Leaked! Details Of The New Congressional Commission To Take On The Encryption Issue

from the we'll-see-how-this-goes... dept

Cryptography Global commerce and economics Federal law enforcement State and local law enforcement Consumer-facing technology sector Enterprise technology sector Intelligence community Privacy and civil liberties community

Commissioners must be appointed within 30 days of enactment (except for the ex officio). The Commission shall hold its first meeting within 60 days of enactment. The interim report is due within 6 months of the initial meeting. The final report is due within 12 months of the initial meeting. The Commission terminates within 60 days after the final report.

11

11

One

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Back in December, we wrote about plans by Rep. Mike McCaul and Senator Mark Warner to put together a "commission" to figure out what to do about the encryption "issue." In his speech, McCaul did at least say that "providing a backdoor into everybody's iPhone was not going to be a very good strategy" since it would open things up to hackers, but at the very same time, he kept saying that we had to somehow stop bad people (terrorists, criminals, child predators) from using encryption. He also keeps insisting that the Paris attackers used encryption, despite lots of evidence to the contrary. So it's not entirely clear what the point of this Commission is, other than to chase down some mythical solution that doesn't exist.The basic problem is this: to have real security you need strong encryption. And if you have strong encryption, people who are both good and bad can use it. So either you undermine strong encryption for everyone -- harming the vast majority of good people out there -- or you allow strong encryption, meaning that some bad people can use it. The only way to have strong encryption but not allow the bad guys to use it is toI'm pretty sure that's impossible because there's no universal standard for what makes a "bad" or "good" person, and definitely not one that can be implemented in device hardware or software. So a commission seems like a waste of time.But the Commission is coming... and later today McCaul and Warner are releasing the bill that will form the Commission. Someone kindly leaked us the bill and some related documents over the weekend, so we can give you a bit of a preview. To their credit, it appears that McCaul and Warner have paid attention to the criticism, and reallytrying to present a "balanced" commission, rather than one dominated by folks who don't actually understand the technological realities. That's a plus. There's still the negative that what they're basically asking for is impossible, but we'll let that slide for the moment on the basis of "well, their intentions aren't as horrible as we feared...".So, should this bill pass, the Commission would have 16 members, with the Republicans and Democrats each appointing eight, and that eight that each party appoints would be one person from each of the following fields:That's actually... not a bad mix overall, though obviouslyis appointed will make a huge difference in terms of whether or not we have a useful commission or one that will declare the impossible (and dangerous) possible. The commission will actually have subpoena authority, which is an interesting choice, and will, of course, hold a bunch of hearings. And it's expected to move pretty quickly:Meanwhile, given that it's almost certain that the commission will not unanimously agree on anything, the final report needs to only be agreed upon by12 of the 16 commissioners. And dissents will be published with the report as well. Even getting to12 may be tricky without some serious compromises. If you assume (which is already unlikely) that the non-law enforcement/intelligence guys would all agree on something, you're still left with the 6 law enforcement and intelligence commissioners.Two of them would have to be convinced to go along with the report. I mean, it is possible. Michael Hayden and Michael Chertoff have both been going around saying that strong encryption is good and backdoors are bad. So maybe you get someone like them to be one of the "intelligence community" folks on the commission -- but it's still an uphill battle.: While the FAQ originally said 11 were needed to agree, the actual legislation says 12, making it that much trickier.At the very least though, it does seem clear that -- contrary to the concerns of many -- this isn't just a commission set up to say "backdoor all encryption." So while it still seems focused on the impossible, it's still much better than it could have been (and would have been under some other folks in Congress).

Filed Under: commission, congress, encryption, going dark, mark warner, michael mccaul