Site will be messed up for a bit as I work on things/break them.
DNL

U.S. Senators Introduce Another Anti-Encryption Bill

U.S. Senators introduced the Lawful Access to Encrypted Data Act in an attempt to mandate backdoors. The bill gives the Department of Justice the ability to force companies and service providers to decrypt data upon request and bans so-called “warrant-proof” encryption.

The Lawful Access to Encrypted Data Act (pdf html) applies to providers across the board. According to a blog post from the Center for Internet and Society at Stanford Law School, the bill applies to providers of operating systems, messaging applications, email providers, manufacturers of computers, video game consoles, smartphones, or “basically any electronic device with just 1 GB of storage capacity.”

The bill distinguishes between stored data and data in motion.

Stored Data

Law enforcement must apply for a search warrant for the data stored on a physical device or data stored remotely. During or after the application for a search warrant, law enforcement must also apply for a court order requiring technical assistance from the provider of the device or data in the search warrant. If law enforcement can provide “reasonable grounds to believe” that execution of the search warrant would be helped with cooperation from the provider, the presiding judge must issue the technical assistance order.

The bill does not allow the government to direct the technical details of a provider’s compliance, however. This would prevent the well-known court order issued to Apple in 2016. That order, titled In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203," required Apple to create an operating system (GovtOS) for the FBI that would allow them to access the contents of an encrypted iPhone.

The iPhone in question belonged to the government of San Bernardino County, California. The county had issued the iPhone to an employee named Syed Rizwan Farook. Farook was one of the shooters involved in the attack in San Bernardino in December 2015 that left 14 people dead. The FBI recovered the iPhone but claimed they could not access the contents of the phone. Apple was also unable provide law enforcement with the contents of the device since new encryption methods prevented Apple from “comply[ing] with government warrants asking for customer information to be extracted from devices.”

In response to Apple’s inability to provide backdoor access to the device, the FBI obtained a court order (pdf, html) to force Apple’s hand. The court order required Apple to:

  • “bypass or disable the auto-erase function whether or not it has been enabled”
  • “enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available”
  • “ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware”

The order was issued under the All Writs Act. Magistrate Judge James Orenstein vacated the order (pdf, html). In response, the judge wrote, “the relief the government seeks is unavailable because Congress has considered legislation that would achieve the same result but has not adopted it.” It appears as if the Lawful Access to Encrypted Data Act would effectively replace the All Writs Act in this context. However, an order such as the one issued to Apple in the San Bernardino case would no longer be necessary under the newly introduced bill. The bill unambiguously bans encryption without a backdoor or alternative method of decryption by the provider.

Data in Motion

For data in motion, the bill builds on the federal Wiretap Act as well as the federal Pen Register Act. The statutes governing pen registers (18 U.S. Code Chapter 206 — Pen Registers and Trap and Trace Devices) will be modified to include language that requires providers to turn over the requested data in a decrypted format or in “an intelligible format.”

A wire or electronic communication service provider that had more than 1,000,000 monthly active users in the United States in January 2016 or any month thereafter shall ensure that the provider has the ability to provide the information described in paragraphs (3) and (7) of section 3127 directly to law enforcement agencies in an intelligible format…"

For reference, paragraph three of section 3127:

the term “pen register” means a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business.

And paragraph seven, which the Lawful Access to Encrypted Data Act will add to the Pen Register Act:

  • The term ’technical assistance’ includes
    • isolating all dialing, routing, addressing, and signaling information authorized to be acquired;
    • decrypting, decoding, or otherwise providing in an intelligible format the dialing, routing, addressing, and signaling information authorized to be acquired, unless the independent actions of an unaffiliated entity make it technically impossible to do so; and
    • delivering all dialing, routing, addressing, and signaling information authorized to be acquired securely, reliably, and concurrently with its transmission.

Senate Judiciary Press Release

Senate Judiciary Committee Chairman Lindsey Graham:

“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks.”

U.S. Senator Tom Cotton:

“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet."

U.S. Senator Marsha Blackburn:

“User privacy and public safety can and should work in tandem. What we have learned is that in the absence of a lawful warrant application process, terrorists, drug traffickers and child predators will exploit encrypted communications to run their operations”

According to those backing the bill, the highlights of the Lawful Access to Encrypted Data Act include:

  • Enables law enforcement to obtain lawful access to encrypted data.
    • Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.
    • In addition, it allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation.
      • The Attorney General is prohibited from issuing a directive with specific technical steps for implementing the required capabilities.
      • Anyone issued a directive may appeal in federal court to change or set aside the directive.
      • The Government would be responsible for compensating the recipient of a directive for reasonable costs incurred in complying with the directive.
  • Incentivizes technical innovation.
    • Directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment, while maximizing privacy and security.
  • Promotes technical and lawful access training and provides real-time assistance.
    • Funds a grant program within the Justice Department’s National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations.

According to the EFF, the Lawful Access to Encrypted Data Act is worse than the EARN IT Act. “We should take every opportunity to tell members of Congress to leave the secure technology we rely on alone,” Andrew Crocker, an EFF attorney, wrote.

20 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
7e500743
689fcf10 Fri, Jun 26, 2020

What would this mean for Tor?

2b4f811e
7a8e0d80 Fri, Jun 26, 2020

The language is so broad it could apply to the maintainers of open source projects. Seems unbelievably unlikely that this would, in practice, be applied to anyone who has contributed to an open source project, though.

