Encryption

Senators Propose a Cool New Contest To Destroy Your Online Privacy

A new, terrible anti-encryption bill with a twist

|

Sens. Lindsey Graham (R–S.C.) and Tom Cotton (R–Ark.) have joined forces to sponsor encryption legislation that Attorney General William Barr supports, so it's almost certainly a threat to Americans' data privacy and security in the name of allegedly helping law enforcement fight terrorism, drug trafficking, and child porn.

On Tuesday, Graham, Cotton, and co-sponsor Sen. Marsha Blackburn (R–Tenn.) introduced the Lawful Access to Encrypted Data Act. The full text of the bill is not yet available, but a summary posted at the Senate's Judiciary Committee (where Graham is the chairman) makes the bill's goals clear: "The debate over encryption and lawful access has raged on, unresolved, for years. The Lawful Access to Encrypted Data Act would bring an end to warrant-proof encryption in devices, platforms, and systems."

They're referring to end-to-end encryption, a tool for protecting data from hacking and outside access by making it very difficult, if not impossible, for anybody without permission to access the encrypted info. Even the company that created the communications device or app (like Apple or Facebook) cannot gain access to the data. That's the point of this type of encryption.

Here are the components of the legislation listed in the summary:

  • "Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant."
  • "It allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation."
  • "[It] directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security."
  • "[It] funds a grant program within the Justice Department's National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations."

Strong encryption is a boon to consumers (and even government officials themselves) because it makes it so much harder for criminals and others to access your data and messages, which helps prevent identity theft. In countries with authoritarian governments, encryption protects the communications of dissidents and activists from being snooped on by repressive regimes.

It also stops the FBI and law enforcement officials from getting access to private data, even when they have a legal warrant to search a device like a phone or computer. So as end-to-end encryption implementation has grown across many platforms and communication tools (Zoom, which has grown in prominence since COVID-19 shut down in-person meetings, announced last week they'd be implementing it for all users, not just paying subscribers), the Department of Justice (DOJ) has become more vocal about demanding access.

But there's a problem that the DOJ and these senators still aren't taking seriously: It's impossible to create a mechanism for bypassing encryption that cannot end up in the wrong hands. An encryption key or "back door" can be used by anybody who learns how it works, whether that person is an identity thief or a foreign government.

The Lawful Access to Encrypted Data Act isn't contending with that problem. The summary says that the attorney general can't issue a directive with "specific technical steps for implementing the required capabilities"—meaning that the attorney general cannot specifically order encryption "back doors." But if the attorney general can nevertheless order companies to "assist" and make data accessible to the feds, it is, in all the ways that matter, ordering a back door.

Barr supports the bill and the DOJ might have even helped craft the legislation, given that "#LawfulAccess" has been the department's inept hashtag campaign in its efforts to compromise encryption, and they have an information page devoted to it.

Politicians and government officials keep insisting they're "confident" that tech companies can find a way to allow for strong encryption while only giving government officials access, even as all tech experts and companies try to explain, over and over again, that they cannot do this.

Facebook, in response to the legislation, reiterated this:

"End-to-end encryption is a necessity in modern life—it protects billions of messages sent every day on many apps and services, especially in times like these when we can't be together. Rolling back this vital protection will make us all less safe, not more. We are committed to continuing to work with law enforcement and fighting abuse while preserving the ability for all Americans to communicate privately and securely."

Barr needs to be paying better attention to what happened in Russia: They attempted to order the app Telegram to provide encryption keys, and the company refused, so Russia attempted to ban the app, but it didn't work. Russians continued to download and use the app and recently the Russian government relented.

That might be why this bill proposes an encryption-cracking competition rather than a ban. But you really shouldn't trust for a moment that the DOJ would prioritize "maximizing priority and security" in evaluating who might claim this bounty, given that they've flat-out refused to listen to tech and privacy experts.

Advertisement

NEXT: All Statues Should Be Private

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. LAEDA. Someone was feeling lazy that day. With just a little more work, they could have come up with an acronym like LEAD or LEADER or LADAR, which would have been the coolest of all.

    1. or DEAR LEADER…

      1. I quit working at shoprite and now I make $65-85 per/h. How? I’m working online! My work didn’t exactly make me happy so I decided to take a chance on something new.WDs after 4 years it was so hard to quit my day job but now I couldn’t be happier.

        Here’s what I do………………Home Profit System

    2. seriously. no acronym, no bill.

  2. Glad to see the GOP has learned absolutely nothing.

    1. Obviously. How could a Republican ever learn anything besides how to trample women’s reproductive rights and hate minorities?

