Lawmakers Move To Block Government From Ordering Digital 'Back Doors' (thehill.com) 87
A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called "back doors" to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case.
Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.
Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door." The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms "design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product" by the government.
Finally! (Score:5, Insightful)
Re:Finally! (Score:5, Interesting)
Theater and smoke signals. Which US enforcement agency do *you* think believes that the law applies to them?
Re:Finally! (Score:5, Insightful)
Which US enforcement agency do *you* think believes that the law applies to them?
All of them. If this bill passes (unlikely), it will carry the full force of law. There is no way to "secretly" request/demand an illegal backdoor. If any tech company receives such a request, they can immediately publicize and sue. An NSL provides no protection for a blatantly illegal request.
I know it is popular to be cynical about government secrecy and overreach on Slashdot, but to say that about this bill, which bans an inherently open action, is silly.
Re:Finally! (Score:4, Informative)
Oh. but you are forgetting that the NSA, CIA and FBI all have their own definitions for words.
The only words that matter in court are the words in the law. This bill is written clearly, by lawyers. The head of the FBI, Christopher Wray, is a lawyer. He is not going to throw away his career and pension, and risk jail, by violating this law. If he verbally tells an agent to break the law, with a wink-wink, that agent will know full well than he will be thrown under the bus when it goes public. If any government official tries to do a "wink-wink" to a tech company, then that tech company can record any interaction with a government official performing official duties.
Also, the CIA and NSA have no law enforcement powers. Any request they issue would have to be enforced by some other agency.
Re: (Score:2, Interesting)
People are missing a few major points in this drama between privacy advocates and law enforcement officials. One. The government has been arguing their case in the public sphere and using the court system to make the rulings. Two. The privacy advocates are the ones who have staked out an absolute position and can envision no circumstance where violating someone's privacy should ever be allowed. There position doesn't even recognize a valid court order as being acceptable. They have even taken the position t
Re: (Score:2)
No, there's plenty of privacy advocates who are a lot more reasonable. A few have staked out an absolute position, but most are willing to see privacy breached with a warrant. What most privacy advocates don't want is deliberate security flaws built into their stuff, available to anyone who can manage to get a few secrets.
Re: (Score:1)
You do realize the NSA would scream "National Security"
The bill has no exemption for national security.
refuse to release any evidence, stonewall, and probably blackmail, extort and bribe any investigators/prosecutors.
The NSA has no leverage whatsoever to "blackmail" or "extort". Do you have any idea what the NSA is or what they do? They don't carry guns. They can't arrest or detain. They are a bunch of nerds with computers and stuff. They collect and analyze data.
it'd be handled in a FISA court.
I see. So you also have absolutely no idea what a "FISA court" is.
Re:Finally! (Score:5, Insightful)
The NSA has no leverage whatsoever to "blackmail" or "extort". Do you have any idea what the NSA is or what they do? They don't carry guns. They can't arrest or detain. They are a bunch of nerds with computers and stuff. They collect and analyze data.
"Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups! It sure would be bad if this came out right before election night, huh? It also appears your daughter in college has committed serious copyright violations for all those TV shows, movies, and somgs she's pirated...why, there's millions of dollars in fines and serious felony charges possible here! Let's hope some anonymous tipster doesn't alert authorities! Let's rethink this "backdoor prohibition" thing, hmm?"
"Data" is as good as a gun in destroying a person, especially one in public office. It just doesn't directly kill them physically.
Strat
Re: (Score:2)
"Gosh, Congressman! It seems your wife's sister is engaged to a guy whose brother is linked to terror groups!
1. You watch WAY too many movies. Can you cite even one single example of this sort of extortion actually happening in the last 40 years, by federal law enforcement, against a sitting congressman? Or anything even close to that?
2. Do you really think that a federal bureaucrat has so much of a PERSONAL commitment to getting backdoors, that they are willing to risk spending decades in prison for political extortion?
3. You are talking about Hollywood fantasy levels of corruption and extortion to prevent t
Re:Finally! (Score:5, Insightful)
Tell that to the people Hoover blackmailed while he headed the FBI, tell it to all those serving prison sentences because of "parallel construction" using illegally obtained data.
Twenty years ago you could claim that US TLAs capturing and storing data in bulk on US citizens in the domestic US was crazy-talk, but then Snowden proved that and more.
