On Tuesday, Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced yet another bill attempting to poke holes in data encryption, called the Lawful Access To Encrypted Data Act. This bill follows previous US efforts to weaken encryption, including March's proposed EARN IT Act and demands made by US Attorney General William Barr in his 2019 keynote address at the International Conference on Cyber Security.
Sigh. Here we go again. I posted about this when Barr first flapped his gums last year:
There are very few things that make me distrust our Law Enforcement community more than the persistent proposal that we destroy encryption. The mathematics of cryptography is subtle and really easy to screw up in unpredictable ways. It's impossible to predict, but it's entirely possible that a backdoor that lets the Government read your email could also let them write emails. The Russians and the Chinese would have a field day with this once the secret inevitably leaks - allowing them to forge incriminating emails about politicians to undermine trust in our political system or forge bogus financial transactions to wreak havoc with the economy. Among other things.
Quite frankly, this is a glaring example of why the Swamp needs to be drained.
Security guru Robert Graham wrote about this at the same time:
The tl;dr version of this blog post is this:That last point is what I was talking about. This is Congress saying that "Pi should equal 3 because reasons". Yeah, well I want a unicorn that pees 87 octane into my tank - and I really want a Congress that isn't filled to the brim with fools.
Think about what this will do - security will be weakened in hard to anticipate ways. How will this enable Internet-based financial fraud? How will it make it easier for Bad Guys to, say, get into your Internet bank account? How will this enable Nation State Actors to forge seemingly legitimate "evidence" of scandal against sitting Congress critters?
You ask the folks who proposed this bill and you get a blank-eyed stare. Dumb, uncomprehending stares from dumb, uncomprehending people.
"This is a full-frontal assault on encryption and on Americans' privacy and security, just when the shift to living much of our lives online from home means we can least afford it," said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in an email to The Register.
"The bill unambiguously contains the long-dreaded backdoor mandate for devices and online services alike, from cloud storage to email to apps, such as end-to-end encrypted messaging apps."
So how good a job does the Fed.Gov do keeping cyber secrets? Remember Edward Snowden? Remember how the CIA's elite cyber hacking force couldn't protect its own Top Secret hacking tools? Oh, and the Police don't do any better:
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.
So the Organs Of The State want the ability to decrypt anything, any time, anywhere. They don't even stop to think that the secret mechanisms that they will require to do so will be public knowledge in about ten seconds. They have absolutely no idea what the impact to the Internet economy will be.
Never mind that in today's Cancel Culture this doesn't remotely pass the Jews In The Attic test.
Like I said, Eric Holder never proposed this. Bob Barr did.
Imagine, if you will, that I am an idiot. Then imagine that I am also a Congressman. But alas, I repeat myself.- Mark Twain