Encryption

The Sinister, Unconstitutional Effort to Ban Secure Encryption Is Back

It’s the ‘90s all over again, and the White House is in no mood to humor tech companies right now.

|

In a bizarre flashback to the 1990s, domestic restrictions on the use of encryption are being proposed once again.

Politico has reported that a National Security Council committee discussed last week whether to ban encryption without a mandatory backdoor for government access to plaintext. "Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it," the article said.

The best way to read this report is that it represents the latest extrusion of the permanent cadre of law enforcement and national security bureaucrats who have never abandoned their efforts, underway for over 20 years, to allow U.S. government agencies to break or bypass encryption embedded in hardware and software products.

The last time this extra-constitutional campaign against encryption kicked off was during the George W. Bush administration, in mid-2008, when FBI officials briefed Senate Intelligence committee members on what they called the "Going Dark" problem. This campaign continued without apparent interruption during the Barack Obama administration, when the FBI asked all field offices in 2009 for anecdotal information about cases in which  "investigations have been negatively impacted" by encryption. By 2012, as I disclosed in an article at the time, the FBI had drafted a proposed law to force tech companies to build in backdoors and was asking the companies not to oppose it. That legislation was never publicly introduced.

Details on the latest discussions are nonexistent, as Politico delicately acknowledged (they were "unable to determine what participating agency leaders said during the meeting"). But anti-crypto legislation has been introduced in the past.

In 1997, after lobbying by law enforcement and intelligence agencies, one House of Representatives committee actually voted for mandatory backdoors. The committee's rewritten version of the bill, H.R. 695, said: "After January 31, 2000, it shall be unlawful for any person to manufacture for distribution, distribute, or import encryption products intended for sale or use in the United States, unless that product includes features or functions that provide an immediate access to plaintext capability" in response to a court order. The plaintext must be able to be acquired, the legislation said, "without the knowledge or cooperation of the person being investigated."

Industry efforts killed this version, and it was not taken up by the full House of Representatives. But let's review for emphasis. Elected members of Congress actually wanted to imprison American citizens (and permanently take away related liberties like the right to own firearms, as the U.S. Court of Appeals for the 7th Circuit recently reminded us) for allowing other Americans to communicate privately. A lawyer, working as legislative counsel, actually agreed to undertake the task of drafting language. And a committee of the U.S. Congress actually voted for it.

In a constitutional republic, this is properly seen as risible. Police may be granted the authority, through legal processes, and within reasonable limits, to search our possessions. But they are not guaranteed success. We are not required to speak only in languages that senior FBI officials prefer. We are not required to talk only in locations where police can readily eavesdrop. As John Gilmore, the libertarian co-founder of the Electronic Frontier Foundation, pointed out during the 1990s crypto wars, the patriots fighting the American Revolution were able to enjoy perfect privacy by rowing to the middle of Boston Harbor. (Encryption wasn't unknown to those revolutionaries either.)

Based on the Politico report, last week's meeting is the continuation of efforts by federal agencies that now qualify as multi-generational. It can be traced back to when the National Security Agency convinced IBM to use a shorter, easier-to-crack key length for the DES encryption algorithm in the 1970s, and continues through the National Security Agency's efforts, disclosed by Edward Snowden, to weaken encryption algorithms today. This is what detractors might call the "deep state," the unseen government within the government that does not change with elections, which outlasts individual politicians and department heads.

In other words, this is no Trump administration-specific plan. But the danger is that it could become one.

If there's a terrorist attack with mass casualties, and encryption is reported to have been involved, look for a renewed push for domestic restrictions on encryption without backdoors. Technology companies will complain, of course, but in a political environment where the executive branch has turned against Silicon Valley because of its increasing bias against conservatives—a White House summit on that topic is planned for July 11—would anyone expect the president to listen?

NEXT: The FBI Hopes These Cute Puppies Will Distract You From Unconstitutional Civil Asset Forfeitures

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Does anyone in Congress undetstand how the internet works? We can’t keep heroin out of supermax prisons but they think they can keep people from downloading an encryption program.

    1. The fact that they think they can outlaw math says “no”.

    2. but they think they can keep people from downloading an encryption program

      How cute that you think that drug prohibition is about prohibiting drugs and encryption bans are about banning encryption.

      With encryption bans, the US government accomplishes two things. First, it prevents widespread adoption of secure encryption by commercial entities, meaning that financial, business, and other transactions will be completely open to the US government. Second, instead of locking you up for an actual crime, with an encryption ban, the US government can lock you up simply for using encryption to protect your own data.

      I leave it to you to figure out what the motivations behind making drugs illegal are; hint: it’s not your or anybody else’s well being.

  2. They might stop the Congress-pandering Big Tech from implementing end-to-end security, but the genie is out of the bottle and you can’t stop knowledgeable users from doing it themselves. So in effect this just keep encryption out of the hand of ordinary and not-too-tech-savvy citizens. It won’t affect the tech savvy, and it certainly won’t stop whatever activity it is they hope this will stop.

  3. You’re a fool if you think that big tech wants encrypt today. Companies like Google want encryption outlawed so that they can capture and sell more data.

    1. I’ve been trying to block google cookies with Opera browser. I’m blocking almost all of them now, but for some reason going to translate.google.com sets a google.com cookie, even though I told Opera to block all cookies from [*.]google.com. Nothing will stop that cookie from being set. Nothing. buahahaha

      1. You can also set session-only cookies, so even if it does set something, it get cleared when you close the browser.

        p.s. And you don’t need Opera for this. Any reputable browser lets you fine tune your cookie management rules. Not that I’m dissing on Opera. It’s a damn fine browser.

