David Tomaschik: Ham Fisted Legislators https://systemoverlord.com/2016/04/10/ham-fisted-legislators.html
Theres fortunately been a lot of media coverage of a typically ham-fisted
attempt to legislate technology:
For once, its not just been technology blogs: Fortune, Reuters, and USA Today
are among those covering the legislative failure.
The fact that one of the cosponsors is one of my own Senators (Dianne Feinstein)
makes this all the more painful for me. She claims to be a Democrat, but her
legislative agenda has shown her to be more of right-wing police-state
NSA-apologist than a California liberal. Im sure its no coincidence that her
husband has significant holdings in military complex corporations that benefit
from her anti-American police-state tactics.
I should mention at this point that, in case it hasnt been obvious, Im not a
lawyer. I had to consult a dictionary for some of the words in this bill
(notwithstanding
is a word that seems to only be used in legislation, and is very important
here), but I think my interpretation of their intent is different from many of
the blogs, based on the following language:
Nothing in this Act may be construed to authorize any government officer to
require or prohibit any specific design or operating system to be adopted by
any covered entity.
Now while the current text does seem to require a backdoor in any cryptography,
I dont think that was the intent. I think the intent was only to require
the provider to turn over plaintext if they were capable of doing so under the
current design. Unfortunately, it doesnt seem they wrote it that way, as is
typical when legislators who dont know what theyre doing, dont understand
technology, and dont get input try to legislate technology.
I completely agree that we need legislation regarding encryption and searches,
but I take a little bit of a different spin from Senator Feinstein. We should
have federal legislation prohibiting lower levels from requiring backdoors, as
is being tried in California. Law-abiding citizens shouldnt have their
security weakened (and theres a general consensus among cryptographers that
its impossible to create backdoors in cryptography without weakening the
general security of the system) because of the fearmongering tactics of law
enforcement.
Yes, if a service has access to plaintext and is served with a valid 4th
ammendment warrant (not a NSL or a kangaroo court FISA order), I believe they
should provide the plaintext. Weve seen what happens with secret warrants and
warrantless searches: both with the NSA scandal, but also with Hoover and
McCarthy, the Stasi in Germany, and other over-powerful police services. The
founders of this country were clearly aware of the risk when they stated:
The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized.
Weakening American-made crypto only weakens America. Bad guys will still have
access to crypto without backdoors from other countries or from before any
legislation, so any legislation to weaken cryptography will only serve to enable
unconstitutional mass surveillance, weaken Americans rights, all without
improving national security one iota.