Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Businesses Communications Network Networking Privacy Security The Courts United States Wireless Networking News Apple Technology Your Rights Online

Feinstein-Burr Encryption Legislation Is Dead In The Water (slashdot.org) 123

An anonymous reader writes from a report via Reuters: After the San Bernardino terrorist attack, key U.S. lawmakers pledged to require technology companies to give law enforcement agencies a "back door" to encrypted communications and electronic devices. Now, the push for legislation is dead only months after the terrorist attack. In April, Senators Richard Burr and Dianne Feinstein released the official version of their anti-encryption bill with hopes for it to pass through Congress. But with the lack of White House support for the legislation as well as the high-profile court case between Apple and the Justice Department, the legislation will likely not be introduced this year, and even if it were, it would stand no chance of advancing, said sources familiar with the matter. "The short life of the push for legislation illustrates the intractable nature of the debate over digital surveillance and encryption, which has been raging in one form or another since the 1990s," reports Reuters. Technology companies believe security would be undermined if it were to create a "back door" for law enforcement, while law enforcement agencies believe they need to monitor phone calls, emails, text messages and encrypted data in general for security purposes.
This discussion has been archived. No new comments can be posted.

Feinstein-Burr Encryption Legislation Is Dead In The Water

Comments Filter:
  • Good (Score:5, Insightful)

    by MAXOMENOS ( 9802 ) <mike@mikesmithforor e g o n . c om> on Friday May 27, 2016 @08:47PM (#52199469) Homepage

    It was stupid legislation crafted by profoundly ignorant people.

    • Re:Good (Score:5, Insightful)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday May 27, 2016 @08:57PM (#52199505) Homepage Journal

      It was stupid legislation crafted by profoundly ignorant people.

      You misspelled "malicious" there, sport. Both of these winners have been a cancer on The People from the beginning.

      • Re:Good (Score:5, Informative)

        by MrKaos ( 858439 ) on Friday May 27, 2016 @10:36PM (#52199801) Journal

        It was stupid legislation crafted by profoundly ignorant people.

        You misspelled "malicious" there, sport. Both of these winners have been a cancer on The People from the beginning.

        Malicious indeed dp, according to the draft of the Bill [scribd.com] if it had passed so too would the meta-data rentention provisions casually obscured in the definition of "DATA" in Sec 4.5 to include "COMMUNICATIONS IDENTIFYING INFORMATION" defined in Sec 4.1.A-C.

        Section 4.1 defined that to be "dialing, routing, adressing, switching, signaling, processing, transmitting and other data that", (A) was *not* the contents of the communication, (B) identifies the origin, destination, time, date, duration, termination or status of each communication generated, received or controlled by a user and (C - here is the kick in the balls) includes (C.i) public, local and source addressing including (C.i.I) local and public IP address, (C.i.II) static or dynamic ports. (C.ii) MAC, IMIE and network service identifiers used by each party, (C.iii) Service address identifiers used by each party (C.iv) QOS, packet size (C.v) all co-ordinated to UTC.

        I doubt this is the last you have seen of an attempt to pass a meta-data retention Bill as there were simply no discussion about these provisions in this bill that I saw.

    • You are a HUGE part of this problem because you think about things like this.
      They are not ignorant. They know exactly what they are doing and also how it looks to you. That is their job. That is their purpose in life.
      You need to sit down and have a long, long think.
      Who is pressuring the government to be the hand that intercepts all communications and why? What is really done with this data? Who really has access to it? What are the possibilities of what could happen if a malicious and powerful entity had ac

      • Whoah there buddy.
        I'm going to agree with the OP.
        The government on the whole is ignorant about tech. They're very "I'm an ideas man" kind of people, which is code for, "I can say stuff without having to think the consequences through".
        They think you can open up encryption safely without the "bad guys" getting to it, and they also think that law enforcement is on whole the "good guys".

        Counter point : You are a HUGE Part of the problem because you make everybody resisting well meaning but ultimately stup
      • by Anonymous Coward

        This right here is my biggest concern. If OPM could get hacked multiple times, leaking the names of who worked for what, then a server farm somewhere can likely get breached which holds this data. Even with security, if someone wanted that data badly enough, they could use the OPM disclosure, and put the thumbscrews on an employee who might have access it (or their family) for access, XKCD, $5 wrench style.

        Ultimately, this is where I step away from the "I have nothing to hide" crowd. Legit LEOs are one t

  • by Anonymous Coward on Friday May 27, 2016 @08:54PM (#52199497)

    You had to read all the way to the last sentence of the article to get to the actual reason:

    They also said there was reluctance to take on the tech industry in an election year.

    • And perhaps the unspoken reason is that there are enough politicians that fear their own vulnerability with back doors. It's a two-way street.
  • I legitimately believe that government organizations want to monitor my conversations for security. However I don't believe it's for MY security.
  • by He Who Has No Name ( 768306 ) on Friday May 27, 2016 @09:37PM (#52199609)

    She's corrupt and senile and completely off in la-la land. Time for her to retire somewhere she can yell at clouds and grumble about not being able to divert federal contracts to her husband or wipe her ass with the Bill of Rights anymore.

