Senate draft bill requires companies extract, decrypt data for law enforcement

Posted:
in General Discussion edited April 2016
Two high-ranking U.S. senators on Wednesday released to the public a proposed bill that would grant courts the authority to order tech companies dealing in hardware, software or services help law enforcement agencies gain access to encrypted communications.




The draft bill, dubbed "Compliance with Court Orders Act of 2016," was penned by Senate Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA) in a bid to streamline government requests for encrypted data. In its current form, the legislation would require companies like Apple to bypass their own security measures, access target data and present it to law enforcement agencies in an "intelligible" -- decrypted -- format.

As applied to Apple's recent kerfuffle with the FBI over a passcode locked iPhone connected to last year's San Bernardino massacre, the company would have been forced to "provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data" after having received a court order demanding as much.

Importantly, the bill requires data be handed over in an "intelligible" format, defined as information or data that has either never been encrypted, or has been encrypted and subsequently decrypted for authorities. Since the legislation does not refer to a specific data gathering methodologies, or limitation thereof, the onus of thwarting built-in security measures, extracting data and decrypting it falls solely on the company.

As compared to previously leaked versions, today's draft has been narrowed and now only applies to cases involving crimes resulting in death or serious bodily harm, foreign intelligence and espionage, terrorism, federal crimes against minors, serious felonies and federal drug cases.

The controversial bill has been the topic of much debate since it was learned that Burr and Feinstein were mulling its creation in February. An early version recently leaked online and was promptly thrashed by security experts who called the proposal "ludicrous" and "dangerous."

According to Reuters, the groups who leaked the bill last week say no substantial changes were made in the interim. The publication notes Burr and Feinstein released the draft version to gather feedback from lawmakers and their constituents.

"I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law," Burr said in a statement. "Based on initial feedback, I am confident that the discussion has begun."

«1

Comments

  • Reply 1 of 26
    I can only conclude they intentionally proposed the most extreme position possible so as to make their final position seem reasonable by comparison and therefore claiming some faux compromise while still achieving their primary goal of essentially outlawing private encryption.
    edited April 2016 clemynxbaconstangstompyewtheckmanlostkiwifrankieicoco3
  • Reply 2 of 26
    technotechno Posts: 697member
    Pure stupidity due to knee jerk reactions by politicians.
    baconstangmagman1979lostkiwifrankieicoco3jbdragon
  • Reply 3 of 26
    stskstsk Posts: 21member
    If there were awards for irony in titles, the "Senate Intelligence Committee" would win top honors every year. Also, if brains were C-4, Feinstein and Burr couldn't blow their own noses.
    mwhitebaconstangmontrosemacsmagman1979MacProewtheckmanfrankieradarthekaticoco3jbdragon
  • Reply 4 of 26
    Regarding the requirement of "timely"...

    Do they also require the tech vendor to break the laws of physical? Or is 220 years considered "timely" (given the performance limits of current technology)?
  • Reply 5 of 26
    freerangefreerange Posts: 1,585member
    Dear Sen. Burr and Sen. Feinsein, I hereby submit my feedback:

    "Your bill is fatally flawed and based on arrogance and ignorance, or better yet, sheer stupidity. Further, as members of the US Select Committee on Intelligence, please let us know when you've finally found some."

    Please advise if you need any further feedback or assistance.
    edited April 2016 mwhitebaconstangapplepieguymagman1979ewtheckmanfrankieicoco3jbdragon
  • Reply 6 of 26
    eightzeroeightzero Posts: 2,292member
    I would expect this to actually strengthen encryption technologies. As reported here, there would be no requirement for the companies to actually be able to break the encryption.  
  • Reply 7 of 26
    NemWanNemWan Posts: 114member
    eightzero said:
    I would expect this to actually strengthen encryption technologies. As reported here, there would be no requirement for the companies to actually be able to break the encryption.  
    Everyone seems to believe that failure to provide intelligible data when ordered would be in violation of the law. Unbreakable encryption could not be used without risking violation if the data should ever be demanded in a case, similar to how in some states a homeowner can be charged with having illegal fortifiactions if police find that a home has been intentionally foritified for the purpose of delaying entry by police.
    jbdragon
  • Reply 8 of 26
    This is not a wise bill. It will be challenged by all the major tech firms up through the SCOTUS. Second, if the Bill passes and tech firms have to change their OS to meet the law, then bad actors will either use a need-to-end app created in-house or from the underground market or the bad guys will simply drop of the net and go black, using non-technical, non-electronic means to plot and coordiante their bad deeds. Instead of this new Bill we need better LE and intelligence capabilities. This Bill is also a good reason why there needs to be term limits on every elected official and judge.
    baconstangtdknoxlostkiwiradarthekaticoco3jbdragon
  • Reply 9 of 26
    "Senate Intelligence"..... that there is the definition of 'oxymoron'.
    magman1979icoco3jbdragon
  • Reply 10 of 26
    They want their cake and eat it too..
    lostkiwijbdragon
  • Reply 11 of 26
    anomeanome Posts: 1,260member
    creek0512 said:
    I can only conclude they intentionally proposed the most extreme position possible so as to make their final position seem reasonable by comparison and therefore claiming some faux compromise while still achieving their primary goal of essentially outlawing private encryption.
    One hopes so, as there are already a number of devices in the wild that can't be decrypted by the manufacturer without the participation of the user.

    The alternative is a somewhat unworkable law. For a start, it's a US law, so can only be applied to people operating in the US. So, let's say, Samsung makes a phone for the US market that satisfies the requirements of this law, but sells the rest of us a version that doesn't. What happens if I travel to the US with my strong encryption phone, and get involved in a crime of some sort. Law enforcement want to see what's on my phone, and take it to Samsung US to be decrypted, but they can't do it. Are they then going to charge a foreign company with selling a foreign national a phone in a foreign market because it doesn't satisfy this law?

    What they can do, and have tried to do in the past, is get trade partners to pass similar laws, but there will still be places that won't, and that will be where people who want their phones to stay encrypted will buy them.
    radarthekat
  • Reply 12 of 26
    volcanvolcan Posts: 1,772member
    Unduley burdensome. The way it is written it involves computers, tablets, phones, iPods, cloud services, and maybe even external drives, optical disks and memory sticks. There is no way that companies can comply with all that because each case is completely different. Who is responsible if multiple vendors are involved? For example I build my own servers from off the shelf components where passwords and other data is md5 hashed which I can't crack. Even password protected zip, pdf files or PGP email messages may fall under these statues. There has to be more clarification because these mandates could bankrupt a small company.
    edited April 2016 ewtheckmanradarthekaticoco3
  • Reply 13 of 26
    jungmarkjungmark Posts: 6,664member
    Frak you, Senators. No backdoors. Even the smallest backdoor can be cracked wide open, putting us all at risk. 


    magman1979ewtheckman
  • Reply 14 of 26
    Does that law apply to companies producing paper shredders? Will they have to invent a reasonable and timely process to un-shred the pieces? What about match companies? Recreate the original text from the gaseous carbon dioxide and water fumes?
    magman1979ewtheckmanlostkiwiradarthekat
  • Reply 15 of 26
    Coming Soon...
    In trade for a "Public Eduaction" children will be required to spy on their parents and siblings and report any transgressions deemed illegal by the state.

    ewtheckman
  • Reply 16 of 26
    smalmsmalm Posts: 655member
    anome said:
    What happens if I travel to the US with my strong encryption phone
    You will be arrested immediately as per definition only terrorists use strong encrypted phones!
    ewtheckman
  • Reply 17 of 26
    technotechno Posts: 697member
    I believe Feinstein is up for reelection soon. Next year? It will be interesting to see how her home state of California, and more specifically Silicon Valley reacts to this.
    retrogusto
  • Reply 18 of 26
    foggyhillfoggyhill Posts: 4,767member
    So create an universal fucking key, which is a total absolute security disaster, these people are grade morons for the ages and even in alternate dimensions

    so it's fuck up security for everyone on earth, on the hypothetical chance of stopping on mass shooting by a gang of idiots (cause. Non idiot. Terrorists will not use those devices)
    radarthekat
  • Reply 19 of 26
    welshdogwelshdog Posts: 1,658member
    techno said:
    I believe Feinstein is up for reelection soon. Next year? It will be interesting to see how her home state of California, and more specifically Silicon Valley reacts to this.
    They are always up for election. Don't fool yourself into thinking they don't always think about it.  I bet he and she are responding to pressure from constituents and fellow lawmakers to address this issue.  Governments have never really tolerated secret keeping on the part of their citizens, so I figure we should enjoy what time we have left and then long wistfully for the days of actual digital privacy.
  • Reply 20 of 26
    michael_cmichael_c Posts: 164member
    techno said:
    I believe Feinstein is up for reelection soon. Next year? It will be interesting to see how her home state of California, and more specifically Silicon Valley reacts to this.
    The 2018 election.
Sign In or Register to comment.