If you don't think they use the data they gather against key government officials and bureaucrats you're either a fool or playing political games.
Strat
Re: (Score:2)
Re: (Score:2)
The same full force of the law that allowed PRISM and all that private sector support for domestic collection from trusted US brands?
That is a silly analogy. PRISM is legal and secret. This would be illegal and public. The two situations couldn't be more different.
Re: (Score:2)
PRISM was the key to the OS, all big brand junk crypto that allowed full domestic collect it all.
Another "public" law is not going to stop more domestic illegal collection after decades of illegal collection.
Think of the contractors all over the USA with jobs and overtime to keep places the Room 641A https://en.wikipedia.org/wiki/... [wikipedia.org] collecting.
Re: (Score:2)
PRISM was not, and is not, illegal. "Illegal" doesn't mean "something I don't like". It means there is a specific law forbidding it.
Re: (Score:2)
Yes, this is nothing but theater. If you look at the list of legislators' names, you'll see it's a few Democrats and some Republicans who are in districts that are expected to turn blue in November. Ted Poe from Texas is retiring.
This bill will not get out of committee and will never come up for a vote. Since the Patriot Act, no party in power will ever give up a lever of power.
They'll just push to roll it back... (Score:2, Interesting)
Or push for immunity from prosecution when they DO illegally backdoor products, like they have been for 20+ years now (Go read up on the cisco and juniper backdoors, and I think a few of the smaller players too!)
Re: (Score:1)
I am in full agreement here. My hope for a while has been that the recent appearance of wrongdoing/malfeasance by FBI/DOJ LEADERSHIP politicizing investigations Or creating at least the idea of possible political bias and impropriety in the seemingly potential abuse of FBI/DOJ powers and resources by its leadership lying to the courts to "investigate" targets on the opposite political side has begun sewing seeds of distrust in the FBI within the Congress and within the executive ----- such that
That's part of what started this. Naming names (Score:5, Informative)
Yes, this is a continuation of an effort that began when some in Congress thought that the FBI was lying to them about their efforts to force Apple to crack a phone.
The reps who introduced this bill are:
Rep. Zoe Lofgren (D-Calif.) introduced the legislation along with Reps. Ted Lieu (D-Calif.), Jerrold Nadler (D-N.Y.), Matt Gaetz (R-Fla.), Thomas Massie (R-Ky.) and Ted Poe (R-Texas).
Reps involved starting in April were:
Zoe Lofgren (D-Calif.), Darrell Issa (R-Calif.), Jerrold Nadler (D-N.Y.), Jim Sensenbrenner (R-Wis.), Ted Lieu (D-Calif.), Ted Poe (R-Texas), Jared Polis (D-Col.), Matt Gaetz (R-Fla.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio).
Re: (Score:2)
Rand Paul been very clear he agrees (Score:2)
They've just now introduced the bill. There's no evidence they even mentioned it to Rand Paul yet. They should, and I'm sure they will.
Rand Paul understands the issues around encryption and says clearly that weakening the encryption would not only be stupid, but have Constitutional issues as well.
https://www.randpaul.com/news/... [randpaul.com]
I thought Ron Paul was kinda kooky - I wondered if he was a Coast to Coast AM listener, but I like Rand Paul so far.
PS: Rand Paul is a Senator. This is a house bill (Score:3)
If it wasn't clear above, they just introduced this bill in House of Representatives. Rand Paul is a Senator. The bill has a long way to go before Paul would be looking at it.
Re: (Score:2)
Legislative bodies should have a few oddballs around to try to keep the rest more honest. It isn't necessarily good for the people they represent, but it helps the citizenry in general. I'm far from agreeing with Paul on a wide range of issues, but it's good that he's around.
Re: (Score:2)
Re: (Score:2)
Well, maybe. I think they are just more afraid of the Chinese spying than they are in love with domestic fasc^H^H^H^H law enforcement. So I don't think that they actually want to do anything good for the people, they are just afraid for themselves. That something actually sane may come out of this is pure coincidence.
Re: (Score:2)
Some were always listening, but this has next to zero chance of passing as long as Mcconnell is running the show in the Senate.
Doing what they're paid for (Score:1)
No,
This is congresscritters responding to their funders. This has jack shit to do wtih you, your privacy, law enforcement, or national security. This is all about unaccountable international corporations being unaccountable for what they do. Apple has signing keys. They can extract whatever they want. They've clearly caved to the Chinese.
