Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Encryption Government United States

Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com) 87

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.

Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.

Lawmakers Move To Block Government From Ordering Digital 'Back Doors'

Comments Filter:
  • Finally! (Score:5, Insightful)

    by DaMattster ( 977781 ) on Thursday May 10, 2018 @04:16PM (#56590706)
    Finally some good is being done. This will put the kibosh on the issue for good and silence federal law enforcement. No good comes from weakening encryption or building in back doors; quite the opposite. It's not a matter of if but when the backdoors get discovered and become used for nefarious purposes. I am glad this has bipartisan support, and since it does, the likelihood of it getting passed is that much stronger. We don't need to live in any more of a surveillance state than we already do. It's one thing if the FBI or whatever other LEO agency discovers a vulnerability and exploits it. Hey this does happen. It's a whole other thing to have secret back doors built in. No! Just no!
    • Re:Finally! (Score:5, Interesting)

      by Notabadguy ( 961343 ) on Thursday May 10, 2018 @04:20PM (#56590726)

      Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?

      • Re:Finally! (Score:5, Insightful)

        by ShanghaiBill ( 739463 ) on Thursday May 10, 2018 @05:18PM (#56591034)

        Which US enforcement agency do *you* think believes that the law applies to them?

        All of them. If this bill passes (unlikely), it will carry the full force of law. There is no way to "secretly" request/demand an illegal backdoor. If any tech company receives such a request, they can immediately publicize and sue. An NSL provides no protection for a blatantly illegal request.

        I know it is popular to be cynical about government secrecy and overreach on Slashdot, but to say that about this bill, which bans an inherently open action, is silly.

        • by AHuxley ( 892839 )
          The same full force of the law that allowed PRISM and all that private sector support for domestic collection from trusted US brands?
          • The same full force of the law that allowed PRISM and all that private sector support for domestic collection from trusted US brands?

            That is a silly analogy. PRISM is legal and secret. This would be illegal and public. The two situations couldn't be more different.

            • by AHuxley ( 892839 )
              Domestic collection should have stopped after the Church Committee https://en.wikipedia.org/wiki/... [wikipedia.org] ~ 1975...
              PRISM was the key to the OS, all big brand junk crypto that allowed full domestic collect it all.
              Another "public" law is not going to stop more domestic illegal collection after decades of illegal collection.
              Think of the contractors all over the USA with jobs and overtime to keep places the Room 641A https://en.wikipedia.org/wiki/... [wikipedia.org] collecting.
              • PRISM was not, and is not, illegal. "Illegal" doesn't mean "something I don't like". It means there is a specific law forbidding it.

      • Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?

        Yes, this is nothing but theater. If you look at the list of legislators' names, you'll see it's a few Democrats and some Republicans who are in districts that are expected to turn blue in November. Ted Poe from Texas is retiring.

        This bill will not get out of committee and will never come up for a vote. Since the Patriot Act, no party in power will ever give up a lever of power.

    • by Anonymous Coward

      Or push for immunity from prosecution when they DO illegally backdoor products, like they have been for 20+ years now (Go read up on the cisco and juniper backdoors, and I think a few of the smaller players too!)

    • by mysidia ( 191772 )

      I am in full agreement here. My hope for a while has been that the recent appearance of wrongdoing/malfeasance by FBI/DOJ LEADERSHIP politicizing investigations Or creating at least the idea of possible political bias and impropriety in the seemingly potential abuse of FBI/DOJ powers and resources by its leadership lying to the courts to "investigate" targets on the opposite political side has begun sewing seeds of distrust in the FBI within the Congress and within the executive ----- such that

      • by raymorris ( 2726007 ) on Thursday May 10, 2018 @05:04PM (#56590964) Journal

        Yes, this is a continuation of an effort that began when some in Congress thought that the FBI was lying to them about their efforts to force Apple to crack a phone.

        The reps who introduced this bill are:

        Rep. Zoe Lofgren (D-Calif.) introduced the legislation along with Reps. Ted Lieu (D-Calif.), Jerrold Nadler (D-N.Y.), Matt Gaetz (R-Fla.), Thomas Massie (R-Ky.) and Ted Poe (R-Texas).

        Reps involved starting in April were:
          Zoe Lofgren (D-Calif.), Darrell Issa (R-Calif.), Jerrold Nadler (D-N.Y.), Jim Sensenbrenner (R-Wis.), Ted Lieu (D-Calif.), Ted Poe (R-Texas), Jared Polis (D-Col.), Matt Gaetz (R-Fla.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio).

        • I wonder where Rand Paul is in that list? Conspicuously missing.
          • They've just now introduced the bill. There's no evidence they even mentioned it to Rand Paul yet. They should, and I'm sure they will.

            Rand Paul understands the issues around encryption and says clearly that weakening the encryption would not only be stupid, but have Constitutional issues as well.

            https://www.randpaul.com/news/... [randpaul.com]

            I thought Ron Paul was kinda kooky - I wondered if he was a Coast to Coast AM listener, but I like Rand Paul so far.

            • If it wasn't clear above, they just introduced this bill in House of Representatives. Rand Paul is a Senator. The bill has a long way to go before Paul would be looking at it.

