Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill

from the learn-something-people dept

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data. But technological innovation must not mean placing individuals or companies above the law.

Over the past year the two of us have explored the challenges associated with criminal and terrorist use of encrypted communications. Two examples illustrate why the status quo is unacceptable.

Our draft bill wouldn’t impose a one-size-fits-all solution on all covered entities, which include device manufacturers, software developers and electronic-communications services. The proposal doesn’t define the technological solutions or tell businesses how to solve the problem.

We want to provide businesses with full discretion to decide how best to design and build systems that maintain data security while at the same time complying with court orders.

Critics in the industry suggest that providing access to encrypted data will weaken their systems. But these same companies, for business purposes, already maintain and have access to vast amounts of encrypted personal information, such as credit-card numbers, bank-account information and purchase histories.

We are not asking companies to provide law enforcement with unfettered access to encrypted data. We aren’t even asking companies to tell the government how they gain access to this encrypted data. All we are doing is asking companies to find a way to keep their data secure while also cooperating with law enforcement in terrorism and criminal investigations.

President Obama said earlier this year, “You cannot take an absolutist view on this.” We agree—and believe that strong data security and compliance with the justice system don’t have to be mutually exclusive.

American technology companies have done some amazing things that are the envy of the world. We think that finding a way to achieve both goals simultaneously is not beyond their capabilities.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Senators Richard Burr and Dianne Feinstein are not giving up that quickly on their ridiculous and technically ignorant plan to outlaw real encryption . The two have now penned an op-ed in the WSJ that lays out all the same talking points they've laid out before, without adding anything new. Instead, it just continues to make statements that show how incredibly ignorant they are. The piece is called Encryption Without Tears (and may be paywalled, though by now everyone knows how to get around that), which already doesn't make any sense. What they're pushing for is ending basic encryption, which will lead to many, many tears.It starts out with their standard ridiculous line, pretending that because a company builds end-to-end encryption, it's acting "above the law."People have gone over this time and time again: this is not about anyone being "above the law." It's about whether or not companies can be forced to directly undermine the safety and security of their products (and the public). A paper shredder can destroy evidence. A paper shredder maker is not "above the law" when it decides not to build a system for piecing back together the shreds.And speaking of "above the law" I still don't see Feinstein or Burr commenting on the FBI/DOJ announcing that it will ignore a court order to reveal how it hacked into computers over Tor.is being above the law. That involves a situation where a court has asked for information that the FBI absolutely has. The FBI is just saying "nope." If Burr and Feinstein are really worried about being "above the law," shouldn't they worry about this situation?I love this. They give two examples that have been rolled out a bunch in the last few weeks. The attack in Garland, Texas, where the attackers supposedly exchanged some messages with potential ISIS people, and the case of Brittney Mills, who was tragically murdered, and whose case hasn't been solved. Mills had her smartphone, but no one can get into it. Of course, it took nearly two years of fretting before law enforcement could dig up these two cases, and neither make a very strong argument for why we need toIt's a simple fact that law enforcement never gets to have. In many, many, many criminal scenarios, that's just the reality. People destroy evidence, or law enforcement doesn't find it or law enforcement just doesn't understand it. That's not the end of the world. This is why we have police detectives, who are supposed to piece together whatever evidence theyhave and build a picture for a case. Burr and Feinstein are acting like in the past, law enforcement immediately was handed all evidence. That's never been the way it works. Yes, law enforcement doesn't get access to some information. That's how it works.This is also misleading. The bill requires an end to real encryption. That's it. Real encryption means that only one person has the key. This is what Burr and Feinstein don't seem to get. They seem to think it's trivial to leave a key with Apple or whoever. But as basically every crypto expert has explained, it is not. Doing so creates a vulnerability... and worse, it's a vulnerability that cannot be patched. That's hellishly dangerous. Sure, the bill doesn't tell them exactly how to do this, but it does make it clear:. That's a problem.We want to provide businesses with full discretion to decide how best to travel back in time, in order to prevent crimes.Seriously: this is basically the same thing that Burr and Feinstein are saying here. They're asking for something that's impossible, and acting like it's a routine suggestion. If they need to comply with these All Writs Act style orders, they. That's a fact. It's mind-boggling that Burr and Feinstein still can't understand this.Argh. This paragraph shows that whatever poor staffer Burr and Feinstein assigned to write this drivel doesn't understand even the first thing about what he or she is talking about. Storing encrypted passwords, credit card info, bank account info, etc. is a totally different thing. Those are encrypted to keep them safe, and part of the reason they're encrypted is so that. This point is making the opposite point of what Burr and Feinstein think. Companies encrypt passwords and credit card info and the like. This protects user data, and the companies cannot actually provide the plaintext. They're comparing hashes. That's what keeps it safe.If we received a court order demanding our users' passwords, we couldn't provide them. Because they're encrypted. We don't know our users' passwords and can't give them to you. When someone logs in to our website, we can compare aof their password to ourversion and then if they match, we let them in. But we don't know what their password is. So this is aexample that actually goes against what Burr and Feinstein are saying. Those encrypted stores of informationunder this bill!Again, that last line is. They're asking the impossible -- and in the process, making everyone less safe. The only way to provide such info to law enforcement is to no longer keep the data truly secure. And the big concern is not unfettered access for law enforcement, but rather whatever this backdoor means for those with malicious intent, who will be very, very, very focused on finding these vulnerabilities and exploiting them.Because you don't know what you're talking about.So, in the end, despite basically every cryptography expert telling them this is impossible, Burr and Feinstein come back with "NERD HARDER, NERDS!"

Filed Under: above the law, dianne feinstein, doj, encryption, fbi, going dark, richard burr

Companies: apple