0ec43fb9
6c8b5b50 Sat, Jun 27, 2020

Can anyone say what this would mean for TAILS and the tech within TAILS?

a04b14d9
b1adb290 Sat, Jun 27, 2020

This says a bill was introduced. Does this mean a bill was put on the table to be voted on, or does it mean that it is already in effect?

fd6d6c48
3d74e0d0 Sat, Jun 27, 2020

Can someone explain me, why the fucking fuck those senators are all fucking OLD?

They don’t know shit about the modern technology and computers and software in general, why are they put in that position???????????????????

Get fucking young senators with a brain not old school piece of shit!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

3287f9e7
50b750b0 Sun, Jun 28, 2020

am I wrong or is this super crazy? I mean this is it. This is one step from 1984. The craziest thing is that they now can do it legally and the vast majority of US citizens does not give a shit about that. I mean the Snowden-Scandal was brutal and shit - but the US Govt now knows that even if there are scandals, people don’t fucking care - they introduce bills that allow them to spy on every-fucking-one, forcing companies to help them. What would Steve Jobs say to this? Really wonder.
Worst thing about it:
It’s something people do not care about and US Govt knows that. Seems like you cannot have any tech around when talking doing ANYTHING if you are known to be interested in Govt’s spying.
Hate it.

db139616
aee87970 Sun, Jun 28, 2020

What tech should the privacy-concerned consumer use then?

Intel’s processors are compromised, Google’s Android is compromised, Apple Devices are compromised.
(By compromised I mean that they are interceptable by US Govt. with super little effort)

155ca317
0ad57e90 Sun, Jun 28, 2020

Hopefully there exist enough intelligent people that won’t sell out for money and continue risking their freedom for a greater cause.

i’ll try in the best way I can myself.

17ae2204
ee268da0 Sun, Jun 28, 2020

How could any one stand for this?
Because of MUH TERRORISM
My god people need to be notified of this so they can protect their freedoms

19f9d099
6d6abce0 Mon, Jun 29, 2020

I don’t give a FUCK!!!

9046594a
eec79b30 Mon, Jun 29, 2020

I guess they forgot that privacy is a natural right as well.
That or the U.S. Govt doesn’t care for natural rights

a7a11c1d
0a46ea80 Tue, Jun 30, 2020

Every single time they want access to something they use the terrorism card: This is strictly for our safety - go fuck yourself, LE….

Guess how much access they got after 9/11? Every since that happened they could literally spy on anyone - not that they weren’t already, but legally now.

Whoever believes 9/11 wasn’t a setup to open up for many doors is living in a different dimension.

386bbc5d
b731dfd0 Tue, Jun 30, 2020

USA CITIZENS - ALL USA CITIZENS
TELL YOUR LOCAL CONGRESSPEOPLE THAT YOU ARE NOT IN SUPPORT OF THIS BILL AND YOU WILL NOT BE VOTING FOR THEM IF THEY SIDE ON IT, AND RATHER VOTE FOR THEIR OPPONENTS
THIS IS YOUR TIME TO EXERSIZE YOUR RIGHTS
DO IT
CONTACT YOUR CONGRESSPEOPLE PERSONALLY
SEND LETTERS IN THE MAIL
SEND EMAILS
MAKE PHONE CALLS
DO WHAT WE ALL MUST

438a6dda
842203b0 Wed, Jul 1, 2020

‘1984’ is already here.
And it is getting worse, day by day.

Governments + Big Tech companies around the world cracking down on freedom of speech (and all the good things which comes with it). Thanks to corrupt ‘old fucks’ aka senators.
Enjoy the new world. lol.

30a04132
1e135920 Wed, Jul 1, 2020

yes, and then you have po/mpeo, that expresses his anger at china for restricting freedom of speech in HK

fa6777f1
36c67010 Wed, Jul 1, 2020

yes, and then you have po/mpeo, that expresses his anger at china for restricting freedom of speech in HK

4afa1d9c
aa816820 Sun, Jul 12, 2020

@other-tech: Tails is maintained by an organization with members that span the globe, but per their website, I get the feeling it’s largely a European project. I think it’ll be okay provided none of the key devs is American (or happens to be caught doing something illegal while working on it in the US….)

@kingpin: It’s on the table for a vote. When it becomes law, the article will read, “Legislation has been passed….”

@senator-america: That’s actually a very good question. It’s mostly to do with a distorted understanding of success, with the baby-boomers insisting that Generation X and the Millennials are ruining the world, those groups being too wrapped up getting through their own day-to-day shit to worry about becoming a Congressman, and Generation Y remaining as silent as ever. It’s a problem, I’m with you on that. It’s just not an easy one to solve. Everyone who cares is un-electable. Everyone who’s electable doesn’t give a shit, or just gives more of a shit about living their own life. Leaders in the US aren’t leaders because they’re altruistic or because they want to help their community. They become leaders because they want to further their own agendas, feel important and help themselves. It’s disgusting, but that’s where we’re at.

@supercrazy: No, you’re not wrong, it’s pretty fucking crazy. You’re a bit off with the 1984 reference...

c540e308
b6a73140 Wed, Jul 15, 2020

@Voice-of-Reason:
I agree!

e82cfcb1
64dc7c90 Tue, Jul 21, 2020

We should all write our respective politicians and voice our concerns. The system in the US does work. Unfortunately very few people are willing to even fire off an email or physically write a letter. So don’t go knocking something that ain’t working when you’re not even willing to participate.

Don’t think just because they’re old that somehow they don’t care. I see a lot of college age people that are more fascist than any of the elites on both sides of the aisle.

If enough of us speak up, we can stop this.

New comments are disabled after ten days in an attempt to limit spam.