Re: (Score:2)
Good point! We should just allow an authoritarian police state to be formed instead!
Re: (Score:2)
Well.. not so much "listening to their tech advisers". If you actually read the bill, it implicitly requires backdoors be installed for any CALEA-approved or court-approved surveillance. It only means that *agencies* aren't authorized to demand such a thing on their own authority. But the legislation still requires tech companies to provide some means of circumventing customer security when government demands it.
Re: (Score:1)
Cocaine Mitch won’t even let this get to the floor. Paul Ryan is also too busy eating out Ayn Rand’s rotting pussy to care either.
Re: (Score:2)
It won't really help, the lobbyist army will show up and swing the vote their way. The law enforcement unions are very powerful.
Conservative here - please get Trump out. Ryan is (Score:4, Informative)
I'm a conservative. #NeverTrump
Virtually all congresscritters vote on all the bills without ever reading most of them, especially budgets. I only know of one representative in Congress who has ever read a federal budget. Paul Ryan WROTE, not just read, multiple federal budgets. For any and every congresscritter, I can find areas where we disagree as to the best policy. Ryan is no exception, I don't fully agree with anyone, on everything. He is also by far the best informed, smartest person we've had in Congress in many years. And squeaky clean on ethics. Whikle he doesn't always come to the same conclusions I do, his conclusions are based on *really* knowing his stuff, knowing wtf he's talking about. Frankly, me disagreeing with Paul Ryan about federal policy is like me disagreeing with Stephen Hawking about physics theories - we both have our own opinions; one of us knows wtf they are talking about it, and it isn't me.
Paul Ryan's departure will hurt the country when he's replaced with another "we have to pass the bill to find out what's in it" person.
Re: (Score:1, Insightful)
Frankly, me disagreeing with Paul Ryan about federal policy is like me disagreeing with Stephen Hawking about physics theories - we both have our own opinions; one of us knows wtf they are talking about it, and it isn't me.
This is a joke, right? Paul Ryan is a mental midget. You’d have to have below-average intelligence if you think Ryan is smarter.
Re: (Score:1)
Re: (Score:2)
Paul Ryan WROTE, not just read, multiple federal budgets.
How many balanced budgets has he written?
I checked FY2015 and FY2017. They call for balance (Score:2)
He authored seven budget bills. I don't have time to check all of them, but I was curious enough to check two. Maybe you'll want to check the others. I checked fiscal year 2015 and 2017. Both of those are balanced budget plans. Care to check a couple others and let me know what you find?
Bill probably knows this already, but for those who don't, the federal government plans spending over a 10-year period, for two reasons. First, this slightly reduces the extent of "buy it this year, pay for it three years la
Re: (Score:2)
Just out of curiosity, how much were you paid for that, and by whom?
You can name one? (Score:2)
Paul Ryan wrote seven federal budgets. Can you name another congresscritter who so much as "read* even one budget bill?
Take your time, I'll wait.
Re: (Score:2)
Paul Ryan writes his own budget bills for the same reason teenagers write their own fanfic about Bart and Milhouse getting it on.
I imagine the Rhianna seduces me (Score:2)
> I'd imagine the read them.
I imagine that Rihanna seduces me.
You *could* look up the actual facts I'm under two minutes instead of imagining things and then believing that it must be true because you imagined it.
Re: (Score:2)
You agree that Ryan's bills are essentially tea party fanfic?
Re: (Score:2)
https://www.nytimes.com/2018/04/12/opinion/paul-ryan-hypocrite.html
Article really doesn't disagree with what I said (Score:2)
The article you linked says the journalist disagrees with Ryan on economic policy. Okay, cool. As I mentioned, I also disagree with him on policy often enough.
The journalist does not claim, and could not make a case, that Ryan isn't one of the smartest and best informed politicians we've had in decades.
Again, I can disagree with Stephen Hawking's theory. I can't reasonably say Hawking has no idea what he's talking about. That would be silly. Most Congresscriyters have no idea what they're talking about. T
Re: (Score:2)
https://www.vox.com/2018/4/11/... [vox.com]
Keep talking, and flaming yourself (Score:2)
As you may know, John Sununu is widely known as having one of the highest IQs ever measured. A member of Mega Society, Sununu scored higher than Stephen Hawking and other well-known geniuses on the standard high IQ test.
