Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Government Security Businesses Communications Digital Networking Privacy The Internet Technology

Top Security Experts Say Anti-Encryption Bill Authors Are 'Woefully Ignorant' (dailydot.com) 90

blottsie writes from a report on the Daily Dot: In a Wall Street Journal editorial titled "Encryption Without Tears," Sens. Richard Burr and Dianne Feinstein pushed back on widespread condemnation of their Compliance with Court Orders Act, which would require tech companies to provide authorities with user data in an "intelligible" format if served with a warrant. But security experts Bruce Schneir, Matthew Green, and others say the lawmakers entirely misunderstand the issue. "On a weekly basis we see gigabytes of that information dumped to the Internet," Green told the Daily Dot. "This is the whole problem that encryption is intended to solve." He added: "You can't hold out the current flaws in the Internet as a justification for why the Internet shouldn't be made secure." "These criticisms of Burr and Feinstein's analogy emphasize an important point about digital security: The differences between the levels of encryption protecting certain types of data -- purchase records on Amazon's servers versus photos on an iPhone, for example -- lead to different levels of risk," writes Eric Geller of the Daily Dot.
This discussion has been archived. No new comments can be posted.

Top Security Experts Say Anti-Encryption Bill Authors Are 'Woefully Ignorant'

Comments Filter:
  • Truly shocking!
  • to those who are entrenched. the good news is that ignorance is fixable even if it is unwilling.
    • by perpenso ( 1613749 ) on Thursday April 28, 2016 @07:24PM (#52009965)

      just about any bill is woefully ignorant to those who are entrenched. the good news is that ignorance is fixable even if it is unwilling.

      Its got little to do with being entrenched. Most people do not understand how little their representatives are involved in the drafting of legislation, and on the other side the reading and analysis of legislation in preparation for a vote. Representatives are heavily dependent on staffers for such things. There are few things the representatives have to do themselves, show up for votes, show up for committee meetings, and most importantly spend 3-4 hours a day on the phone asking for money. Other things like drafting and analysis are largely delegated. This is true for the entrenched and the new optimistic enthusiastic determined-to-change/fix-things as-yet-uncorrupted representative.

      When legislation is intelligently written it is usually written by lobbyists rather than staff. I'm tempted to say something about bias, but what makes one think staffers are unbiased, or their representative.

      And this is why Google, Apple, etc *must* send lobbyists to Washington to get involved. Its regrettable, but its true.

  • Hmmmmm (Score:4, Insightful)

    by AlphaBro ( 2809233 ) on Thursday April 28, 2016 @06:39PM (#52009701)
    How exactly would the US force terrorists and criminals to use this state sanctioned pre-owned encryption? It's almost like they want to spy on everyone that passively reaps the benefits of encryption.
    • How exactly would the US force terrorists and criminals to use this state sanctioned pre-owned encryption?

      Easy. You throw anyone into jail who doesn't use "state sanctioned pre-owned encryption."

      • The idealist in me wants to believe that government and law enforcement would use the powers only for good. The realist and historian in me recognizes how unlikely that is, especially given time for bad people to gain power and for bad enough things to happen to let the abuse happen.

        The US would never do that! But then I remember the Trail of Tears, slavery, Tuskegee syphilis experiment, Project MKUltra, the internment of Japanese Americans, the Bay of Pigs, and most recently the Ferguson police. I realize

      • Easy. You throw anyone into jail who doesn't use "state sanctioned pre-owned encryption."

        Hard to do if said persons don't reside within the borders of your country.

        Heck, it's hard to do even if they ARE within the borders of your country.

        • by MrDoh! ( 71235 )
          Phone ping tower, gov 'box of tricks' looks up IMEI of device and does a look up if a known phone. Stores time/imei/signal strength to DB. Looks up if device is 'known', if yes, carry on. If not listed (possible through mistake/someone visiting from Canada), 'ping' phone a bit more in depth/look up more records into foreign telcos to find out who that person is. Where have they been, check that imei to see where else it's been/what other wifi's it's connected to, 'ah, connected upto Starbucks? run the
      • by DarkOx ( 621550 )

        Is that easy? So when Chow Wang comes on visit from China and uses his VPN software from back home that isn't US pwnd are we going to jail him? How will the their government feel about us jailing their nationals for such a small offense, especially when its an important party member or business leader? Oh you think China might be cooperative...

        Okay what happens when its a Saudi citizen? We can't even seem to release the results of an investigative report without triggering an international incident.

        I do

      • How exactly would the US force terrorists and criminals to use this state sanctioned pre-owned encryption?

        Easy. You throw anyone into jail who doesn't use "state sanctioned pre-owned encryption."