  4. “By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars,” Joshua Lund, a Signal developer wrote. “The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.”

    —-Ars Technica

    https://arstechnica.com/tech-policy/2018/12/signal-to-australia-good-luck-with-that-crypto-ban/

    There’s your backdoor, motherfuckers. Now you’re a blind man in a dark room looking for a black cat that isn’t there.

    1. From what I read, Australia’s law specifically does not require providers to weaken their capabilities (i.e., a genuine backdoor). If that’s true, the law is pretty impotent when it comes to apps like Signal as you say.

      But suppose the US passed a law like what is described here–not merely that the ciphertext has to be shared, but that encryption algorithms with no backdoors (basically any modern one) are specifically illegal to use or distribute. What does that even mean? That people who download signal or something like it are going to be charged with felonies? That TLS, used by nearly every major website, is a felony to use?

      1. “Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it”

        The bureaucrats and politicians who are talking about this stuff have no idea what they’re talking about. They may imagine their capabilities go far beyond what’s achievable.

        I know of a handful of email services in foreign countries that offer end to end encryption. Will they ban us from going to those websites or connecting to their servers? Are they going after VPN services, too?

        If the drug war taught us anything it’s that there isn’t any goal so destructive and expensive that the government won’t squander decades and trillions of dollars pursuing it, but I can’t imagine the amount of money and resources they’d have to go through to really stop people from using encryption.

        I imagine there should be a number of constitutional challenges to this stuff, too–and not just on Fourth Amendment privacy grounds. There are also First Amendment implications. Am I not allowed to send handwritten messages in code? Why is encryption different?

        1. In order for the government to know if encryption is not utilized they would have to have government programers overseeing every line of code for everything. The ultimate authoritarians wet dream

    2. “There’s your backdoor, motherfuckers. Now you’re a blind man in a dark room looking for a black cat that isn’t there.“

      It was there until you opened the door. Now my cat is dead.

  5. Authoritarians gotta control.

  6. This is what detractors might call the “deep state,” the unseen government within the government that does not change with elections, which outlasts individual politicians and department heads.

    This is a fair description of nearly everything in Washington.

    1. The deep state swamp is drainable, we just never got anyone in office who cared enough to drain it.

      Trump: “Imma gonna drain the swamp!”

  7. &p23nvc THIS!

  8. >>>this is properly seen as risible

    the revolution will be on post-its.

  9. Google is now paying $17000 to $22000 per month for working online from home. I have joined this job 2 months ago and i have earned $20544 in my first month from this job. I can say my life is changed-completely for the better! Check it out whaat i do…..

    click here ======►► http://www.2cyberlife.com

  10. So Red was right?

  11. Declan, man, you’re harshing my buzz.
    I’m too old to do this again. I guess it’s time to find minions.

    At least I’m not shipping product anymore. The cachet of being an “arms exporter” is not worth the paperwork for things that don’t make noise, except maybe penetration testing tools, and I’m hoping we nipped that in the bud with the Wassenaar folks.

  12. “You’ve got to be pretty careful with the tanks because the roads have a tendency not to like to carry heavy tanks so we have to put them in certain areas but we have the brand new Sherman tanks and we have the brand new Abrams tanks,”

    The president of the United States

    Or did he actually say that?

    The last brand new Sherman tank was produced in 1945. Some of them in Lima Ohio which currently manufactures tanks. He was there.

    Do roads have tendencies?

    1. Trump doesn’t know that Sherman tanks aren’t new and are not currently in service? What an idiot.

      I’m voting for Swalwell because he understands modern weapon systems and how to use them, like launching nuclear strikes against gun owners who refuse to comply with gun confiscation laws.

      1. You have to be careful with them.

        1. Them!? The gigantic irradiated ants? We’ll just nuke them…oh yah…that’s how they got to be gigantic irradiated ants in the first place. Our only option is to fight them with our latest Sherman tanks.

  13. One-time pad encryption can be done with simple pen & paper. Better make a law that all paper comes with built in carbon paper.

  14. We need two internets.

    One secured by the government with ”passports” for citizens to allow 21st century progress in online voting, healthcare and business.

    One privately the Wild West to let people take their chances getting caught doing illegal things.

    It’s the only way to move forward because secretive folks are currently obstructing real security and progress.

    1. One secured by the government with ”passports” for citizens to allow 21st century progress in online voting, healthcare and business.

      European ID cards provide that over the existing Internet, as do smartcards from VPN providers and financial corporations.

      The US government so far has been reluctant to give Americans secure online or offline IDs: the Republicans don’t want it because they don’t trust it, and Democrats don’t want it because it would make it much easier to identify illegals and deny them services.

      1. We don’t need governments to issue secure online or offline IDs. All we need (and we already have this) is a way to generate a public and a private key.

        It’s even possible for a single person to have multiple identities, for multiple purposes!

  15. One-time pads are considered essentially unbreakable without access to the pad. Except for the technical issue of securely sharing the pad (e.g., by Fedex-ing a DVD full of noise, while retaining a duplicate DVD), and the need to not re-use the pad, using a one-time pad is easy and computationally trivial.

Please to post comments

Comments are closed.