New US Bill would require makers of encrypted devices to leave a backdoor

[SumTingWong]

Content source

https://www.androidauthority.com/lawful-access-to-encrypted-data-1132922/

• The Lawful Access to Encrypted Data Act could be a crushing blow to privacy in the US.
• The bill would require manufacturers to leave a backdoor that the government could access when needed.
• There’s plenty of opposition to the bill from security and privacy advocates

US Senators have introduced a new anti-encryption bill called the “Lawful Access to Encrypted Data Act,” which would require makers of encrypted devices and operating systems to leave a backdoor that could allow law enforcement to access encrypted information when requested. Basically, this means that all manufacturers would need to leave a backdoor in their encryption, which defeats the entire point of encryption in the first place.

The Lawful Access to Encrypted Data Act would bring an end to warrant-proof encryption in devices, platforms, and systems, which could be a huge deal for both companies who make encrypted services and devices and the users who enjoy the privacy offered by them, according to the plan laid out in the bill.
Senate Judiciary Committee Chairman Lindsey Graham said, “Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities.”
Graham went on: “This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the internet.”
There are a few issues that would be a problem for end-users. First, there’s the argument of whether this is in violation of any rights to privacy. Second, there’s the issue that once a backdoor is purposefully left in for the use by law enforcement, that same backdoor could be found and exploited by more malicious individuals, thus making the encryption all but useless.
According to Bitcoin.com, Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Center for Internet and Society at Stanford Law School, said that the bill is “a full-frontal nuclear assault on encryption in the United States.” That’s just about as terrifying as it sounds. Even if you’re not worried about the government gaining access to your private information because you’re not doing anything illegal, there are far worse people than the government that you need to worry about.

RIP

 

[Marko :)]

Gosh, US government really wants to spy its citizens. There's at least one news article like this every month or so. I'm so glad EU is for privacy and fighting for consumers.

 

[Thales]

I'm sad because they are stupid. If the law-enforcement has access to the backdoor it also means the hackers will have too.
Gosh people are so clueless especially politicians.
So, it means bitlocker, google based phones etc are not gonna secure anymore.
We have veracrypt and other programs but we will have to avoid every US based company. What about phones?

 

[HarborFront]

The US complain the Huawei equipment has backdoor and ban them. So now they want the manufacturers to leave a backdoor for their law enforcement agencies?

 

[brigantes]

Gosh, US government really wants to spy its citizens. There's at least one news article like this every month or so. I'm so glad EU is for privacy and fighting for consumers.

It is for criminal cases with a court issued search warrant. It is not for general surveillance and spying purposes.

The US complain the Huawei equipment has backdoor and ban them. So now they want the manufacturers to leave a backdoor for their law enforcement agencies?

Huawei has backdoors in its products for domestic surveillance and international espionage.

Law enforcement use is legitimate. Spying on your own people to surveille and then oppress and an openly admitted program of worldwide espionage are vile.

We all know that you know the difference, and we all know that you are anti-US and every time you get the chance you try to bash the US.

The US is no saint. It does wrong just like every other country. But please stop.

 

[Ink]

Foolproof idea... also let foreign intelligence spy on US Government-issue phones through these "backdoors". Can never be too smart.

 

[Marko :)]

It is for criminal cases with a court issued search warrant. It is not for general surveillance and spying purposes.

Huawei has backdoors in its products for domestic surveillance and international espionage.

Law enforcement use is legitimate. Spying on your own people to surveille and then oppress and an openly admitted program of worldwide espionage are vile.

We all know that you know the difference, and we all know that you are anti-US and every time you get the chance you try to bash the US.

The US is no saint. It does wrong just like every other country. But please stop.

How can you guarantee that backdoor won't be used by government and authorities for illegal purposes? You cannot; everything that can be misused will be misused. Just look at the corruption around the world. Government shouldn't steal and use money in illegal ways, yet corruption is present in every country.

Not just that, imagine what would happen if hackers somehow found out about the backdoor and start to exploit it.

And yes, backdoor might help authorities in catching criminals. But, it will also weaken your privacy and security.

 

[Thales]

For law enforcement only. lol
If you believe this you are naïve. Fact!

 

[danb]

At first glance this seemed like a MASSIVE issue.

Then I thought about all of the malware that already affords access. The systems are not pristine, they are already compromised.

This is especially not a concern if you are aware of how you can properly protect your systems, but choose to maintain a more relaxed security posture.

Edit: case in point...

Zerodium says it has too many iOS and Safari exploits, pauses submissions - 9to5Mac

Exploit acquisition platform Zerodium has shared that it has an oversupply of a few types of iOS and Safari flaws,...

9to5mac.com

 

[SumTingWong]

I wonder how Apple and other tech firms response to this because police and fbi have a hard time to bypass Apple encryption. I can't wait to see US tech firms to move all their encryption devices sale away U.S.

This need to stop.

 

[Tutman]

It is for criminal cases with a court issued search warrant. It is not for general surveillance and spying purposes.

The US is no saint. It does wrong just like every other country. But please stop.

I am in the U.S. and was nothing learned from Snowden? Yes it can be used for more sinister means.

 

[Marko :)]

I wonder how Apple and other tech firms response to this because police and fbi have a hard time to bypass Apple encryption. I can't wait to see US tech firms to move all their encryption devices sale away U.S.

This need to stop.

Forensics detective says Android phones are now harder to crack than iPhones

 

[South Park]

Bruce Schneier wrote a wonderful essay on why perfect surveillance destroys freedom: How Surveillance Inhibits Freedom of Expression - Schneier on Security

The ... presence of surveillance means society cannot experiment with new things without fear of reprisal, and that means those experiments -- if found to be inoffensive or even essential to society -- ‐ cannot slowly become commonplace, moral, and then legal. If surveillance nips that process in the bud, change never happens. All social progress -- from ending slavery to fighting for women's rights -- began as ideas that were, quite literally, dangerous to assert. Yet without the ability to safely develop, discuss, and eventually act on those assertions, our society would not have been able to further its democratic values in the way that it has.

 

[brigantes]

I wonder how Apple and other tech firms response to this because police and fbi have a hard time to bypass Apple encryption. I can't wait to see US tech firms to move all their encryption devices sale away U.S.

This need to stop.

Within 10 years it shall become law in one form or another. There's too much money to be made in America. All the world's manufacturers will comply. The law shall apply to all OEMs that do business in the US whether the devices are manufactured in the US or abroad. There will be no skirting the law by moving manufacture off US soil. OEMs already are accustomed to making different versions of the same device to comply with different market requirements. So they can and will do it.

The US govt openly stated back in 2000 that its ultimate goal was to criminalize all non-breakable non-governmental encryption. Slowly over the years they have been making that a reality. Right now it is probably 70 % towards meeting that goal.

 

[danb]

If a member of a terrorist organization is arrested and there is vital info on their cell phone that could thwart a terrorist attack, assuming a proper warrant is issued, I believe most people would be in favor of unlocking the device and searching its contents for evidence.

Sure, the FISA court might have over reached in the past, but they do not have the capacity or interest in targeting the general public, and in fact are working to protect the general public.

The argument from the tech giants is that a backdoor would leave devices vulnerable. But this argument does not hold water simply because the devices are already vulnerable and exploited. If the devices were bulletproof, it would be a completely different story, and creating a backdoor would leave the devices vulnerable, but this is simply not the case.

Read this summary (especially the Background section) and it just might change your mind…

Graham, Cotton, Blackburn Introduce Balanced Solution to Bolster National Security, End Use of Warrant-Proof Encryption that Shields Criminal Activity | United States Senate Committee on the Judiciary

WASHINGTON – Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina) and U.S. Senators...

www.judiciary.senate.gov

Or the actual bill, it goes to great lengths to ensure the rights, privacy and freedoms of the general public are not infringed...

Download File: S.4051 - Lawful Access to Encrypted Data Act | United States Senate Committee on the Judiciary

United States Senate Committee on the Judiciary

www.judiciary.senate.gov

 

[Cortex]

Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.

 

[danb]

Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.

Yeah, things have changed here the last 4-10 years so I have been researching the best countries to relocate to. I am thinking either Canada, UK, or one of the Scandinavian countries because it would be nice to live around other people who are happy all the time, instead of grumpy people who enjoy the rat race. If anyone has any suggestions, I am all ears. The goal is to find the happies place on the planet .

We certainly need encryption, there is no question, but it cannot go unchecked so that criminals can abuse it… because if criminals abuse it too much, then we will lose it completely. Look at ransomware… it actually originated 31 years ago in 1989, but did not thrive until crypto currency enabled criminals to remain anonymous.

First known ransomware attack in 1989 also targeted healthcare

When the recent string of ransomware attacks targeted hospitals, including Hollywood (Calif.) PresbyterianMedicalCenter and Columbia, Md.-based MedStar Health, it appeared to come full circle to the first-ever known ransomware attack that also targeted the healthcare industry.

www.beckershospitalreview.com

As for the other crimes that crypto enables, people have right to privacy, but other people have the right not be attacked and victimized by criminals who operate in the shadows. Tim Cook even said "Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."

To me it is pretty simple… maybe some kind of encryption key escrow where the device manufacturer has half of the keys and the government has the other half… just like how it takes 2 weapons officers turning their key at the same time to fire a nuclear missile. This would stop any over reach from FISA, criminals would be held accountable, and our data would be properly encrypted.

Encryption is an absolutely vital tech, but it is highly capable of harboring criminals, and if we do not get this right we really will lose it completely.

 

[brigantes]

Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.

There are very high costs associated with getting warrants. The typical criminal investigation warrant costs in aggregate about $30,000 in the US and 20,000 £ in the UK. It is unlikely that the US judiciary is prepared to issue fishing expedition warrants to enable mass surveillance. The bill is carefully crafted to prevent such a thing.

Nobody is going to stop you from using encryption services such as VPN, proxy services, Tor network and such. That's not covered in the bill. The bill is entirely about direct access to the device. It does not state that communications encryption shall be backdoored. Even if the US did make a general anti-communications encryption law, then they would have no jurisdiction to impose their will except within their own territories. It's absurd.

Most Americans think they own the internet and that their Constitution and their laws span the world. Well, they don't.

 

[danb]

I am not sure where you are getting your numbers, but I actually spoke with a gentleman from a US intelligence agency very recently and he explained that their lower limit to consider a case is roughly $5,000 in damages. Besides, prosecution and imprisonment is going to cost much more than $30,000, so they are probably not concerned about the cost of the warrant.

Also…

Are VPNs legal? A country-by-country guide. | Proton VPN

Are VPNs blocked or banned in your country? Here’s the updated list of countries that are trying to make VPNs illegal.

protonvpn.com

 

[Cortex]

Yeah, things have changed here the last 4-10 years so I have been researching the best countries to relocate to. I am thinking either Canada, UK, or one of the Scandinavian countries because it would be nice to live around other people who are happy all the time, instead of grumpy people who enjoy the rat race. If anyone has any suggestions, I am all ears. The goal is to find the happies place on the planet .

After a couple of trips to Canada well Ontario actually as the place is beyond ginormous - I have rarely found such pleasant & helpful people, after I've thanked them for some unneeded courtesy the reply often is ''We're Canadians' A place I could certainty live in ' - New Zealand also