        People have already demonstrated that if they know the authorities can listen in on their conversations, they will change their communication method. Besides, the US does not yet rule the world, so it can't force everyone to use pre-pwned encryption.

    • Well if someone in the US receives one of these messages you will have probable cause etc.....
  • by speedplane ( 552872 ) on Thursday April 28, 2016 @06:46PM (#52009723) Homepage
    Calling lawmakers "woefully ignorant" of technology is a tired ad hominem argument, always thrown out by the techno-elites. It may have been true back in the 90s and early oughts, bu these senators entirely understand the implications of what they're doing. Calling a senator, especially Feinstein, "woefully ignorant" sounds naive ... as if they aren't even listening to what the senators are saying.
    • Yes. A first term Representative from West Texas might be a little underwhelming when discussing computer technology and security, but the Party leaders can afford, and appreciate, a tech savvy member of the advisory council.

      Just as millions and millions roll in for these Presidential contests, House Speakers and the Ways and Means chair are embarrassingly well funded. The ones who last on the Hill are clever enough to see where the World is headed.

    • by dgatwood ( 11270 ) on Thursday April 28, 2016 @07:09PM (#52009853) Homepage Journal

      Calling a senator, especially Feinstein, "woefully ignorant" sounds naive ... as if they aren't even listening to what the senators are saying.

      When a politician says that tech companies have to do something, and the heads of every major high-tech company all say that it is impossible to do so in a way that doesn't fundamentally compromise the security of every man, woman, and child—including those working for our own government—and the politician basically says, "I don't believe you", then either the politician is woefully ignorant about technology or he/she is deliberately trying to destroy all modern technology. There's really no middle ground possible here.

      I choose to believe the best in people, so I assume that she is simply borderline computer-illiterate like most of the rest of Congress, and that she's too clueless to recognize that when the heads of Google, Apple, and Microsoft all tell you that you're full of it, that's a good time to hire better tech experts to advise you. Because the only plausible alternative is that she is corrupt, and that somebody who will benefit from the destruction of all modern technology is pulling her strings like a puppet.

      • simplest answer:

        they are all owned by the spymasters.

        think about it. the spymasters are the ONLY ones to truly benefit from our lack of privacy and encryption.

        the TLA's have all the dirt on everyone, and that includes our 'leaders'.

        the government you think you have? its all for show.

        good nite.

      • I choose to believe the best in people, so I assume that she is simply borderline computer-illiterate like most of the rest of Congress, and that she's too clueless to recognize that when the heads of Google, Apple, and Microsoft all tell you that you're full of it, that's a good time to hire better tech experts to advise you. Because the only plausible alternative is that she is corrupt,

        You are familiar with her work, right? She is evil down to her black little heart. Those who forget the lessons of history, and assume that Feinstein doesn't know precisely what she is doing, are going to be stared at in disbelief by those of us who grew up in California.

        • by gweihir ( 88907 )

          Probably. But calling her "evil" is not something that will accomplish much. Hence "woefully ignorant".

      • I choose to believe the best in people,

        Well, there's your first mistake...

    • They are merely taking hanlon's razor [wikipedia.org] to an extreme. In this case, I think it's really a matter of blaming ignorance rather than facing the reality that it's malice.
    • by Dutch Gun ( 899105 ) on Thursday April 28, 2016 @07:19PM (#52009939)

      "Techno-elites"? By that you mean "experts in their given field", like people who have written papers, books, actual security algorithms, etc? Those "techno-elites"? You'll forgive me, but are we seriously expected to dismiss their evaluation of a given piece of legislation, when this is what they do? That's a nice little ad hominem yourself, in case you weren't aware.

      Feinstein et al have proposed a new federal law. So you'll forgive me when I don't really care about listening to them try to spin it or talk about their intentions, because what matters is what is actually written in the bill [scribd.com].

      Being "ignorant" regarding a particularly complex topic like encryption and security isn't a personal insult. It means you're not fully versed on that particular topic, and it can be easily fixed by *learning*. You're reacting as though someone someone called Feinstein (whom it sounds like you admire and/or support and seem to be instinctively defending) "stupid", which is not the same thing. Now, if a lawmaker find herself ignorant regarding a certain topic, and tries to create and pass a law without seeking and applying the best advice from experts in that field, then... well...

    • by pr0t0 ( 216378 )

      If I felt like being very generous...

