Burr-Feinstein Encryption Bill Rankles Tech Community

...

There is a renewed focus on risk data aggregation and reporting (RDAR) solutions, as financial ins

A coalition of tech groups called proposed encryption legislation "well-intentioned but ultimately unworkable," while an op-ed deemed it grounds for the dismissal of Senators Dianne Feinstein and Richard Burr, the bill's sponsors.

Prompted by Apple's refusal to create new software to unlock an encrypted iPhone for the FBI, US Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA.), chairman and vice chairman, respectively, of the Senate Select Committee on Intelligence, introduced draft legislation April 13 that's receiving pushback of its own.

The bill, titled the "Compliance with Court Orders Act of 2016," would ensure that "everyone must comply with court orders to protect America from criminals and terrorists."

A coalition of technology organizations posted an open letter to Burr and Feinstein April 19, expressing concern about what they call "well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm."

The organizations included Reform Government Surveillance (RGS), the Computer & Communications Industry Association, the Internet Infrastructure Coalition (I2C) and the Entertainment Software Association. These groups posted the letter to the RGS Tumblr site.

The Burr-Feinstein bill states that requested information must be provided in "intelligible" formats, i.e., "decrypted, deciphered, decoded, demodulated, or deobfuscated to its original form." In order to meet this requirement, wrote the organizations, they would need to make design decisions that would "create opportunities for exploitation by bad actors."

Further, such legislation would simply prompt such bad actors to use technologies made by companies outside of US jurisdiction, "in turn undermining the global competitiveness of the technology industry in the U.S. and resulting in more and more data being stored in other countries," the organizations wrote.

We support making sure that law enforcement has the legal authorities … it needs to solve crime, prevent terrorism, and protect the public. However, those things must be carefully balanced to preserve our customers' security and digital information.

Create a culture where technology advances truly empower your business. Attend the Leadership Track at Interop Las Vegas, May 2-6. Register now!

An opinion piece in the Christian Science Monitor April 19 was less careful in its language.

In their column, Sascha Meinrath, the director of X-Lab and the Palmer Chair in Telecommunication at Penn State University, and Sean Vitka, the counsel for Fight for the Future and a fellow with X-Lab, write that the bill is "evidence of a dangerous incompetence in congressional leadership that is undermining America's security."

Further, the pair believe it to be evidence that Burr and Feinstein should be stripped of their positions on the Senate Select Committee on Intelligence, or at least not reappointed.

"To put it plainly, this bill would, for example, empower the 11 members of the Augustine Band of Cahuilla Indians to demand that every corporation be able to decrypt all online information of any kind, on any American, and be delivered to that tribe," Meinrath and Vitka wrote.

They added, "If Burr-Feinstein passes, it guarantees that Americans will have worse encryption than the rest of the world."

Burr and Feinstein, announcing their bill, said the proposal had received the support of New York City Police Commissioner William Bratton, the FBI Agents Association, the National District Attorneys Association, and others.

"I've spent the better part of the last year exploring the challenges associated with criminal and terrorist use of encrypted communications," Burr wrote in an April 18 statement. "Our draft legislation requires entities to provide law enforcement with data in a readable format when served with a court order."

Reynaldo Tariche, president of the FBI Agents Association, wrote in an April 14 letter to Burr and Feinstein, "If your legislation becomes law, individuals and companies will enjoy the privacy protections that have been established and refined under our laws over the course of hundreds of years …"

The encryption conversation was also had by a US House Energy & Commerce Committee hearing April 19, where all parties were respectful and willing, but none could spot a useful middle ground.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Report: Apple Rolling Out More Accurate iTunes Match

    The company this week began rolling out a more accurate version of iTunes Match to all paying customers.According to The Loop, Apple is "watching the rollout very closely," keeping an eye out for bugs or glitches.
  • 5300c769af79e

    Sorry TV Anchors, We Like Getting Our News From Social Media

    A recent study suggests more than half of the world's population gets their daily dose of news from social networks.According to the 2016 Reuters Institute Digital News Report, Facebook, YouTube, and Twitter dominate the online news market, particularly among 18- to 24-year-olds.
  • 5300c769af79e

    10-Year-Old Earns $10,000 for Finding Instagram Bug

    Helsinki-based Jani (whose last name was not revealed) found a major flaw in Instagram's servers, earning him $10,000, and the respect of white hat hackers everywhere.The youngest person to be paid through Facebook's bug bounty program, Jani uncovered a vulnerability in the photo-sharing service that let him delete text posted by users.
  • 5300c769af79e

    Code Red? White House Unveils Color-Coded Cyber-Attack Scale

    The White House this week released new ground rules for handling cyber attacks, complete with a color-coded "cyber incident severity schema" reminiscent of the Bush-era Homeland Security Advisory System.The Presidential Policy Directive (PPD) on United States Cyber Incident Coordination aims to clarify how and when government agencies handle incidents.