A trio of Republicans propose new bill to end "warrant-proof" encryption

nanoguy

Posts: 486   +7
Staff member
The big picture: A group of Republican senators is making a new attempt to push legislation that would weaken the lawful use of encryption in devices and communication services, with the purported aim of giving law enforcement the upper hand against criminals and terrorists. As always, the proposal ignores the technical issues and is seen by pundits as a political posturing exercise that isn't likely to achieve anything.

Republican senators Marsha Blackburn (Tennessee), Tom Cotton (Arkansas), and Lindsey Graham (South Carolina) are proposing a new bill that seeks to deter companies from using so-called "warrant-proof" encryption. The bill is called the Lawful Access to Encrypted Data Act, and would give law enforcement the ability to ask for access to encrypted data on a device based on "probable cause that a crime has occurred, authorizing law enforcement to search and seize the data."

That's exactly how the current legislation works, but the new bill would go further and outright strip companies like Apple of their ability to build and provide encryption systems to consumers where they don't hold the keys themselves. The Attorney General would be allowed to ask companies about "their ability to comply with court orders, including timelines for implementation."

The new bill would also add incentives for tech companies to find creative ways of providing "lawful access" to encrypted devices and services, along with a grant program at the DOJ to train law enforcement on how to gather digital evidence.

In other words, the three Republican senators are once again asking for a backdoor to encryption, with the minor tweak that the Attorney General wouldn't be able to dictate how the backdoor should work. That would render services like WhatsApp, Telegram, Signal, and Apple Messages illegal, and represents a poor understanding of how end-to-end encryption works and its purpose -- just like that time when the US Attorney General argued for a backdoor to it in the middle of a cybersecurity conference.

Senator Graham noted that "terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations."

The problem with that statement is that companies like Microsoft, Google, Apple, and Facebook routinely release reports about their compliance with law enforcement requests, and they typically assist authorities where technically possible. The only way the new bill could work is known as the "Ghost Proposal," which means that companies would have to deceive their customers by creating the illusion of encryption and using "virtual" devices linked to your account to redirect unencrypted data to them.

Attorney General William Barr stated he remains "confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access."

In the end, the chances of this bill to be passed are slim, but it shows that the push and pull between governments and tech companies over the way encryption works is far from over.

Permalink to story.

 

Evernessince

Posts: 5,081   +5,316
"terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations."

For starters, this statement is simply not true. Big tech routinely provides access to user information upon request to the police and number of requests has drastically increased over the years..

That's mostly for data on the internet though. For data on a personal device, it should be clear for obvious reasons why companies do not use or build encryption methods where they could snap their fingers and access people's data. That's not security, that's a free for all buffet.
 

brucek

Posts: 388   +433
I'd like to ask the various government agencies about their abilities to comply with various lawful orders, not to mention ordinary laws and the constitution, as far as not abusing the data access they do have.

As far as I can see virtually every audit, investigation, or report on this topic finds overreach and abuse. How about we get all that cleaned up, restore some trust, and then talk about what level of access and for what makes sense.

The other lesson from history is that access we grant to fight terrorism or serious violent crime seems to quickly turned into access to fight anything, or the suspicion of anything, or full out flat data-mining of the entire population.
 

wiyosaya

Posts: 5,243   +3,335
"terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations."

For starters, this statement is simply not true. Big tech routinely provides access to user information upon request to the police and number of requests has drastically increased over the years..

That's mostly for data on the internet though. For data on a personal device, it should be clear for obvious reasons why companies do not use or build encryption methods where they could snap their fingers and access people's data. That's not security, that's a free for all buffet.
Unfortunately, people like Graham have learned that they can tell all they lies they want and those who support them will swallow it like was the truth spoken by their god.
 

grumblguts

Posts: 295   +251
Honestly if its for good what is the problem.
Imagine a crime going unsolved because his device is locked.
Only in the important cases like murder or terror should they be able to unlock a phone.
Petty crime or drugs or robbery no.
murder child safety or terror yes.
 

wiyosaya

Posts: 5,243   +3,335
Honestly if its for good what is the problem.
Imagine a crime going unsolved because his device is locked.
Only in the important cases like murder or terror should they be able to unlock a phone.
Petty crime or drugs or robbery no.
murder child safety or terror yes.
So, would you gladly give the keys to your domicile to the authorities so they can make sure you are not hiding something you should not have? What about your car? Perhaps your locker at your gym?

Any hole opened will draw the attention of hackers or even worse and it will be exploited.
 