            • Legislative bodies should have a few oddballs around to try to keep the rest more honest. It isn't necessarily good for the people they represent, but it helps the citizenry in general. I'm far from agreeing with Paul on a wide range of issues, but it's good that he's around.

    • Could it be that Congresscritters are finally starting to actually listen to their tech advisers? Is Hell freezing over?
      • by gweihir ( 88907 )

        Well, maybe. I think they are just more afraid of the Chinese spying than they are in love with domestic fasc^H^H^H^H law enforcement. So I don't think that they actually want to do anything good for the people, they are just afraid for themselves. That something actually sane may come out of this is pure coincidence.

      • by Desler ( 1608317 )

        Some were always listening, but this has next to zero chance of passing as long as Mcconnell is running the show in the Senate.

      • by Anonymous Coward

        No,
        This is congresscritters responding to their funders. This has jack shit to do wtih you, your privacy, law enforcement, or national security. This is all about unaccountable international corporations being unaccountable for what they do. Apple has signing keys. They can extract whatever they want. They've clearly caved to the Chinese.

      • Well.. not so much "listening to their tech advisers". If you actually read the bill, it implicitly requires backdoors be installed for any CALEA-approved or court-approved surveillance. It only means that *agencies* aren't authorized to demand such a thing on their own authority. But the legislation still requires tech companies to provide some means of circumventing customer security when government demands it.

    • by Anonymous Coward

      Cocaine Mitch won’t even let this get to the floor. Paul Ryan is also too busy eating out Ayn Rand’s rotting pussy to care either.

    • It won't really help, the lobbyist army will show up and swing the vote their way. The law enforcement unions are very powerful.

  • But the Cyber! (Score:4, Insightful)

    by Arkham ( 10779 ) on Thursday May 10, 2018 @04:44PM (#56590840)

    "The security aspect of cyber is very, very tough. And maybe, it's hardly doable."

    I know I personally feel great entrusting the security of the American people to a bunch of geriatrics who worry about "the cyber".

  • It's a start (Score:4, Interesting)

    by mysidia ( 191772 ) on Thursday May 10, 2018 @04:54PM (#56590906)

    I also want to see:

    1. Mandatory Disclosure of KNOWN security bugs in a consumer product by any governmental entity, First to the manufacturer for a designated "Fix" period, after which, all vulnerability details shall be available to the public through FOIA request.

    2. NO HORDING DEVICE OR SERVICE EXPLOITS: A security researcher, company, member of law enforcement, government, or any other party having accidentally, or intentionally: a successful defeat for a security measure on any common consumer product, OR public service must minimize the amount of proprietary or other users' data exposed during any proof of concept testing, and make minimal efforts to fully disclose their activities and all details of potential vulnerabilities to the operator of the service within 15 days of discovery, or they shall be deemed liable for holding means of fraudulent access with intent to commit a crime and fined the estimated value of the exploit not less than $10000 for a natural person, and not less than $100,000 for other persons.

    3. Prohibition against selling for a profit, importing, trafficking in, or incorporating PAID security exploits, PAID software, or COMMERCIAL devices that are designed with a specific built-in function to defeat security measures or intercept data by falsifying network or over-the-air signals or "impersonating" another device into a commercial product, or conducting security exploits in the course of business, except if the course of business is pentesting and the exploit is used in the course of business against ONLY systems fully owned by the customer within the scope of a security testing engagement, OR If the complete source code for all software and design specifications for all hardware and details of all exploits are disclosed to the public 30 days prior to the sale or release of the commercial product.

    4. Mandated Disclosures by MANUFACTURERS of the existence of ALL intentional security backdoors and remote means of access into any consumer or commercial smart phone, computer, appliance, or network device with criminal penalties for failing, AND public disclosure of any foreign governments or persons/organizations outside the manufacturer or outside the US that will have Access Credentials, Backdoor Access Procedures, Security Keys, or other Digital Signing or Decryption keys that are significant and could be used to exploit a device.

  • There aren't two. There aren't three.

    Focus on the ones you know about and the ones you don't know about are going to require backdoors anyway, and just make stuff happen to corporations that don't provide them.

  • by bagofbeans ( 567926 ) on Thursday May 10, 2018 @05:47PM (#56591198)

    Remember AT&T installed traffic monitoring equipment in their San Francisco switching office at the behest of the NSA?

    Illegal under FISA.

    In 2008 Bush signed the FISA Amendments Act which granted retroactive immunity to telecommunications companies for past violations of FISA.

  • by Anonymous Coward

    "FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a “back door.” "

    Is this guy serious? That IS the definition of a "back door". You can't demand/"recommend" that companies leave a gaping hole in their devices security with the sole intent to allow government officials/agencies to search said device and NOT call it a back door. It's somewhat disturbing that things have gotten so ba

  • FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door."

    This guy clearly has no idea what a back door is, cuz he wants one, but then he doesn't, in the same sentence.

    And we're entrusting these guys with sensitive national security secrets and such? Ouch.

    And knowing Congress, they'll find a way to mess this up.

  • No, seriously. The Federal government has had effectively zero capability to tell other companies how to design their products or how to build them, unless they were actively hurting people.

    The CPSC even has rules regarding this.

  • So the government is blocking the government?
    What a relief. Nothing to worry about here.

Usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ... inputdir

Working...