      Perhaps what speedplane is saying is simply that Burr and Feinstein know exactly what they are asking for; they know the staggering implications for dismantling information security (personal and corporate), they know the near-impossibility of the request, they know that even if all US companies could somehow manage to comply, it would do absolutely nothing to stop terrorism, criminal behavior, or do anything to allow authorities to better investigate after the fact; and

    • Awww, who's a good little party drone. You are. Yes you are. Would you like a belly rub? Feinstein is knowledgeable about exactly one thing. Keeping her job.

    • by gweihir ( 88907 )

      Unless when it is actually accurate. As it is here, as these people really have no clue what they are actually asking for. Even a senator cannot be a real expert on most things they decide about and if they chose to ignore what the actual experts say, then they are "woefully ignorant". I like to call them "Stupid Type II": Not even aware that they have no clue about the matter.

  • by Bob_Who ( 926234 ) on Thursday April 28, 2016 @06:51PM (#52009747) Journal

    Ironically, all legislature is encrypted in obfuscated legalize and other deceitful special interest pork pretending to be honest language.

  • by macs4all ( 973270 ) on Thursday April 28, 2016 @06:52PM (#52009753)
    After this much time, and considering the actual experts that they have access to, I can't help but feel that the esteemed Congresscritters Feinstein and Burr are not at ALL "ignorant" of the particulars of this issue.
    • As a thought experiment, lets accept that their NOT just ignorant as an established fact. So, the next question is...why? If they know the potential ramifications, are hearing the various experts going against them, why are they doing this? What's their actual goal, and who's pushing them for this from "behind the curtain"? Is it just the FBI pushing her on this? Who will make $$$ if this passes?
      • It's a good question, but it's worth noting that at least Feinstein has always been a fascist hypocrite. Even if you take at face value her claim that she no longer carries a purse gun (given her history of lack of veracity, I do not) she is still surrounded by rough men with guns ready to shoot you in the face, but she's against you being armed. She is nothing if not consistent; she does not believe that you have rights.

        • It's a good question, but it's worth noting that at least Feinstein has always been a fascist hypocrite.

          Yeah, she's the one that, in the mid 1990s, wanted to ban Civil-War Reenactments as "Blood Sport" that fomented a culture of violence.

          Consistent? Yes. Consistently HYPOCRITICAL.

          • Yeah, she's the one that, in the mid 1990s, wanted to ban Civil-War Reenactments as "Blood Sport" that fomented a culture of violence.

            Consistent? Yes. Consistently HYPOCRITICAL.

            So you are saying that in disguise she participates in Civil War Reenactments?

            • Yeah, she's the one that, in the mid 1990s, wanted to ban Civil-War Reenactments as "Blood Sport" that fomented a culture of violence.

              Consistent? Yes. Consistently HYPOCRITICAL.

              So you are saying that in disguise she participates in Civil War Reenactments?

              LOL, right!

              Exactly the response I would have expected from someone with the insight to reference "Illuminatus!" in their Username...

      • by Sloppy ( 14984 )

        Best guess is that they know voters are ignorant. (Because really: we, as whole, are. We are horrifically disgusting in many ways, and ignorance is one of them. For all our complaining about American politics, the money, the fact that the major parties represent nobody's views, etc, America's biggest political problem is that our voters are horrible. We suck.)

        This is a way for them to tell extremely stupid voters, "We are with you."

        And yet they also don't have to worry about the consequences of it being ena

  • Why not explain to them that they have pulled the technological equivalent of redefining PI as "3"?

  • by sconeu ( 64226 ) on Thursday April 28, 2016 @06:54PM (#52009765) Homepage Journal

    Politicians don't understand tech they are creating legislation about?

    I'm shocked, SHOCKED!!

    In other news, water is wet and the sun is hot. Film at 11.

    • by volpe ( 58112 )

      In fairness, it's difficult to get a politician to understand something when his campaign contributions depend upon his not understanding it.

  • let's be clear (Score:5, Interesting)

    by supernova87a ( 532540 ) <kepler1@NoSpaM.hotmail.com> on Thursday April 28, 2016 @06:58PM (#52009799)
    Well, the thing they fundamentally misunderstand about the issue is that companies now are disclaiming ownership of the data. At least the stuff that exists purely on people's phones for example.

    Senators Burr and Feinstein, failing to grasp this issue, actually have a beef with the people who now seek to use freely available encryption (which can be broken by no one practically) to protect themselves against intrusive government behavior -- which government has itself fueled by its own responsibility. Not the phone manufacturers -- which is why Apple, for example, have been racing forward to take the issue out of their own hands.

