrypt or recover the data of their customers. However, he has been careful to say that he does not wish to dictate the design specifications for communication services.
"The government doesn't want a backdoor," Comey said in a recent Congressional hearing. "The government hopes to get to a place, where if a judge issues an order, the company figures out how to supply that information to the judge, and figures out on its own what would be the best way to do that. The government shouldn't be telling people how to operate their systems"
While Feinstein and Burr can count Comey as an ally, along with the Justice Department and state and local police departments, Washington's appetite for controversial encryption legislation in an election year remains uncertain.
What's more, several lawmakers in both parties and in both chambers in Congress have recently committed to studying the encryption debate further, before forming any new, reactionary policies. Beyond that, some members have pledged to oppose any encryption-weakening legislation, including Senator Ron Wyden and Ted Lieu.
Proponents of robust consumer encryption argue that the technology is vital to national security and to protecting the public from hackers, identity thieves, and sophisticated cyber attacks. Any effort to restrict the security products offered by U.S. companies would also jeopardize their business prospects, they say, as foreign firms would be free to offer superior encryption.
Privacy-minded lawmakers and cryptologists have also emphasized that such proposals would encourage criminals to seek secure messaging from foreign providers, leaving law enforcement with fewer leads and the American public with with more vulnerable technology.
The appearance of the draft legislation comes after a high-profile legal battle between Apple and the FBI. Following the recovery of a locked iPhone used by the man behind the San Bernardino terrorist attack, the U.S. government urged a federal judge to force Apple to design new security-suppressing software that would help FBI technicians access the phone's encrypted data.
The Justice Department eventually called off the legal dispute after the FBI found a way into the device. But the larger battle over encryption and special access for law enforcement remains unresolved. Disagreement over the bill and the legal obligations of technology companies to assist with government surveillance may very well intensify the debate.
via BuzzFeed - Tech http://ift.tt/1SUlKs2
Put the internet to work for you.
No comments: