backtop


Print


  (Source: AP)
Representatives say such a mandate stands "zero chance" of passing

The U.S. Congress doesn't always get it right -- some would even argue it seldom gets it right these days.  But occasionally the interests of special interest donors align fortunately with the public interest and Congress does something praiseworthy.

I. The Right to Encrypt

This is the case with the recent decision to rebuff requests from The U.S. Federal Bureau of Investigation's (FBI) director, James Brien Comey, Jr., who wanted Congress to pass a law forcing American smartphone makers to decrypt citizens' devices at the request of federal law enforcement.

The request was bizarre in the first place, as the Electronic Frontier Foundation (EFF) points out, as the Communications Assistance for Law Enforcement Act (CALEA) of 1994 states (47 U.S. Code § 1002):

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

In other words, telecommunications carriers -- and by extension their representatives (smartphone OS makers, smartphone OEMs, etc.) -- had no explicit legal responsibility to provide decryption to law enforcement.

Android and iOS
Under CALEA, companies like Google and Apple are not required to provide smartphone decryption services for the FBI.

Making such a demand would be tantamout to banning encryption, as content can only be decrypted if the algorithms are rendered useless in the first place by flaws/backdoors or if a large amount of computing resources is utilized to crack the encryption with brute force attacks (a request which would be cripplingly expensive for a company to carry out on a regular basis).

But that didn't stop Director Comey from attempting to bend logic -- and the law.  His comments come after Google Inc. (GOOG) and Apple, Inc. (AAPL), the world's top two smartphone platform companies, began advertising encryption features that keep Americans' data private and secure.

II. On "Back Doors" and "Front Doors"

In a recent interview, Director Comey said that people shouldn't trust the FBI given its history of misbehavior and illegal investigations.  But then he went on to daftly suggest that the public entrust the behavior with new investigation authority -- including regulating decryption -- with nary a promise of transparency in exchange.

And just months after the U.S. Supreme Court beat back warrantless smartphone searches, Director Comey brazenly stepped up his rhetoric, last week calling on Congress to pass a bill to revamp CALEA, scrapping its encryption protections.

Director James Comey
FBI Director James Comey asked Congress to effectively outlaw smartphone encryption.
[Image Source: AP]

At a speech at the Brookings Institution last Thursday, he trumpeted this shrill request to force a government-accessible backdoor into the security layer of Americans' smartphones.  He remarked:

The FBI has a sworn duty to keep every American safe from crime and terrorism, and technology has become the tool of choice for some very dangerous people. Unfortunately, the law hasn't kept pace with technology, and this disconnect has created a significant public-safety problem.

The response prompted quite a bit of quiet back-channels backlash from corporate IT departments, who griped to members of Congress that such encryption was necessary to protect valuable secrets in the enterprise.  Any backdoor, they argued, would quickly be discovered and exploited by both private sector hackers and military hackers from hostile nation-states like China.

Carl Szabo, an industry lobbyist for the group NetChoice, who represents Google, Yahoo! Inc. (YHOO), eBay, Inc. (EBAY), and other top American internet firms, said his constituents were opposed to the bill, commenting to The Hill:

This is a long-term discussion that has been coming and I expect to continue.  [Could it pass?]  I never underestimate anything.  I always think that there is a chance, even if it’s not as sweeping as installing a front door master key on every mobile device, it could be installing a small backdoor.

Backdoor
Director Comey claimed he didn't want to penetrate Americans devices with a "backdoor", but rather wanted some "front door" action. [Image Source: Google Images]

Director Comey disagreed with the characterization that he was asking for a government accessible "backdoor".  He argued:

We want to use the front door with clarity and transparency.

That assertion was scoffed at by senior cybersecurity researchers, though.  Harvard University's Berkman Center for Internet & Society and a senior research fellow, Bruce Schneier, chimed in on Director Comey's claim that he was asking for "a front door".  He commented:

The notion that it’s not a backdoor; it’s a front door — that’s just wordplay.  It just makes no sense.

Now the ball was in Congress' court.

III. Congress to Comey: Stand Down

And thus far, Congresspeople have seemingly unanimously agreed that the FBI Director's request made littele sense.  Listening to their donors needs -- and recognizing they overlapped with the public -- a number of leaders in Congress responded this week to Director Comey's request with harsh disapproval and condemnation.

Sen. Ronald Lee "Ron" Wyden (D-Oreg.) said in a statement to The Hill:

I’d be surprised if more than a handful of members would support the idea of backdooring Americans' personal property.

Even the original author of the overreaching 2001 USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act), Rep. Frank James "Jim" Sensenbrenner, Jr. (R-Wisc., 5th District), said Director Comey went too far, commenting:

While Director Comey says the pendulum has swung too far toward privacy and away from law enforcement, he fails to acknowledge that Congress has yet to pass any significant privacy reforms.  Because of this failure, businesses have taken matters into their own hands to protect their consumers and their bottom lines.

Others were even harsher.

Rep. Darrell Edward Issa (R-Calif., 49th District) commented:

To FBI Director Comey and the [administration] on criticisms of legitimate businesses using encryption: you reap what you sow.

Rep. Zoe Lofgren (D-Calif., 19th District) softened the blow, stating:

I think the public would not support it, certainly industry would not support it, civil liberties groups would not support it.  I think [Comey is] a sincere guy, but there’s just no way this is going to happen.

Rep. Lofgren and Issa
Californian U.S. House Rep. Lofgren (left) and Issa (right) were among the members of Congress decrying Comey's request. [Image Source: Congress/Flickr]

Observers noted Comey's request echoed the failed "Clipper chip" request from the 1990s where the intelligence agencies asked Congress to mandate the installation of chips in mobile and media devices to give government direct access to Americans' data.  The request was ultimately shot down after much outcry and rancorous debate.

Congress has been at odds with the Director of National Intelligence (DNI) over accusations that the U.S. National Security Agency (NSA) spied on Congress with its mass data collection.  Congress was also irate after the U.S. Central Intelligence Agency (CIA) admitted to sabotaging Senators' computers in an attempt to stifle a separate Congressional investigation into overseas torture abuse.

Sources: The Hill, FBI [speech], EFF [press release]





"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki