Thursday, April 14, 2016

Just how bad is the proposed anti-encryption law

It's bad, filled with magical thinking:
All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders.
This is the crux of the issue. The senators want to have their cake – by requiring tech companies to protect their customers' data – and eat it too – by insisting that law enforcement can break the code. 
According to the best minds in cryptography this simply can't be done – it's not a moral or legislative issue but a mathematical one. Once you introduce a flaw into an encryption system, it's impossible to stop others finding it, especially since you are mandating it is there by law and the prize is free access to all US data traffic, as evidenced in the Juniper case.
Of course, Congress doesn't care that this is impossible, as long as they have a fig leaf ("protect the privacy of United States persons") to cover that ugly decrypt-anything-we-tell-you-to thing.  It tastes great and it's less filling.  And it makes you lose weight, too!

And protections against abuse have been stripped:
As we have mentioned, there are also now no restrictions on what kind of court order can be used to force companies to hand over data to the police. As we've seen with the Patriot Act in the US and RIPA in the UK, once you give police these powers, they will use them for everything because they cut down on the workload required. 
The original draft did include caveats to which types of court orders could be used, but those requirements are now gone.
And this is bi-partisan.  Forgive be for being unimpressed with the Republican Party's commitment to liberty.


bluesun said...

You should watch CGP Grey's latest video, about encryption and "keys to locks"

ccbpc said...

I don't think I'd go so far as to say this is bi-partisan. I didn't clicky the linky but if it's the same bill I was reading about in Wired, it's written by Feinstein and Burr, and Burr has been on my sh*t-list for some time now. About as republican as Feinstein herself.

As to the bill itself, from what I've read it's nothing but a pipe dream. Someone, somewhere will figure out (hopefully) that cryptography just doesn't work that way and this bill will die a quick quiet death before attracting any co-sponsors. Hopefully.