The terrible, authoritarian antiencryption legislation put together by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) died without getting anywhere at all, but they're apparently workshopping new versions of the legislation that are perhaps less awful and less about simply ordering tech companies to assist the feds in destroying their own data security.
We'll have to see what comes out of this work, but everybody should be paying attention to a terrorism case coming out of England. Samata Ullah, 33, of Cardiff, has been charged with several terrorism-related offenses for supporting the Islamic State (ISIS).
Ullah is not charged with actually carrying out violent acts. He is suspected of planning some. But the big deal here is that he being charged with using technology in a way to conceal what he was planning. That's where things get a little dicey. He is charged with using encryption and possessing information that could be used for creating weapons for terrorist attack, even though it's not inherently illegal in England to encrypt one's data or to possess information that can be used for weapons.
Here's how the charges are described via Ars Technica:
The charge sheet includes one count of preparation of terrorism "by researching an encryption programme, developing an encrypted version of his blog site, and publishing the instructions around the use of [the] programme on his blog site."
Ullah is also accused of knowingly providing "instruction or training in the use of encryption programmes" in relation to "the commission or preparation of acts of terrorism or for assisting the commission or preparation by others of such acts."
He has additionally been charged with being in possession of a "Universal Serial Bus (USB) cufflink that had an operating system loaded on to it for a purpose connected with the commission, preparation, or instigation of terrorism."
In one way, it's easy to see a certain type of logic behind such a law. It should be very clear by now that a law attempting to block the use of encryption or to make possession of information itself criminal is not just a dangerous and abuse-promoting violation of the right to security and privacy; it is utterly untenable in the borderless world of the Internet. So instead they're attempting to criminalize when these tools are used to support terrorism.
There's still the obvious problem, though, that the government is criminalizing the tools instead of what is actually done and the potential for abuse in the hands of prosecutors. Silicon Republic noted:
This section of the terrorism law has been cited in a number of incidents over the past year, ranging from individuals being charged over suspected terror incidents in Syria, to teenagers being accused of trying to build a bomb based on plans from the internet.
In 2014, London solicitor Tayab Ali spoke with Vice about how section five was very problematic, as it allows for prosecution of acts that would otherwise be deemed legal by the state.
"Section 5 can criminalise acts that, on their own, would be completely legal – if prosecutors can show that the end purpose of those acts might be terrorism," Ali said at the time.
The law referenced was passed in 2006. The law very literally criminalizes any action or conduct in preparation for a terror attack or assisting anybody else in preparing a terror attack. Blame it on a political "do something" mentality in fighting terrorism. There's no reason why people plotting terrorist attacks cannot be charged for what they're actually attempting to do. Criminalizing information or tools based on their context is just another way to add more charges.
Giving the government the authority to decide when information itself or the use of particular tools are contributing to the commission of a crime is a recipe for prosecutorial abuse. We can pretty much guarantee that laws like this will ultimately, eventually be used to punish people beyond actual suspected terrorists.