New US Bill would require makers of encrypted devices to leave a backdoor

SumTingWong

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
  • The Lawful Access to Encrypted Data Act could be a crushing blow to privacy in the US.
  • The bill would require manufacturers to leave a backdoor that the government could access when needed.
  • There’s plenty of opposition to the bill from security and privacy advocates
US Senators have introduced a new anti-encryption bill called the “Lawful Access to Encrypted Data Act,” which would require makers of encrypted devices and operating systems to leave a backdoor that could allow law enforcement to access encrypted information when requested. Basically, this means that all manufacturers would need to leave a backdoor in their encryption, which defeats the entire point of encryption in the first place.

The Lawful Access to Encrypted Data Act would bring an end to warrant-proof encryption in devices, platforms, and systems, which could be a huge deal for both companies who make encrypted services and devices and the users who enjoy the privacy offered by them, according to the plan laid out in the bill.
Senate Judiciary Committee Chairman Lindsey Graham said, “Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities.”
Graham went on: “This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the internet.”
There are a few issues that would be a problem for end-users. First, there’s the argument of whether this is in violation of any rights to privacy. Second, there’s the issue that once a backdoor is purposefully left in for the use by law enforcement, that same backdoor could be found and exploited by more malicious individuals, thus making the encryption all but useless.
According to Bitcoin.com, Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Center for Internet and Society at Stanford Law School, said that the bill is “a full-frontal nuclear assault on encryption in the United States.” That’s just about as terrifying as it sounds. Even if you’re not worried about the government gaining access to your private information because you’re not doing anything illegal, there are far worse people than the government that you need to worry about.

RIP
 

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
732
I'm sad because they are stupid. If the law-enforcement has access to the backdoor it also means the hackers will have too.
Gosh people are so clueless especially politicians.
So, it means bitlocker, google based phones etc are not gonna secure anymore.
We have veracrypt and other programs but we will have to avoid every US based company. What about phones?
 
Last edited:

brigantes

Level 1
Jun 22, 2020
40
Gosh, US government really wants to spy its citizens. There's at least one news article like this every month or so. I'm so glad EU 🇪🇺 is for privacy and fighting for consumers.

It is for criminal cases with a court issued search warrant. It is not for general surveillance and spying purposes.


The US complain the Huawei equipment has backdoor and ban them. So now they want the manufacturers to leave a backdoor for their law enforcement agencies?

Huawei has backdoors in its products for domestic surveillance and international espionage.

Law enforcement use is legitimate. Spying on your own people to surveille and then oppress and an openly admitted program of worldwide espionage are vile.

We all know that you know the difference, and we all know that you are anti-US and every time you get the chance you try to bash the US.

The US is no saint. It does wrong just like every other country. But please stop.
 
  • Like
Reactions: Cortex

Marko :)

Level 23
Verified
Top Poster
Well-known
Aug 12, 2015
1,292
It is for criminal cases with a court issued search warrant. It is not for general surveillance and spying purposes.

Huawei has backdoors in its products for domestic surveillance and international espionage.

Law enforcement use is legitimate. Spying on your own people to surveille and then oppress and an openly admitted program of worldwide espionage are vile.

We all know that you know the difference, and we all know that you are anti-US and every time you get the chance you try to bash the US.

The US is no saint. It does wrong just like every other country. But please stop.
How can you guarantee that backdoor won't be used by government and authorities for illegal purposes? You cannot; everything that can be misused will be misused. Just look at the corruption around the world. Government shouldn't steal and use money in illegal ways, yet corruption is present in every country.

Not just that, imagine what would happen if hackers somehow found out about the backdoor and start to exploit it.

And yes, backdoor might help authorities in catching criminals. But, it will also weaken your privacy and security.

 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
At first glance this seemed like a MASSIVE issue.

Then I thought about all of the malware that already affords access. The systems are not pristine, they are already compromised.

This is especially not a concern if you are aware of how you can properly protect your systems, but choose to maintain a more relaxed security posture.

Edit: case in point...

 
Last edited:

SumTingWong

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
I wonder how Apple and other tech firms response to this because police and fbi have a hard time to bypass Apple encryption. I can't wait to see US tech firms to move all their encryption devices sale away U.S.

This need to stop.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
Bruce Schneier wrote a wonderful essay on why perfect surveillance destroys freedom: How Surveillance Inhibits Freedom of Expression - Schneier on Security

The ... presence of surveillance means society cannot experiment with new things without fear of reprisal, and that means those experiments -- if found to be inoffensive or even essential to society -- ‐ cannot slowly become commonplace, moral, and then legal. If surveillance nips that process in the bud, change never happens. All social progress -- from ending slavery to fighting for women's rights -- began as ideas that were, quite literally, dangerous to assert. Yet without the ability to safely develop, discuss, and eventually act on those assertions, our society would not have been able to further its democratic values in the way that it has.
 

brigantes

Level 1
Jun 22, 2020
40
I wonder how Apple and other tech firms response to this because police and fbi have a hard time to bypass Apple encryption. I can't wait to see US tech firms to move all their encryption devices sale away U.S.

