There is a renewed focus on risk data aggregation and reporting (RDAR) solutions, as financial ins
A coalition of tech groups called proposed encryption legislation "well-intentioned but ultimately unworkable," while an op-ed deemed it grounds for the dismissal of Senators Dianne Feinstein and Richard Burr, the bill's sponsors.
Prompted by Apple's refusal to create new software to unlock an encrypted iPhone for the FBI, US Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA.), chairman and vice chairman, respectively, of the Senate Select Committee on Intelligence, introduced draft legislation April 13 that's receiving pushback of its own.
The bill, titled the "Compliance with Court Orders Act of 2016," would ensure that "everyone must comply with court orders to protect America from criminals and terrorists."
A coalition of technology organizations posted an open letter to Burr and Feinstein April 19, expressing concern about what they call "well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm."
The organizations included Reform Government Surveillance (RGS), the Computer & Communications Industry Association, the Internet Infrastructure Coalition (I2C) and the Entertainment Software Association. These groups posted the letter to the RGS Tumblr site.
The Burr-Feinstein bill states that requested information must be provided in "intelligible" formats, i.e., "decrypted, deciphered, decoded, demodulated, or deobfuscated to its original form." In order to meet this requirement, wrote the organizations, they would need to make design decisions that would "create opportunities for exploitation by bad actors."
Further, such legislation would simply prompt such bad actors to use technologies made by companies outside of US jurisdiction, "in turn undermining the global competitiveness of the technology industry in the U.S. and resulting in more and more data being stored in other countries," the organizations wrote.
We support making sure that law enforcement has the legal authorities … it needs to solve crime, prevent terrorism, and protect the public. However, those things must be carefully balanced to preserve our customers' security and digital information.
Create a culture where technology advances truly empower your business. Attend the Leadership Track at Interop Las Vegas, May 2-6. Register now!
An opinion piece in the Christian Science Monitor April 19 was less careful in its language.
In their column, Sascha Meinrath, the director of X-Lab and the Palmer Chair in Telecommunication at Penn State University, and Sean Vitka, the counsel for Fight for the Future and a fellow with X-Lab, write that the bill is "evidence of a dangerous incompetence in congressional leadership that is undermining America's security."
Further, the pair believe it to be evidence that Burr and Feinstein should be stripped of their positions on the Senate Select Committee on Intelligence, or at least not reappointed.
"To put it plainly, this bill would, for example, empower the 11 members of the Augustine Band of Cahuilla Indians to demand that every corporation be able to decrypt all online information of any kind, on any American, and be delivered to that tribe," Meinrath and Vitka wrote.
They added, "If Burr-Feinstein passes, it guarantees that Americans will have worse encryption than the rest of the world."
Burr and Feinstein, announcing their bill, said the proposal had received the support of New York City Police Commissioner William Bratton, the FBI Agents Association, the National District Attorneys Association, and others.
"I've spent the better part of the last year exploring the challenges associated with criminal and terrorist use of encrypted communications," Burr wrote in an April 18 statement. "Our draft legislation requires entities to provide law enforcement with data in a readable format when served with a court order."
Reynaldo Tariche, president of the FBI Agents Association, wrote in an April 14 letter to Burr and Feinstein, "If your legislation becomes law, individuals and companies will enjoy the privacy protections that have been established and refined under our laws over the course of hundreds of years …"
The encryption conversation was also had by a US House Energy & Commerce Committee hearing April 19, where all parties were respectful and willing, but none could spot a useful middle ground.