In order to support your claim that Ryan is stupid, you linked to a ranting article with very few facts, but one of the few facts it mentions is this gem: ...
--
Ryan emerged as a player by sponsoring, along with then-Sen. John Sununu
---
Well gee, if Paul Ryan agrees with and collaborates with
Re: (Score:2)
Also:
The Mega Society accepts members on the basis of untimed, unsupervised IQ tests that the test author claims have been normalized using standard statistical methods.
seems legit... [knowyourmeme.com]
But the Cyber! (Score:4, Insightful)
"The security aspect of cyber is very, very tough. And maybe, it's hardly doable."
I know I personally feel great entrusting the security of the American people to a bunch of geriatrics who worry about "the cyber".
Re: (Score:1)
It's a start (Score:4, Interesting)
I also want to see:
1. Mandatory Disclosure of KNOWN security bugs in a consumer product by any governmental entity, First to the manufacturer for a designated "Fix" period, after which, all vulnerability details shall be available to the public through FOIA request.
2. NO HORDING DEVICE OR SERVICE EXPLOITS: A security researcher, company, member of law enforcement, government, or any other party having accidentally, or intentionally: a successful defeat for a security measure on any common consumer product, OR public service must minimize the amount of proprietary or other users' data exposed during any proof of concept testing, and make minimal efforts to fully disclose their activities and all details of potential vulnerabilities to the operator of the service within 15 days of discovery, or they shall be deemed liable for holding means of fraudulent access with intent to commit a crime and fined the estimated value of the exploit not less than $10000 for a natural person, and not less than $100,000 for other persons.
3. Prohibition against selling for a profit, importing, trafficking in, or incorporating PAID security exploits, PAID software, or COMMERCIAL devices that are designed with a specific built-in function to defeat security measures or intercept data by falsifying network or over-the-air signals or "impersonating" another device into a commercial product, or conducting security exploits in the course of business, except if the course of business is pentesting and the exploit is used in the course of business against ONLY systems fully owned by the customer within the scope of a security testing engagement, OR If the complete source code for all software and design specifications for all hardware and details of all exploits are disclosed to the public 30 days prior to the sale or release of the commercial product.
4. Mandated Disclosures by MANUFACTURERS of the existence of ALL intentional security backdoors and remote means of access into any consumer or commercial smart phone, computer, appliance, or network device with criminal penalties for failing, AND public disclosure of any foreign governments or persons/organizations outside the manufacturer or outside the US that will have Access Credentials, Backdoor Access Procedures, Security Keys, or other Digital Signing or Decryption keys that are significant and could be used to exploit a device.
There are more agencies than you realize (Score:1)
There aren't two. There aren't three.
Focus on the ones you know about and the ones you don't know about are going to require backdoors anyway, and just make stuff happen to corporations that don't provide them.
It won't matter, look at recent history (Score:3)
Remember AT&T installed traffic monitoring equipment in their San Francisco switching office at the behest of the NSA?
Illegal under FISA.
In 2008 Bush signed the FISA Amendments Act which granted retroactive immunity to telecommunications companies for past violations of FISA.
Re:It won't matter, look at recent history (Score:4, Informative)
Re: (Score:2)
The problem that that act addressed is that complying with pressure from government agencies, in order not to wind up like Qwest, had the potential to cost those companies big. It really isn't fair for the government to force companies to do something illegal and then leave them hanging out to dry when the illegalities are found.
War is peace / freedom is slavery..... (Score:1)
"FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a “back door.” "
Is this guy serious? That IS the definition of a "back door". You can't demand/"recommend" that companies leave a gaping hole in their devices security with the sole intent to allow government officials/agencies to search said device and NOT call it a back door. It's somewhat disturbing that things have gotten so ba
Not a back door (Score:2)
FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a "back door."
This guy clearly has no idea what a back door is, cuz he wants one, but then he doesn't, in the same sentence.
And we're entrusting these guys with sensitive national security secrets and such? Ouch.
And knowing Congress, they'll find a way to mess this up.
This law already fucking existed you morons (Score:2)
No, seriously. The Federal government has had effectively zero capability to tell other companies how to design their products or how to build them, unless they were actively hurting people.
The CPSC even has rules regarding this.
Lawmakers Are The Government (Score:1)
So the government is blocking the government?
What a relief. Nothing to worry about here.