  • by Mal-2 ( 675116 ) on Friday May 27, 2016 @09:40PM (#52199621) Homepage Journal

    The recurring problem is that this can be shot down this year, and next year, and the year after that... but they only have to succeed once, and then we're all stuck with it. Add to that the fact that they can just tack it on to a budget bill [wired.com] and seriously, how are we supposed to stop these things from happening? The attack mode on any Congressman who votes against the budget bill is incredibly scathing, no matter what their justification for doing so, and again, that little problem remains that freedom has to win every battle, while the police state only has to win one.

    • which is why we need to simplify legislation in general to say 50 pages max. No more 2000+ page pieces of shit that nobody can understand with buried crap that slips by without review. These fucking idiots in Congress don't read legislation anyway but if it's at least small enough they can't sneak shit like this onto a bill.

      • which is why we need to simplify legislation in general to say 50 pages max.

        And require that all legislation to have a sunset provision with a maximum of 4 years before needing to be re-voted on.

      • The larger problem is Americans don't vote in numbers high enough to retain control of their government, as they do in Europe or Australia. Also, Americans are astonishingly ignorant, so it makes us easy to manipulate. I don't see how we fix this country until we fix these two problems.
    • Re: (Score:2, Flamebait)

      by wierd_w ( 1375923 )

      I see you are observing the "dildo legislation" I have harped about in the past.

      https://yro.slashdot.org/comme... [slashdot.org]

      https://yro.slashdot.org/comme... [slashdot.org]

      Well, here it is, a few years later-- and we have a dildo up all our collective asses (TPP), because after 4 consecutive attempts and being told no each and every time, they decided behind closed doors that we really meant yes, and just jammed it in without even asking.

      Expect the same kind of shit with Feinstein and her fetish for backdooring everything and everyo

  • If Congress was going to spend what little common sense it possesses on something - this was a good choice.

  • It's just resting

    It is a zombie bill that will never die. In fact, SCO will die first.

  • What debate? (Score:4, Interesting)

    by Snotnose ( 212196 ) on Friday May 27, 2016 @10:09PM (#52199711)
    It was extremely stupid legislation by smart people who tend to be driven more by knee jerk reactions than measured thought. Or is that potential campaign contributions over measured thought, I've kinda lost track by now.
    • by tom229 ( 1640685 )
      The debate over whether, with a warrant, asking tech companies to break into their devices is covered by the 4th amendment or is something new. What the article above is talking about I have no idea. This bill, and this debate, has nothing to do with encryption or government backdoors. Before you respond, I'd encourage you, and everyone in this thread, to actually read it.
  • At the very least not one where only YOUR government will have the key to that backdoor. We're talking about something here that is valuable. James-Bond-Evil-Genius-Wants-To-Have-It valuable. Every government on this planet would want to have it. We're talking about nothing short of being able to decrypt ALL secret communication. From government secrets to trade secrets. Every single government on this planet will be after those keys. And they have deep pockets to bribe those who have them.

    Not to mention th

    • Anyone with access to such keys would be subject to blackmail, extortion, and murder. And do you think other governments are just going to sit by while the U.S. holds the only decryption key? They will pass their own back door legislation, so every time I send an email with S/MIME it's encrypted to more than 200 state-owned keys, any one of which could be compromised at any time to decrypt my message.
    • by tom229 ( 1640685 )
      Is that what the bill was about? Really? Did you even read it? Assumption is the mother of all fuckups you know.
      • Oh, I'm sorry, did they change the wording from the last 10 times they tried to push that bullshit?

        Color me surprised, they actually learned listened and learned? Sorry, I honestly didn't deem this possible.

        • by tom229 ( 1640685 )
          I'm not sure what version of the bill you're angry about. The only one I've seen mentions nothing about backdoors, or encryption. In fact, it explicitly states:

          Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.

          You've swallowed the hyperbole, like so many. There is a very disturbing misinformation campaign surrounding this whole Apple business. You'd be wise to make no assumptions and verify everything. And please, pass it along. The "good guys" usually aren't who they appear to be, and it's always the punch you don't see coming that gets you.

          • You mean like a law proposal being tossed into the voting bin again and again 'til finally at some point nobody's looking and it gets approved?

            • by tom229 ( 1640685 )
              That's twice now you've resorted to angry hyperbole while addressing nothing of what I've said. You've clearly made up your mind on emotion rather than objective analysis of evidence. I'll just assume victory and move on now.
          • by LiENUS ( 207736 )

            I'm not sure what version of the bill you're angry about. The only one I've seen mentions nothing about backdoors, or encryption. In fact, it explicitly states:

            That line just means that they don't have to build in a backdoor to the governments specifications. It doesn't mean that they don't have to put in a backdoor.

            (2), a covered entity that receives a court order from
            8 a government for information or data shall—
            9 (A) provide such information or data to
            10 such government in an intelligible format; or
            11 (B) provide such technical assistance as is
            12 necessary to obtain such information or data in
            13 an intelligible format or to achieve the purpose
            14 of the court order.

            How would a covered entity provide the information in an intelligible format without a backdoor?
            They must provide the data in an intelligible format or provide technical assistance master key) to the government to obtain the information in an intelligible format. That's a backdoor.

            • by tom229 ( 1640685 )
              OK, so the government cant tell you how to design your products. You don't deny that. Now I design a phone that is secured with 256 bit encryption, strong ciphers, and forces strong password (alpha numeric 8 digit). I can't break this, you can't break this, no one can. It's math. How is the government going to take me to court and sue me over "shall" when they explicitly state they can't define how I design my software? My software is unbreakable. They can certainly pay me to try to brute force it (the bill
              • by LiENUS ( 207736 )

                Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.

                Pay attention to the bolded part. It doesn't require a specific design but it does require you to be able to provide it in an intelligible format. A warrant is going to specify a time frame, fail to do it and you run afoul of the law and face contempt of court. It's pretty easy to read the law.

                • by LiENUS ( 207736 )

                  Let's take it a step further. What does Dianne Feinstein say about this bill?
                  Source: http://www.feinstein.senate.gov/public/index.cfm/press-releases?ID=EA927EA1-E098-4E62-8E61-DF55CBAC1649/ [senate.gov]

                  The government cannot require or prohibit any specific design or operating system for any covered entity to use in complying with a court order.

                  She explicitely says the restriction you refer to only refers to the system used in complying with a court order. Not that you can avoid complying with it if your encryption doesn't allow you to, but that

                  Covered entities are responsible only for the information or data that they (or another party on their behalf) have made unintelligible.

                  they just can't be told how they have to comply.

                  Pretty simple, from the words of dianne herself. Or are you going to

                  • by tom229 ( 1640685 )
                    Thanks for the link. I'll admit there is one part of the bill that I must have initially glossed over that is quite troubling:

                    Certain communication service providers that distribute licenses for a covered entity’s products and services also must ensure that these products and services are capable of providing information or data in an intelligible format.

                    This is much more troubling as it would suggest telecoms can't sell devices that use strong encryption. While this is still far from mandating a government only backdoor, if the intent of the bill is to effectively outlaw strong encryption I would vehemently oppose it. This would be a blatent violation of the right to free speech and the 4th amendment.

                    I will submit that you are rig

  • U.S. lawmakers pledged to require technology companies to give law enforcement agencies a "back door" to encrypted communications and electronic devices.

    I curious whether any of these tech "news" sites actually read the bill or even understand its intention beyond the hyperbole. The above would suggest they don't. Here's an excerpt from the actual bill:

    to uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data; [...] Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.

    This bill was about establishing a legal framework to get tech companies to follow court orders. It has nothing to do with encryption. The bill even explicitly states they cannot mandate that software be designed a certain way. So design your products so they are secured in a decentralized way so even you can

    • by LiENUS ( 207736 )

      This bill was about establishing a legal framework to get tech companies to follow court orders. It has nothing to do with encryption. The bill even explicitly states they cannot mandate that software be designed a certain way. So design your products so they are secured in a decentralized way so even you can't get into them and you're fine. Design your products so theyre breakable and highly centralized like Apple and you might have to share the punch. This is completely reasonable. If breaking into iphones is possible, why should apple have the exclusive privilege to do so? And why all the misinformation and hyperbole? This has all been very very strange. It screams of an Apple propaganda campaign more than any real reasoned debate over what will be an important issue in the future.

      The bill clearly says a covered entity receiving a court order shall (ust) provide such information or data to the government in an intelligible format; or provide such technical assistance as is necescary to obtain such information or data in an intelligible format to achieve the purpose of the court order.

      (2), a covered entity that receives a court order from
      8 a government for information or data shall—
      9 (A) provide such information or data to
      10 such government in an intelligible format; or
      11 (B) provide such technical assistance as is
      12 necessary to obtain such information or data in
      13 an intelligible format or to achieve the purpose
      14 of the court order.

      Note, nowhere does it say that they shall do it if possible. It says absolutely they shall provide that information or assistance.
      That would absolutely require a backdoor. Try reading the actual bill. It

      • by tom229 ( 1640685 )
        I have read it. Did you even ready my comment? Your concern over the implications of "shall" a surely addressed later in the bill.

        Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.

        Nothing in this act is surely clearer language than "shall". If your argument is an entity could be sued for not adhering to the "shall", this clause specifically forbidding a "specific design or operating system be adopted" would surely take precedence over any subtle implications you think "shall" would have. This clause is actually explicit, whereas the term "shall" certainly

  • Dear Government: Please GET IT THROUGH YOUR THICK, NARCISSISTIC HEADS: STOP giving terrorists reason for terror. Police Corporations for THEIR wrongs, which cause all but the shareholders to hate them. DO YOUR JOB RIGHT and you will not need to become 'Big Brother'; you will not need to hack into anyones' anything - phone, PC, PDA, whatever.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (1) Gee, I wish we hadn't backed down on 'noalias'.

Working...