Hit & Run

What's Clear in the Encryption Debate Is That Some Politicians Don't Want to Listen

Officials don't seem to care if you're more vulnerable to criminals if it helps their pet causes.

|

Should homeowners be provided to give a copy of their keys to police in case they "need" access to their houses to fight crime?
Electronic Frontier Foundation

A couple of stories popped up in the news this week over the political fight for government "back door" encryption-bypassing tools that would allow officials access to users' private data in the name of fighting crime and terrorism.

First, on the national stage, surveillance-loving senators (as long as they're not the target) on the Intelligence Committee like Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) don't even want to debate either the ethics or the security risks of mandating encryption back doors. They want access now, now, now! From The Hill:

Senate Intelligence Committee leaders want to move swiftly on encryption legislation and bypass a proposed national commission to study the topic first.

"I don't think a commission is necessarily the right thing when you know what the problem is. And we know what the problem is," Chairman Richard Burr (R-N.C.) said.

Burr is working on a bill with his committee's ranking member, Sen. Dianne Feinstein (D-Calif.), that would guarantee law enforcement access to encrypted data.

But Sen. Mark Warner (D-Va.) and House Homeland Security Committee Chairman Michael McCaul (R-Texas) are pushing their own competing proposal that would establish a national commission to investigate the issue before crafting legislation.

"What we're trying to do is get that collaboration started," Warner told reporters on Tuesday. "Let's get the experts in the room."

Who needs to talk? Our betters in the Senate "know what the problem is." Of course, everybody who understands encryption knows what the problem is with Burr and Feinstein's proposed solution: There is absolutely no way to guarantee that a back door bypass that can only be used by government officials and cannot be kicked open by hackers—either independent or foreign government-sponsored. (And of course, for us civil liberty types, there's the matter that the back doors could be abused by our own government for matters that have nothing to do with fighting terrorism—which is what happens which pretty much every surveillance tool we allow the government to use). Tech companies are mostly aligned against the idea of encryption back doors, with the notable exception of AT&T and its historical willingness to cooperate with authorities.

But what is the incentive for elected senators to actually listen to tech experts over the typical fearmongering over terrorism and expansion of government authority? Note that the "solution" for the concerns over potential abuses of surveillance tools is to grant tech companies protection from legal liability so that citizens can't sue. That's what happened with the Cybersecurity Act of 2015 in the recent omnibus bill. It's easy to say that Feinstein and Burr don't really understand the potential consequences of these kinds of efforts because what they're proposing is so ham-fisted and awful. But it's actually likely that they do understand the potential harms and that they don't actually care, given Congress' idea of a solution.

That Feinstein and senators have actually been targets of federal surveillance themselves has done nothing to dissuade them for this sort of push because they have concluded that their positions of power grant them unique protections that don't apply to the rest of us. And they'll likely never be punished by the electorate over such complex technical issues. If there's a major private sector cybersecurity breach as a result of forced back doors, what is the likelihood that a large segment of the public will understand it is a result of actions by Feinstein and Burr?

Meanwhile over in California, we have an example of an elected official attempting to use the lastest law-and-order magic words—"human trafficking"—to push for mandatory decryption on smart phones. Democratic Assembly Member Jim Cooper wants to order smartphone manufacturers to be capable of decrypting and providing access to their products on demand. Ars Technica got him on the phone for an explanation:

"If you're a bad guy [we] can get a search record for your bank, for your house, you can get a search warrant for just about anything," Cooper told Ars in a brief phone call on Wednesday afternoon. "For the industry to say it's privacy, it really doesn't hold any water. We're going after human traffickers and people who are doing bad and evil things. Human trafficking trumps privacy, no ifs, ands, or buts about it."

Note that at the start of 2016, a new law went into effect in California requiring authorities to get warrants to access digital records and location data from smartphones. Cooper's proposed legislation won't result in a new way to bypass that requirement. Nevertheless, tech experts tell Ars Technica that Cooper's plan has the same flaws as Feinstein and Burr's: It weakens everybody's cybersecurity and renders everybody more vulnerable to criminals with very little evidence it will actually help fight the crimes its proponents say it will.

Below, ReasonTV explains how to defy the likes of Feinstein, Burr, and Cooper and communicate anonymously online: