On Tuesday, Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced yet another bill attempting to poke holes in data encryption, called the Lawful Access To Encrypted Data Act. This bill follows previous US efforts to weaken encryption, including March's proposed EARN IT Act and demands made by US Attorney General William Barr in his 2019 keynote address at the International Conference on Cyber Security.
Sigh. Here we go again. I posted about this when Barr first flapped his gums last year:
There are very few things that make me distrust our Law Enforcement community more than the persistent proposal that we destroy encryption. The mathematics of cryptography is subtle and really easy to screw up in unpredictable ways. It's impossible to predict, but it's entirely possible that a backdoor that lets the Government read your email could also let them write emails. The Russians and the Chinese would have a field day with this once the secret inevitably leaks - allowing them to forge incriminating emails about politicians to undermine trust in our political system or forge bogus financial transactions to wreak havoc with the economy. Among other things.
Quite frankly, this is a glaring example of why the Swamp needs to be drained.
Security guru Robert Graham wrote about this at the same time:
The tl;dr version of this blog post is this:That last point is what I was talking about. This is Congress saying that "Pi should equal 3 because reasons". Yeah, well I want a unicorn that pees 87 octane into my tank - and I really want a Congress that isn't filled to the brim with fools.
- Their claims of mounting crime are unsubstantiated, based on emotional anecdotes rather than statistics. We live in a Golden Age of Surveillance where, if any balancing is to be done in the privacy vs. security tradeoff, it should be in favor of more privacy.
- But we aren't talking about tradeoff with privacy, but other rights. In particular, it's every much as important to protect the rights of political dissidents to keep some communications private (encryption) as it is to allow them to make other communications public (free speech). In addition, there is no solution to their "going dark" problem that doesn't restrict the freedom to run arbitrary software of the user's choice on their computers/phones.
- Thirdly, there is the problem of technical feasibility. We don't know how to make backdoors available for law enforcement access that doesn't enormously reduce security for users.
Think about what this will do - security will be weakened in hard to anticipate ways. How will this enable Internet-based financial fraud? How will it make it easier for Bad Guys to, say, get into your Internet bank account? How will this enable Nation State Actors to forge seemingly legitimate "evidence" of scandal against sitting Congress critters?
You ask the folks who proposed this bill and you get a blank-eyed stare. Dumb, uncomprehending stares from dumb, uncomprehending people.
"This is a full-frontal assault on encryption and on Americans' privacy and security, just when the shift to living much of our lives online from home means we can least afford it," said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in an email to The Register.
"The bill unambiguously contains the long-dreaded backdoor mandate for devices and online services alike, from cloud storage to email to apps, such as end-to-end encrypted messaging apps."
So how good a job does the Fed.Gov do keeping cyber secrets? Remember Edward Snowden? Remember how the CIA's elite cyber hacking force couldn't protect its own Top Secret hacking tools? Oh, and the Police don't do any better:
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.
So the Organs Of The State want the ability to decrypt anything, any time, anywhere. They don't even stop to think that the secret mechanisms that they will require to do so will be public knowledge in about ten seconds. They have absolutely no idea what the impact to the Internet economy will be.
Philosopher Kings.
Never mind that in today's Cancel Culture this doesn't remotely pass the Jews In The Attic test.
Like I said, Eric Holder never proposed this. Bob Barr did.
Imagine, if you will, that I am an idiot. Then imagine that I am also a Congressman. But alas, I repeat myself.- Mark Twain
In my opinion, there are multiple parties within both Democrats and Republicans - we essentially have a multi party system concealed in a 2 party system. These Republicans are from one of the parties that I don't like...
ReplyDeleteOn a different subject...
Programming is easy; there are 10s of thousands of people in the US, let alone overseas, who can code a basic communication program with encryption; many of them would if offered the money. Additionally, the use of machine language, steganography, and other techniques can hide encrypted messages from all but a determined search - a law like this is basically unenforceable, and only honest people will live by it. Criminals and tech savvy terrrists will use their own programs or 'black market' programs written overseas that are illegal here but hard to stop...
