Wednesday, June 24, 2020

Senators Propose a Cool New Contest To Destroy Your Online Privacy

By Scott Shackford - June 24, 2020 at 01:10PM
grahamcotton_1161x653

Sens. Lindsey Graham (R–S.C.) and Tom Cotton (R–Ark.) have joined forces to sponsor encryption legislation that Attorney General William Barr supports, so it's almost certainly a threat to Americans' data privacy and security in the name of allegedly helping law enforcement fight terrorism, drug trafficking, and child porn.

On Tuesday, Graham, Cotton, and co-sponsor Sen. Marsha Blackburn (R–Tenn.) introduced the Lawful Access to Encrypted Data Act. The full text of the bill is not yet available, but a summary posted at the Senate's Judiciary Committee (where Graham is the chairman) makes the bill's goals clear: "The debate over encryption and lawful access has raged on, unresolved, for years. The Lawful Access to Encrypted Data Act would bring an end to warrant-proof encryption in devices, platforms, and systems."

They're referring to end-to-end encryption, a tool for protecting data from hacking and outside access by making it very difficult, if not impossible, for anybody without permission to access the encrypted info. Even the company that created the communications device or app (like Apple or Facebook) cannot gain access to the data. That's the point of this type of encryption.

Here are the components of the legislation listed in the summary:

  • "Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant."
  • "It allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation."
  • "[It] directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security."
  • "[It] funds a grant program within the Justice Department's National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations."

Strong encryption is a boon to consumers (and even government officials themselves) because it makes it so much harder for criminals and others to access your data and messages, which helps prevent identity theft. In countries with authoritarian governments, encryption protects the communications of dissidents and activists from being snooped on by repressive regimes.

It also stops the FBI and law enforcement officials from getting access to private data, even when they have a legal warrant to search a device like a phone or computer. So as end-to-end encryption implementation has grown across many platforms and communication tools (Zoom, which has grown in prominence since COVID-19 shut down in-person meetings, announced last week they'd be implementing it for all users, not just paying subscribers), the Department of Justice (DOJ) has become more vocal about demanding access.

But there's a problem that the DOJ and these senators still aren't taking seriously: It's impossible to create a mechanism for bypassing encryption that cannot end up in the wrong hands. An encryption key or "back door" can be used by anybody who learns how it works, whether that person is an identity thief or a foreign government.

The Lawful Access to Encrypted Data Act isn't contending with that problem. The summary says that the attorney general can't issue a directive with "specific technical steps for implementing the required capabilities"—meaning that the attorney general cannot specifically order encryption "back doors." But if the attorney general can nevertheless order companies to "assist" and make data accessible to the feds, it is, in all the ways that matter, ordering a back door.

Barr supports the bill and the DOJ might have even helped craft the legislation, given that "#LawfulAccess" has been the department's inept hashtag campaign in its efforts to compromise encryption, and they have an information page devoted to it.

Politicians and government officials keep insisting they're "confident" that tech companies can find a way to allow for strong encryption while only giving government officials access, even as all tech experts and companies try to explain, over and over again, that they cannot do this.

Facebook, in response to the legislation, reiterated this:

"End-to-end encryption is a necessity in modern life—it protects billions of messages sent every day on many apps and services, especially in times like these when we can't be together. Rolling back this vital protection will make us all less safe, not more. We are committed to continuing to work with law enforcement and fighting abuse while preserving the ability for all Americans to communicate privately and securely."

Barr needs to be paying better attention to what happened in Russia: They attempted to order the app Telegram to provide encryption keys, and the company refused, so Russia attempted to ban the app, but it didn't work. Russians continued to download and use the app and recently the Russian government relented.

That might be why this bill proposes an encryption-cracking competition rather than a ban. But you really shouldn't trust for a moment that the DOJ would prioritize "maximizing priority and security" in evaluating who might claim this bounty, given that they've flat-out refused to listen to tech and privacy experts.


from Reason Magazine Articles
via IFTTT