  • Like
Reactions: dangh

Danny101

Posts: 1,318   +526
The only thing I could think of to remediate this issue is to have a required high-level of probable cause, meaning no cop on the beat can have probable cause for access. They would have to prove a need to an appeals court. Then it would be a felony for the suspect to not provide access. How felonious? I don't know. Still working on the template in my mind. Severity could depend on the injury alleged. Good template? No? I don't know. Bad idea? Still seems problematic anyway you slice it.
 
Last edited:

grumblguts

Posts: 295   +251
So, would you gladly give the keys to your domicile to the authorities so they can make sure you are not hiding something you should not have? What about your car? Perhaps your locker at your gym?

Any hole opened will draw the attention of hackers or even worse and it will be exploited.
I dont mind because I have nothing to hide.
Its only the people who have something to hide that do the complaining.
 

grumblguts

Posts: 295   +251
If the process to gain access to such powers is protected to fit a criteria before being granted so it cant be abused and the process to determine when and why you have the access be subject to the people what is the problem.
Im sure no one here wouldnt mind the police having access to a terrorist phone.
So long as you protect the people by making it hard to gain access where is the problem.
 

franticfrosty

Posts: 7   +19
I dont mind because I have nothing to hide.
Its only the people who have something to hide that do the complaining.
Ah that's right, I'm sure you'll be fine if we take a look at your significant others files including nudes or how about a relatives nudes, How about what sites you access we'll ask your significant other if they recognise what you look at... Lets look at everything you do online with a fine comb, If you have nothing to hide it'll be fine, You've already accepted allowing me access anyways cant complain about what I'm gonna look at or how I'm gonna use what I find.
 

wiyosaya

Posts: 5,243   +3,335
I dont mind because I have nothing to hide.
Its only the people who have something to hide that do the complaining.
So you do not mind if hackers gain access to your phone, your private data, steal your identity, empty your bank account, and then leave you holding the bag?

And it seems that you would not mind having "law enforcement" access your home when you keep cash, credit cards, computers and other things there that contain information that, if it falls into the wrong hands, could lead to the same things, I.e., stealing your identity and emptying your bank account. "Law enforcement" is always trustworthy, right? Even if they are, it does not mean that through a breach in "law enforcement's" security the same things would not happen.

Oh, I suppose you would petition for redress from the government. But wait, the government mandated that law so they would be responsible. Where in the bill does it say that government can be charged if the back door is accessed by unauthorized persons?

It is not about having nothing to hide. It is about keeping information that only you should have access to private.

Deliberate holes like these in the security of any electronic device would be targets for hackers - there is no way to keep them safe when the presence of a back door is advertised to everyone such as it would be if a law like this were passed.
 

Evernessince

Posts: 5,081   +5,316
Honestly if its for good what is the problem.
Imagine a crime going unsolved because his device is locked.
Only in the important cases like murder or terror should they be able to unlock a phone.
Petty crime or drugs or robbery no.
murder child safety or terror yes.
The world isn't as simple as "is it for good" unfortunately. Human nature dictates that any system that can be abused will be. The more latitude you give a certain group of people over another, the higher probability that a greater number of those in said group will abuse the additional power. This applies to kings, presidents, police, ect. This is why, unfortunately, good intentions can turn into a very bad thing.
 

brucek

Posts: 388   +433
I dont mind because I have nothing to hide.
Its only the people who have something to hide that do the complaining.
Please get smarter about this. It's not about only your data and what your data actually says. Here are just 3 of the big problems with unchecked mass surveillance that should be a big concern even to the most innocent of citizens:

1. As an innocent ordinary citizen, you're right that you're not the first target for abuse by those who control the spy system. The first targets are the elected representatives, the judges, the journalists, the CEOs, the influencers, or anyone else in a position of power that is a threat to the spymasters. There's a reason for the saying "knowledge is power." It's also true that while you may be completely pure, a non-trivial percentage of these targets may be subject to blackmail: perhaps they have the wrong sexual orientation; or they had an affair; or their finances are precarious -- and that's just legal behaviors. None of this is an abstract hypothetical possibility -- it is exactly how J. Edgar maintained control of the FBI for years later than he otherwise would/should have, and with considerably less spying firepower than the NSA has today. You may be pure but these systems are still very real threats for removing the power your voice, vote, and influence should otherwise have.

2. As a tech enthusiast, you'll be familiar with bugs. High volume mass market products that operate in the open have them. You can bet that singular one-off top secret illegal clandestine spying systems have more. Many more. The fact that you believe you have nothing to hide does not mean that the AI scanning the vast data warehouse of electronic signals agrees with you. Or maybe you really did once mis-dial a telephone number that belonged to someone who is two connections away from an actual terrorist. It'd be one thing if you could plead your side of the story, but remember these systems are secret. You, your children, your second cousin could be denied a government job, a visa, hassled at the border, or suffer any number of long-term problems you'll never even know about, all because some coder screwed up on a database query. Think the government could never be that incompetent? Remember for a long time there was a (secret) list that could deny you the right to board an airplane, on which the only data was first and last name. Share the same name as a suspected terrorist, and you were grounded. (Or be one, and be lucky enough so that the government clerk mis-typed your unfamiliar last name, and you're in the air.)