    If they want access to records about who uses public networks, transmits public information, etc, etc, then fine. Tap those networks, and make those companies who transmit information comply. But hands off my data, on my device, thank you.
    • by Anonymous Coward

      Your devices are an extension of your brain, another lobe, an auxiliary storage and processing center, they have become integrated into the human way being.
      They can cut them from your hands, and lobotomize you.
      But the minute they do, they become rightly dead to them.
      You can invade my brains, over my dead body.
      Fight this.

  • "Top Security Experts Say Anti-Encryption Bill Authors Are 'Woefully Ignorant'"

    Everyone with an IQ above room temperature: "No shit, Sherlock."

  • by Chas ( 5144 ) on Thursday April 28, 2016 @09:05PM (#52010471) Homepage Journal

    I think most of the people in DC passed Woefully ignorant sometime in the mid 70's.
    They leapt over "Maliciously ignorant" in 2001-2002.
    Now they're exploring the uncharted territory of the Ignorance Singularity.
    Most of these people are at the "magic smoke" level of technological comprehension, and any attempt to reconcile them to reality is met with nothing but empty-headed hostility.

    • by DarkOx ( 621550 )

      Hikers have a term from when trail maintainers or even just other hikers do things that seem destructive and just don't make any kind of sense to or for anyone: "aggressively stupid"

      This term simply could not apply better to most of our national government.

  • Y'all need to "push back"...at the next election.

    • Y'all need to "push back"...at the next election.

      Those of us with more than two brain cells and a pulse have been voting against Feinstein as long as we have been able. I literally vote for any candidate who runs against her. However, she pretends to be tough on crime which always ropes in the idiots, and she has a vagina which also ensures her a certain portion of the vote, deserved or not. She claims to be against gun crime, which is always popular, although she does nothing to rein in police (who regularly engage in gun crime... as in, it's SOP for the

  • by Jim Sadler ( 3430529 ) on Thursday April 28, 2016 @10:46PM (#52010817)
    A person accused is not required to say one word in writing or with speech to cops or judges or to testify in any way in their own defense. So just how is it that any court dare to demand a password which may well further a conviction whether just or not? For example, a person might greatly fear that someone put child pornography on their hard drive or in their email. Compelling access to those items may send an innocent man up the creek. The needs of society do not hold any weight when weighed against the constitution. It is as if a court can decide that you are not allowed to use the 5th amendment due to the importance of an issue.
    • Re:Unconstitutional (Score:4, Informative)

      by Fnord666 ( 889225 ) on Friday April 29, 2016 @12:03PM (#52013947) Journal

      A person accused is not required to say one word in writing or with speech to cops or judges or to testify in any way in their own defense. So just how is it that any court dare to demand a password which may well further a conviction whether just or not?

      The same way that they can use a warrant to compel you to give them access to a safe that you own or possess which may contain evidence that implicates you. Neither that safe, your hard drive or your phone are protected by the 5th amendment. They are protected by the 4th amendment to the extent that officials must obtain a warrant from a judge by demonstrating probable cause that evidence will be found in the place to be searched. Once they have a warrant officials (or the courts) can compel you to give them access and they can hold you in contempt of court for failing to do so.

      • The same way that they can use a warrant to compel you to give them access to a safe that you own or possess which may contain evidence that implicates you. Neither that safe, your hard drive or your phone are protected by the 5th amendment.

        No, your law doesn't work that way. And there's even precedent to that fact. In the case of the safe, whether you have to actually give up the combination to the safe is very much in doubt, with the supreme court seeming to weigh in on the "no" side.

        So the fourth gives them access to the safe, and any key, should you have it. But a combination to the safe that's a hole nuther ball of wax.

        Analogously, sure they can have the hard drive. No-one's questioning that. Whether they can have any passwords or keys, t

  • I can't read the op-ed because it's paywalled. Does anyone have access and can post it?

  • It's so hard to sift through the hyperbole, but all I can see from the actual language of the bill is:

    Covered entities are responsible only for the information or data that they (or another party on their behalf) have made unintelligible.
    The government cannot require or prohibit any specific design or operating system for any covered entity to use in complying with a court order.

    Which means, that if you take a centralized, proprietary, approach to user security, that you are able to circumvent by design, you have to comply with court orders to do the same thing you have the power to do. This would be a huge problem if companies were required to centralize and weaken security, but the bill then explicitly states that government can't tell you how to design or secure your products.

  • Ever since the San Bernadino shooter's government issued iPhone data was encrypted, I've had this rattling around in my head:

    Doesn't this encryption lack the proper owner and user model? In the case of a phone not owned by the user, there should be an owner key that can be used to access the data on the device at any time, and that can be used to revoke the user key at any time. In the case of private user owned phones, I say screw em, math isn't illegal.

    Just my two cents.

Keep up the good work! But please don't ask me to help.

Working...