A Month Ago, Dianne Feinstein Said Cybersecurity Was Super Important... Now She Says We Should Undermine Encryption

from the which-side-is-she-on? dept

"Millions of personal records and hundreds of billions of dollars fall victim to cyber-attacks every year, and we’ve done little to stem the tide."

"I can say this. [FBI] Director [James Comey] and, I think John Brennan, would agree, that the Achilles Heel in the internet is encryption. Because there are now... it's a black web! And there's no way of piercing it. And this is even in commercial products! PlayStation, John! Which our kids use. If the two ends communicate, that's encrypted. So terrorists can use PlayStation to be able to communication and there's nothing that can be done about it."

No. I don't think so. I think with a court order, with good justification, all of that can be prevented. It can be prevented in Europe, because Europe has been a major driver for more encryption. And I think that they are now seeing the results. I have visited with all of the General Counsels of the tech companies, just to try to get them to take bomb building recipes off the internet. Recipes that have been tested and we know can explode a plane. Directions. Where to sit on the plane to blow it up. We know that there are bombs that can go through magnetometers. And to put that information out on the internet, is terrible. And I sorta got 'well, pass a law.' So, we may just have to do that. But I am hopeful that the companies, most of whom are my constituents -- not most, but many -- will understand what we're facing. And we're not crying wolf. There's good reason for this. And people are dying all over the world. And I think the Sinai-Russian airliner is a classic example of a bomb that got on a plane, that blew up that plane.

The First Amendment would impose substantial constraints on any attempt to proscribe indiscriminately the dissemination of bombmaking information. The government generally may not, except in rare circumstances, punish persons either for advocating lawless action or for disseminating truthful information -- including information that would be dangerous if used -- that such persons have obtained lawfully.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Look, everyone has known for quite some time that Senator Dianne Feinstein's big push for so-called "cybersecurity" legislation in the form of CISA had absolutely nothing to do with cybersecurity. It was always about giving another surveillance tool to her friends at the NSA. However, given that she was one of the most vocal in selling it as a "cybersecurity" bill (despite the fact that no cybersecurity experts actually thought the bill would help) it seems worth comparing her statements from, with her new attacks onin the form of encryption.Here is Feinstein just a month ago, claiming to worry about "cyberattacks" on Americans Of course, CISA does nothing to protect any of that. You know what does protect against that -- better use of encryption to keep that information from getting hacked in any useful manner.Okay, fast forward. Following the Paris attacks, Feinstein has been among the most vocal in claiming that we need to undermine encryption, which is pretty amazing given that she represents California (and is from San Francisco), home to tons of tech companies that actually get this and think she'sfor undermining actual cybersecurity.Never mind that, though. Here she is this past weekend, on CBS'stotally attacking encryption itself and mocking the tech companies that just a month ago she was insisting needed special government help to protect against cyberattacks. She was asked if the intelligence community has the tools it needs, and she decides to attack encryption -- even choosing to cite as a source CIA director John Brennan -- the same John Brennan who illegally spied on her staffers and then lied about it repeatedly.The host, John Dickerson, then points out that the tech industry (again, mostly based in or near Feinstein's hometown, and that she's supposed to be representing) says that backdooring encryption makes us less safe and opens us up to more attack, and Feinstein brushes it off, relying on her apparent years of computer security training...Where to start with this nonsense? First, note that she doesn't actually respond to the question concerning how undermining encryption will make us all less safe and make all that information Feinstein herself claimed was under attack just a month ago, other than to say that, personally, doesn't think thathas been saying is true. Yikes.Second, rather than focus on encryption, she pivots to her other pet projects , claiming that the government should force internet companies to censor. She keeps on this despite the fact that all the way back in 1997, the DOJ directly told Feinstein that this would violate the First Amendment. From the DOJ to Feinstein:Third, this weird infatuation with, despite the fact that it's generally recognized as a joke for fools, where the likelihood of being able to build an actual bomb from it are minimal at best. And, while she pretends that the GCs of tech companies just sort of shrugged their shoulders about this, it's much more likely that it's because they thought she was being ridiculous trying to censor the internet in violation of the First Amendment. Whoever told her "well, pass a law" was almost certainly trying to get rid of her, knowing that any such law would be unconstitutional.Fourth, this tangent about "bomb making instructions" online still has absolutely nothing to do with encryption or the question about how encryption makes us all much more vulnerable to attack and actually makes us all less safe.Fifth, the comment about Europe is. Again, while the attackers may have used some encryption, it's been revealed (since long before Feinstein did this interview) that they did an awful lot of communicating in the clear, including unencrypted SMS and Facebook messenger. On top of that, what the hell does "Europe has been a major driver for more encryption" even mean? Perhaps it's true that they've been adopting more encryptionSixth: the whole PlayStation thing has been debunked as a way that the Paris attackers communicated. They did not. Furthermore, she's just wrong that the PlayStation has end-to-end encryption. It does not Seventh, does she honestly believe that whoever blew up that Russian airplane downloaded bomb-making instructions from the internet? Also, if it were really so easy to get such instructions and get them through security, don't you think we'd have seen a lot more airplanes blown up by now?In summary, Feinstein (a month ago) said we should all be deathly afraid of cyberattacks, and the only way to solve it was to give the government much greater access to companies' computer systems, via CISA. And, now, she insists that encryption is an "Achilles's heel" and thatare lying when they say undermining encryption will put everyone at risk. Why? Becauseis online and Google won't take it down.Is it really so much to ask for politicians to actually understand technology before they go off on ridiculous, ignorant, uninformed rants about it -- often leading to even more ridiculous andlegislation?

Filed Under: cisa, cybersecurity, dianne feinstein, encryption, going dark, surveillance, terrorists