      1. Come on sweetie; you know we don’t learn these things, the are bred into us.
        What raises your hackles is that you haven’t figured out (yet) how to make kids socialists from the womb. Maybe that is why you want to kill so many?

      2. They appear to have figured out how to make you cry nonstop, pedo.

        1. Right, everyone cries but you Baby Butt Boy Tulpa. FYI it’s okay for grown MEN to cry.

          1. “Baby Butt Boy”

            omfg you can’t stop being a pedo

            1. Fuck you.

                1. What gave me away I thought I was doing a pretty good job?

                    1. Talking to yourself again? Jesus you are pathetic.

                    2. Jesus you are pathetic.

                      Sarah Palin’s Buttplug

        2. Also I’m definitely not crying over anything you hillbilly wankers say.

  3. It’s impossible to create a mechanism for bypassing encryption that cannot end up in the wrong hands.

    Especially when government itself is the wrong hands, by definition.

  4. See, this is the shit you gotta put up with, vote for a bunch of communists or vote for a bunch of fascists. Can’t we just kill them all?

    1. The communists and the fascists are two sides of the same coin.
      Read a history book from the period 1930 to 1960.
      What we can no longer vote for is any party in favor of individual freedoms.

      1. Whoooooshhhhh ……

      2. Dude, that’s the whole point of what he said.

      3. The way I see it is that fascism is just communism that’s more honest about what it’s doing up front.

  5. Senators Propose a Cool New Contest To Destroy Your Online Privacy

    Did Elizabeth Nolan Brown testify in favor or against?

    1. Yes and no; depends on which day’s testimony you read – – – – – – – –

  6. The Lawful Access to Encrypted Data Act would bring an end to warrant-proof encryption in devices, platforms, and systems the mathematics of prime numbers.

    Fixed

    1. Ellipses banned.

    2. Hey, the Prime Minister has already made sure that the laws of mathematics don’t apply in Australia, why not bring that reality distortion field to the U. S. of A?

  7. That might be why this bill proposes an encryption-cracking competition rather than a ban.

    So the government is offering free bug testing of new encryption technology? Sounds good to me. They are permanently behind every step of this arms race.

  8. You wasted a lot of time and effort Scott, my friend. I read the first line, “Sens. Lindsey Graham (R–S.C.) and Tom Cotton (R–Ark.) have joined forces…” and instantly knew whatever followed would be the most heinous, vile, disgusting, liberty-ending piece of legislation introduced this calendar year.

    1. I mean, this is certainly a heinous, vile, disgusting, and liberty-ending piece of legislation, but most? Didn’t we just have FISA reauthorization?

      1. In my opinion, this is worse than FISA reauthorization. It will make it it is illegal to make your messages private.

  9. Government is the idiots who tell the experts what to do.

  10. Over at Volokh Conspiracy, Orin S. Kerr argues that under the “foregone conclusion” doctrine, compelled entry of passwords is not a violation of the Fifth Amendment right against self-incrimination, so long as the government can independently prove that the suspect knows the password.

    Part of me almost hopes the government prevails on this point when the issue inevitably comes before the Supreme Court, because I think it will prove a Pyrrhic victory for them. If people can be forced to enter passwords into their phones, they will have every incentive to install self-destruct codes on their phones. What is the government going to do when it gains access to someone’s phone, only to discover that the SD card is completely clean? Hold him in contempt? How will they be able to prove that the suspect wasn’t simply carrying around an empty phone for some odd reason? If nothing else, cellphone owners will have a reason to offload their files every night. Google Photos already lets you store your pictures in the cloud while accessing them as though they’re located in the phone’s memory; the process is entirely transparent to the user. I’m sure Apple offers similar functionality.

    The government might want to consider the potential ramifications before charging headlong into a battle they’ll ultimately lose. Their only other option is to outlaw strong encryption entirely, and I’m not sure that’s a hill they’re willing to die on, this nonsensical bill notwithstanding.

    1. And we already know the cloud is third party and open to a mild request from the feds, no warrant needed.

    2. Orin Kerr argues that the Constitution doesn’t bar a government agency from doing what it wants? No way! I, for one, am completely stunned and amazed that he’s arguing a court can compel a password out of someone or have that person be found to be in contempt.

      Nice to see that some things never change in these turbulent times.

    3. The cloud is bullshit; an Orwellian nightmare. That is why I use it as little as possible. On your own hidden storage device is the only safe place…and that hiding place better be damned good.

    4. If there are multiple passwords (with different access levels or even self-destruct triggers), and the government can demand you enter ‘the password’, can they demand you enter a particular password? How could they demonstrate which one? It’s only a foregone conclusion if they know exactly what they’re asking for, right?

