Proposed Senate bill grants courts authority to force access to encrypted data

Posted:
in General Discussion edited March 2016
According to a report on Monday, U.S. Senate Intelligence Committee leaders are circulating a draft bill that would give federal courts liberal authority to compel tech company compliance with government requests for access to encrypted data.




Citing sources familiar with the matter, Reuters reports the proposed legislation from Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA) is making the rounds, but has a long way to go in a deeply divided Congress.

The bill was rumored to be nearing completion earlier in March, and at the time was thought to include civil penalties for noncompliance. In its latest iteration, however, the document seems vague -- perhaps purposely so -- as it does not stipulate penalties of any kind for failure to act, nor does it mention particular methods or means by which tech companies must provide access to encrypted data. Unlike previous attempts to pass policy on privileged software backdoors, it would be up to companies to navigate an appropriate path to requested data on their own systems, the report said.

The bipartisan draft bill comes amidst a contentious debate over government access to encrypted user data. Apple in February was ordered to assist the FBI in efforts to unlock an iPhone linked to San Bernardino shooter Syed Rizwan Farook. The company is resisting, saying government requests to build a vulnerable version of iOS puts millions of iPhones and iPads in jeopardy, represents overreach and could set dangerous precedent for future investigations.

For its part, Apple has argued that the encryption debate should be settled by by U.S. lawmakers, not the courts. President Barack Obama's administration might be in agreement, as today's report said officials looked over the proposed bill and offered suggestions. Obama has kept relatively quiet on the issue, but during a recent interview at SXSW leaned toward the DOJ in urging prudence from both sides.

In a related development, the Justice Department on Monday was granted a motion to suspend the San Bernardino proceedings, claiming an outside party presented a potential method of unlocking Farook's iPhone. Federal Magistrate Judge Sheri Pym subsequently cancelled an evidentiary hearing scheduled for Tuesday.
«1

Comments

  • Reply 1 of 40
    jason98jason98 Posts: 768member
    Well any app can come with its own way of encrypting user data in a device or cloud. There is nothing feds can do about it. And if Apple stops approving such apps, there will be always a jailbreak.
    sockrolidMDotVisualSeeddiplicationrajesh_security_kcornchipjony0
  • Reply 2 of 40
    wizard69wizard69 Posts: 13,377member
    The sad thing here is the "bipartisan" nature of the bill.   Like it or not I can't see Apple wining when both parties are hell bent on destroying the constitution.   
  • Reply 3 of 40
    jungmarkjungmark Posts: 6,926member
    Dear Congress, encryption should be unbreakable. No backdoors. 
    justadcomicsMDotbrakkenrajesh_security_knolamacguyjony0
  • Reply 4 of 40
    irelandireland Posts: 17,798member
    A life lived for fear is no life at all.

    Dianne Feinstein clearly isn't at peace with anything in her life. Like (Stumpy-fingers) Trump, those who live for power and control will never have enough to make them happy. Their lips say many things but their faces say everything.

    I urge you all to phone your representatives to be sure this bill dies before it lives.
    edited March 2016 gtrwetlanderfotoformatrajesh_security_klatifbpjony0
  • Reply 5 of 40
    icoco3icoco3 Posts: 1,474member
    Will they dare go through with it during an election cycle that is shaping up to be fairly
    nasty?  
  • Reply 6 of 40
    Considering congress and numerous court decisions have already deemed encryption legal without the need for government backdoors, it's going to be very hard to put the genie back in the bottle. We can encrypt data and communications today on our own without the help of any company. While I may be subject to a warrant and could be held in contempt for not decrypting the data, no company could be held responsible for doing it if I was dead or unwilling to cooperate. 
    rajesh_security_klatifbp
  • Reply 7 of 40
    radarthekatradarthekat Posts: 3,842moderator
    It's really quite simple.  Apple sticks a few of those fancy circular desktop computers in a back room with one employee dedicated to overseeing them, maybe a Genius Bar employee on rotation out of a local Apple Store.  When the government comes around with an iPhone that needs hacking, Apple rips the data off the phone, sticks it on one of those Mac Pros, and flips the switch.  The software starts brute forcing both the passcode and the iPhone hardware key.  The Genius Bar employee gives an estimate to the government suit as to when he should come back to get the decrypted data.  Typical wait time is on the order of 70,000 years.  "Would you like an appointment card, or will you remember on your own to come back on that day?"
    jfc1138gtrSir_Turkeyrajesh_security_kslprescott
  • Reply 8 of 40
    joshajosha Posts: 901member
    wizard69 said:
    The sad thing here is the "bipartisan" nature of the bill.   Like it or not I can't see Apple wining when both parties are hell bent on destroying the constitution.   
    Yes it wouldn't surprise me if the USA Gov wins this case.
    All Apple can do is change and improve their security with each release of the specs for breaking it.  :# :'(
  • Reply 9 of 40
    postmanpostman Posts: 35member
    Apple needs to spend more on lobbyists. Congress is for sale, and Apple can afford to buy it five times over.
    Sir_Turkeywetlanderlatifbppalomine
  • Reply 10 of 40
    brakkenbrakken Posts: 687member
    postman said:
    Apple needs to spend more on lobbyists. Congress is for sale, and Apple can afford to buy it five times over.
    Disagree. Apple is doing the right thing and in the right way. The feds dropping this case proves they knew they couldn't win. The weakening of the bill is further proof the constitution is still a public force. Apple is doing it right - maintaining its dignity and integrity and its honour! 