China has a law like this in place and my understanding is that it is widely ignored and that foreign countries trying to follow it use a separate system in China than in the rest of the world to minimize their exposure to lost data.
"I really want a Congress that isn't filled to the brim with fools."
ReplyDeleteUnpossible in a democratic republic.
While you're up, square a circle, and take a ride on that flying unicorn.
It could be done, but first would come the minimum IQ tests for both voters and candidates.
Then, anyone who wanted the job would be automatically disqualified.
Thirdly, you'd make the salary lower than minimum wage, and move the capitol to someplace like Alligator's Ass Bayou in Louisiana, and outlaw air conditioning or ceiling fans, and mandate all meetings and business take place in July and August.
The winter meetings would be in Prudhoe Bay, AK, during the week from Christmas to New Year's, and be held outdoors.
Fourthly, to be re-elected, you'd have to have been apprehended attempting to leave the country to avoid the job, and/or defecting and renouncing your citizenship to avoid serving in the Congress.
Anyone failing that bar would be ineligible for additional terms.
Lasty, all laws passed would apply only to the Congress for the first 10 years. Only after that would they become the law of the land, unless sooner rescinded.
You might still get a fool or three, but you'd whittle down the tally mightily compared to the current amount, and for the few remaining, you'd get a much better class of fool, at minimum.
And it would be hilarious to watch.
For a bonus, no one would be eligible for the federal judiciary until they had supervised the removal of at least 10 state-level judges for cause for corruption, or incompetence/malpractice, and no one would eligible for SCOTUS until they'd done the same thing with federal judges. 10 scalps, or no job. Anyone who couldn't find 10 crooked or incompetent judges isn't qualified to hold that job in the first place.
Aesop, I agree there's no squaring that circle. But these idiots are passing a law saying "encryption that only WE can break". Good damn luck with that.
ReplyDeleteMorons.
I like the idea of moving Congress to a swamp. Of course, DC used to be a swamp, but they drained (the physical one) while making a political one. Maybe no AC would help.
Meh. It's kabuki theatre at this point. Law and order is not a priority with our ruling class anymore, never mind justice. Our countries don't have the least of a whit of a problem with law and regulation - we have a people problem and it's getting worse by the day. We could stretch a few necks today, and put a few monkeys in cages right now - or we can let it go until open civil war breaks out.
ReplyDeleteBetter stop and go grey before you've had too much to think...
So now it's the LA-TE-DA act, eh?
ReplyDeleteAlas, politicians are by nature incapable of grokking the concept of "impossible in principle"; they devoutly believe that anything that can be commanded can be done. Made a fine line for Yul Brynner; doesn't mesh well with math, physics, nor any other intractable subject.
Which, I guess, is another reason STEM must be destroyed. We need new math that listens to kings and such.
Oh, another thing occurs to me: while the Communist Boogers may be using encrypted digital communications, you can bet they're using apps controlled by the Chinese government.
ReplyDeleteAnd there was a rumor making the rounds a couple of days ago that they were also using 2-meter walkie-talkies, probably without the applicable licenses. Maybe they're transmitting in the clear, fondly believing no one is listening? Or maybe they're using old-fashioned code phrases that can only be cracked with the proverbial $5 wrench? (XKCD #538, of course.)
I regard the whole thing as distraction. Assuming that the NSA can't crack codes with technical means, waterboarding works. So does human engineering. If you want stuff to be secure from government, don't use tech. Other bad actors might be defeated by tech but not government.
ReplyDeleteIt's time to publicly appear neutral/borderline compliant. HIDE EVERYTHING! MEMORIZE EVERYTHING YOU WANT PRIVATE AND BURN THE HARDCOPY!
ReplyDeleteConduct as much personal business as you can by cash and barter. Meatspace for meetings. Trusted associates only. Small cells. Need to know strictly enforced. Harden your heart, sharpen your mind and be ready to die for what you believe in.