3. What is perfectly clean, legal, and "nothing to hide" could be a big problem a generation from now. Your religion, view point, origin, profession, skill, language, hobby, interest, or anything else could be scape-goated and persecuted in the future. Or again, a bug could say you are included in the persecuted class even if you aren't.
 
What else do you expect from a bunch of effing Republicans... They have only two agendas - put on a show for their gullible, ignorant, redneck base, and take from working people in order to give more to the rich. Yeah, it's pretty much that simple.
 

Evernessince

Posts: 5,081   +5,316
Please get smarter about this. It's not about only your data and what your data actually says. Here are just 3 of the big problems with unchecked mass surveillance that should be a big concern even to the most innocent of citizens:

1. As an innocent ordinary citizen, you're right that you're not the first target for abuse by those who control the spy system. The first targets are the elected representatives, the judges, the journalists, the CEOs, the influencers, or anyone else in a position of power that is a threat to the spymasters. There's a reason for the saying "knowledge is power." It's also true that while you may be completely pure, a non-trivial percentage of these targets may be subject to blackmail: perhaps they have the wrong sexual orientation; or they had an affair; or their finances are precarious -- and that's just legal behaviors. None of this is an abstract hypothetical possibility -- it is exactly how J. Edgar maintained control of the FBI for years later than he otherwise would/should have, and with considerably less spying firepower than the NSA has today. You may be pure but these systems are still very real threats for removing the power your voice, vote, and influence should otherwise have.
Case in point: J.Edgar Hoover

 

Reehahs

Posts: 886   +565
Have these people never had their identity stolen, got dox'd, or had stuff leaked that could potentially be incriminating?

Even an innocent photo of trying to feed the bloody cat it's worming pills can be ran scandalously by entities like PETA.
 

candle_86

Posts: 305   +220
A better goal would be to require defendants accused of a crime where evidence is stored to be held in contempt indefinitely until they surrender their encyption passcodes. This is already done in Europe, we could easily do it here, they key is evidence of wrong doing and a judge ordering it during a pre trial hearing.

However most terrorists are overseas and our laws won't matter over in Syria or Iran anyway.
 

Cubi Dorf

Posts: 202   +76
Problem is they can't make back door for police that is not also there for criminal to access. You could not doing shopping with credit or debit card without hacker be able to steal credit card. So if you do shop without cash then you do having something to hide.

I dont mind because I have nothing to hide.
Its only the people who have something to hide that do the complaining.
 
Last edited:
  • Like
Reactions: Impudicus

Bullwinkle M

Posts: 324   +206
Candle_86 says...
"A better goal would be to require defendants accused of a crime where evidence is stored to be held in contempt indefinitely until they surrender their encyption passcodes. This is already done in Europe, we could easily do it here"
-----------------------------------------------------------------

Hey, thats a great idea

We can lock up Republican senators Marsha Blackburn (Tennessee), Tom Cotton (Arkansas), Lindsey Graham, Hillary, Biden, Trump and every member of Congress until they give up the passwords to these thumb drives we keep finding

The drives were labelled "Federal crimes we committed this week"
"Why we commit Treason with impunity" "My Tax Crimes up to 2019" and "Hillary's deleted emails"

They are using non-backdoored (unbreakable) encryption and are clearly labelled
"Property of Lindsy Graham"
"Property of Joe Biden"
"Property of Donald Trump"
etc.

Lets Lock them ALL up until they suppy the passwords!

Lock Them Up!
Lock Them Up!
Lock Them Up!
Lock Them Up!
Lock Them Up!
 
  • Like
Reactions: Alfatawi Mendel

Impudicus

Posts: 215   +183
If the government has access, hackers will. Just wait for a data breach that gets all these stored encryption keys from a company. An inside job, a disgruntled employee just opens the door and poof, nothing is safe.
 

Alfatawi Mendel

Posts: 44   +95
My privacy isn't for sale.

Any tech company that doesn't stand up to these mongrels is not ever getting a dime from me.

The free market is ALWAYS right.
LOL.
What Privacy??
If you live in the US or UK, ALL of your personal data is traded (for hard cash)between various entities.
Including your personal health data, location data, financial data etc.
And the 'market' makes sure you personally don't see a penny of the £/$. billions.
The only difference between the regimes of China, Russia and the US/UK five eyes, is the vanishingly thin line of democratic accountability.
That accountability is what Cotton, Graham, and the free-marketeers want destroyed.