      1. “Stress makes me forgetful, i don’t remember the password”

        what then?

  11. The ONLY way to protect rights on the internet is to first have them. That requires that the internet be legally recognized as a public place.

    If you fight for the internet to remain a lawless Wild West, you’ll be fucked over by anyone who can, including every government.

  12. What is this online privacy thing everyone is babbling about?
    Am I the only person in the USA who actually reads terms of ‘service’?

    1. Because it’s 12 pages saying “you have no rights and we will sell your shit to anyone we want to.” Anyone signing up should understand that – you either allow it or you can’t use the service.

      It’s like buying a house – I don’t read all the paperwork, but I know it says “We hold all the cards and you essentially have none – fuck up and we will take your house away and toss your sorry ass in the street.”

      After all, this is the Land of the Free…free to buy your politicians, and if you can’t afford that, then fuck you.

      1. I miss the TOS clickwrap that had a goodie buried within them if you bothered to read all the way through.

  13. Looks like I need to get a stand-alone computer and start writing my own cryptographic software.

    1. Legal pads and a number two pencil.
      Use a code you make up yourself.
      But first get something worth hiding.

    2. This might not be possible, considering that the bill may require backdoors at the hardware level as well. One of the targets of the bill is evidently situations like Apple not being able to decrypt the San Bernadino shooter’s phone.

      There’s a more technical article at The Center for Internet and Society from Stanford about the implications.

      Also, this bill may be purposely designed to make EARN It look good.

  14. The debate over encryption and lawful access has raged on, unresolved, for years.

    no, it’s resolved. Fuck off slaver.

    1. You can deny there’s a debate; it doesn’t change the fact that Lindsey Graham wants to use the force of the state to prevent you from sending encrypted messages.

  15. Anything sponsored by Lindsey Graham is fucked by virtue of the fact that he is sponsoring it – he hasn’t had a correct idea since he got into office, that piece of shit.

  16. Guys. I keep pressing the L button on my local voting machine but this keeps happening. What do I do?

    1. Try ‘protests’.
      To the barricades!
      Welcome to the revolution.

  17. while we don’t yet have the bill’s full text, the synopsis did just say the manufacturerrs/tech guys have to ASSIST. That does not mean they SUcceed, does it? Apple’s encrypition is so strong most high up Apple guys cant hack it. So when th eFeds have a warrant to search a specific device, they can ask for HELP, but I see no way they can DEMAND success.

    Sorry, boyz, haffta find other ways to spy and snoop.

    1. Yep.
      I can see spending a couple months of billing at $750.00/hr for a team of 15 subject matter experts, and coming up with a final report that says “nothing to see here”.

    2. The bill would require Apple to break their own encryption. Apple has quite rightly said it’s impossible to provide secure communications with a backdoor. The bill would would require Apple to dispense with the “secure” part.

      It’s mathematically impossible to break sufficiently strong encryption (except with an impossibly long brute force attack). It’s entirely possible to mandate that Apple cannot use sufficiently strong encryption, which is essentially what this bill does.

      While this wouldn’t mean anything for information encrypted using old software, it would mean iPhone OS updates would compromise encryption in the future.

  18. Imagine my surprise that Lindsey Graham and Tom Cotton are willing to legislate on something they know absolutely nothing about. I usually try to make a distinction between ignorant and stupid, but these two idiots blend both seamlessly.

    There is no Democrat opposing Cotton in the fall, even though his approval polls were underwater even before the NYT op-ed. He does have a Libertarian opponent, whose donations page is here:
    https://rdh4senate.com/donate/

    1. “Imagine my surprise that Lindsey Graham and Tom Cotton are willing to legislate on something they know absolutely nothing about. I usually try to make a distinction between ignorant and stupid, but these two idiots blend both seamlessly.”

      I’ve been saying this for years: whether on medical procedures, the internet or fracking, lawmakers make rules on things they don’t begin to understand. Congress thinks it can pass laws on anything and we’re supposed to nod our heads and say, “Yas, Massa.”

    2. Next up, a bill to suspend gravity. We’ll just have to wait to see how it all falls out.

      1. The final bill will probably just reduce it by 50%, after “bi-partisan” negotiations.

        The greens will be on board, it will make cars weigh less and therefore get better mileage.
        The women (both real and imagined) will be on board, it will make them weigh less.
        The business world will be on board, it will reduce shipping costs.
        The airlines will be on board, it will reduce fuel costs.

        My friend, I think you have a winner here.

  19. More proof that We The People need to defend our privacy. Both major parties are the enemies of that promised freedom. Too many complacent sheep.

Please to post comments