This need to stop.

Within 10 years it shall become law in one form or another. There's too much money to be made in America. All the world's manufacturers will comply. The law shall apply to all OEMs that do business in the US whether the devices are manufactured in the US or abroad. There will be no skirting the law by moving manufacture off US soil. OEMs already are accustomed to making different versions of the same device to comply with different market requirements. So they can and will do it.

The US govt openly stated back in 2000 that its ultimate goal was to criminalize all non-breakable non-governmental encryption. Slowly over the years they have been making that a reality. Right now it is probably 70 % towards meeting that goal.
 
Last edited:
  • Like
Reactions: Cortex

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
If a member of a terrorist organization is arrested and there is vital info on their cell phone that could thwart a terrorist attack, assuming a proper warrant is issued, I believe most people would be in favor of unlocking the device and searching its contents for evidence.

Sure, the FISA court might have over reached in the past, but they do not have the capacity or interest in targeting the general public, and in fact are working to protect the general public.

The argument from the tech giants is that a backdoor would leave devices vulnerable. But this argument does not hold water simply because the devices are already vulnerable and exploited. If the devices were bulletproof, it would be a completely different story, and creating a backdoor would leave the devices vulnerable, but this is simply not the case.

Read this summary (especially the Background section) and it just might change your mind…


Or the actual bill, it goes to great lengths to ensure the rights, privacy and freedoms of the general public are not infringed...

 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.
Yeah, things have changed here the last 4-10 years so I have been researching the best countries to relocate to. I am thinking either Canada, UK, or one of the Scandinavian countries because it would be nice to live around other people who are happy all the time, instead of grumpy people who enjoy the rat race. If anyone has any suggestions, I am all ears. The goal is to find the happies place on the planet ;).

We certainly need encryption, there is no question, but it cannot go unchecked so that criminals can abuse it… because if criminals abuse it too much, then we will lose it completely. Look at ransomware… it actually originated 31 years ago in 1989, but did not thrive until crypto currency enabled criminals to remain anonymous.


As for the other crimes that crypto enables, people have right to privacy, but other people have the right not be attacked and victimized by criminals who operate in the shadows. Tim Cook even said "Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."

To me it is pretty simple… maybe some kind of encryption key escrow where the device manufacturer has half of the keys and the government has the other half… just like how it takes 2 weapons officers turning their key at the same time to fire a nuclear missile. This would stop any over reach from FISA, criminals would be held accountable, and our data would be properly encrypted.

Encryption is an absolutely vital tech, but it is highly capable of harboring criminals, and if we do not get this right we really will lose it completely.
 

brigantes

Level 1
Jun 22, 2020
40
Having spend a fair awful amount of time in The Land Of The Free & flown in there three times last year I have found few counties if any who display such copious amounts of total paranoia - I wish I could believe that Stateside security would be only uses for true bad guys - Unfortunately I live in a country that has A Special Relationship with the US & where they tread we usually follow if history is repeated (much like lambs) - After my last flight into LA I vowed I will never set foot in the place again.

There are very high costs associated with getting warrants. The typical criminal investigation warrant costs in aggregate about $30,000 in the US and 20,000 £ in the UK. It is unlikely that the US judiciary is prepared to issue fishing expedition warrants to enable mass surveillance. The bill is carefully crafted to prevent such a thing.

Nobody is going to stop you from using encryption services such as VPN, proxy services, Tor network and such. That's not covered in the bill. The bill is entirely about direct access to the device. It does not state that communications encryption shall be backdoored. Even if the US did make a general anti-communications encryption law, then they would have no jurisdiction to impose their will except within their own territories. It's absurd.

Most Americans think they own the internet and that their Constitution and their laws span the world. Well, they don't.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I am not sure where you are getting your numbers, but I actually spoke with a gentleman from a US intelligence agency very recently and he explained that their lower limit to consider a case is roughly $5,000 in damages. Besides, prosecution and imprisonment is going to cost much more than $30,000, so they are probably not concerned about the cost of the warrant.

Also…

 
Last edited:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Yeah, things have changed here the last 4-10 years so I have been researching the best countries to relocate to. I am thinking either Canada, UK, or one of the Scandinavian countries because it would be nice to live around other people who are happy all the time, instead of grumpy people who enjoy the rat race. If anyone has any suggestions, I am all ears. The goal is to find the happies place on the planet ;).
After a couple of trips to Canada well Ontario actually as the place is beyond ginormous - I have rarely found such pleasant & helpful people, after I've thanked them for some unneeded courtesy the reply often is ''We're Canadians' A place I could certainty live in ' - New Zealand also :):)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top