    Paying off congress can only weaken the actual democratic mechanisms in place that still function, and subvert the remaining strength of the constitutional rights that remain. Apple is great. Truly great!
    edited March 2016 propodlatifbppalominejony0
  • Reply 11 of 40
    jfc1138jfc1138 Posts: 3,090member
    josha said:
    wizard69 said:
    The sad thing here is the "bipartisan" nature of the bill.   Like it or not I can't see Apple wining when both parties are hell bent on destroying the constitution.   
    Yes it wouldn't surprise me if the USA Gov wins this case.
    All Apple can do is change and improve their security with each release of the specs for breaking it. 
    The Gov. already lost an All Writs Act case, and badly. Feng case in Brooklyn. Judge Orenstein really ripped the DoJ a new one too. 

    The legislation? Far too soon to tell. 
    edited March 2016
  • Reply 12 of 40
    kent909kent909 Posts: 731member
    I think the Democratic Party needs to tell Feinstien that if she wants to have another term in the Senate that she will have to do it as a Republican. She has lost it. 
    wetlanderbuzdotsnolamacguypalomineai46
  • Reply 13 of 40
    gtrgtr Posts: 3,231member
    It's really quite simple.  Apple sticks a few of those fancy circular desktop computers in a back room with one employee dedicated to overseeing them, maybe a Genius Bar employee on rotation out of a local Apple Store.  When the government comes around with an iPhone that needs hacking, Apple rips the data off the phone, sticks it on one of those Mac Pros, and flips the switch.  The software starts brute forcing both the passcode and the iPhone hardware key.  The Genius Bar employee gives an estimate to the government suit as to when he should come back to get the decrypted data.  Typical wait time is on the order of 70,000 years.  "Would you like an appointment card, or will you remember on your own to come back on that day?"
    70,000 years in the future the FBI gets the data off the phone that they so badly wanted:

    "42"
    edited March 2016 brakkencincyteenolamacguy
  • Reply 14 of 40
    Unlike previous attempts to pass policy on privileged software backdoors, it would be up to companies to navigate an appropriate path to requested data on their own systems, the report said.


    In a related development, the Justice Department on Monday was granted a motion to suspend the San Bernardino proceedings, claiming an outside party presented a potential method of unlocking Farook's iPhone. Federal Magistrate Judge Sheri Pym subsequently cancelled an evidentiary hearing scheduled for Tuesday.
    I absolutely don't understand how they can make this work.  I can use my own AES-128/AES-256 implementation, and so can my friends.  This software can run on any device.  And we can send encrypted messages messages to each other without any manufacturer knowing anything about it.
    How on earth are you going to prevent that?  Have problems exchanging keys?  Use RSA/ECC certificates and DH.

    Yes, I know what I am talking about; I have been working in security for 17 years.

    Also, the whole thing about not being able to read keys from inside the silicon is absolute baloney.  Decapping and reading processor internal OTP has been around for a long time.  Do you think the NSA will actually allow an unreadable chip to exist?

    This was a legal battle to begin with: FBI wanted a perfect case to get the public on its side.  Child pornography, terrorists, mass murderers, etc. make my hair stand on end and make me extremely angry.  And FBI played its cards well, including disabling access by changing the iCloud password.

    The FBI just wanted to twist Apple's arm and teach it a lesson and force a precedence once and for all.  Didn't turn out that well.
    brakkenlatifbppalomine
  • Reply 15 of 40
    dinoonedinoone Posts: 73member
    Math cannot be undiscovered or unlearned, not even by brute force or by law.
    edited March 2016 rajesh_security_kchabigpalomine
  • Reply 16 of 40
    Dear Congress, encryption should be unbreakable.
    edited March 2016
  • Reply 17 of 40
    ceek74ceek74 Posts: 324member
    I heard the funniest thing today - "US Senate Select Committee on Intelligence"!  Totally hilarious!  Is this for real?
  • Reply 18 of 40
    mwhitemwhite Posts: 287member
    I'm from Southern California I sure wish these stupid idiots would stop voting for Feinstein she is the worst!
    buzdots
  • Reply 19 of 40
    lkrupplkrupp Posts: 10,557member
    This is going to happen. “We the People” lost control of our government decades ago the day we decided it was the government’s job to “take care” of us. The nanny government will prevail because we are sniveling cowards willing to turn over our lives to it.
  • Reply 20 of 40
    customtbcustomtb Posts: 346member
    If the sigh this bill #VoteThemOut
    horvaticai46
Sign In or Register to comment.