Originally published in BankTechAsia
For a few months we witnessed Apple battling the Federal Bureau of Investigations in the United States over a demand raised by the agency involving the tech giant providing support on cracking its own line of encryption. The law enforcement and tech communities both hoped Congress would play a major role in blueprinting a compromise.
A draft billed dubbed the “Compliance with Court Orders Act of 2016,” written by the offices of Senators Richard Burr and Diane Feinstein, was published for the public view. This nine-page legislation, if approved, will require compliance with any authorized court order demanding data. In other words, the legislation seeks to ensure spy agencies and law enforcement bodies are able to access encrypted data through a warrant. The legislation would also demand the data be rendered “intelligible” if it’s considered “unintelligible.” Simply put, under this bill user-controlled encryption provided in all modern iPhones, the billions of devices using WhatsApp messaging and a long list of other tech products will all be rendered illegal.
This bill also completely outlaws all forms of end-to-end encryption, and is being described as the “most anti-crypto bill of all anti-crypto bills.” Even fellow senators of Burr and Feinstein are voicing opposition, including the likes of Sen. Ron Wyden who went on Twitter saying he would do “everything in [his] power” to prevent the bill from moving forward, including the possibility of resorting to a filibuster.
California’s General Assembly recently shot down a mirror image of the anti-encryption bill. The proposed initiative intended to issue penalties as high as $2,500-per-day against companies refusing to decrypt their data. This legislation would have enforced a high amount of burden on California’s tech firms.
This Burr-Feinstein bill has been labeled as even worse than the National Security Agency’s famous backdoor device, the Clipper chip, known for its embarrassing flaw that was exposed with a lot of noise back in the 1990s. That development ultimately forced the Clinton White House in the 90s to put an end to plans aimed at mandating the use of the chip in consumer technology. Whereas the likes of Sen. John McCain have joined Burr and Feinstein in explaining that law enforcement won’t be able to retrieve vitally needed evidence without at least a certain amount of compromise. Furthermore, major law-enforcement groups have as expected rushed to endorse the bill and praised the two senators’ effort aimed at maintaining access for the authorities to vital evidence.
What Is A Backdoor?
A backdoor in computer security is described as a clandestine portal providing a user access to a protected device, being a computer program, smartphone app or Web connection. The government is able to gain direct access to various systems including Facebook, Gmail and WhatsApp, and view unencrypted communications. Backdoors relying on encryption keys are able to involve either a master key for the entire data transmitting a particular device, or keys of individual users.
A particular type of backdoored encryption, or in fact any other means, is not specifically mentioned in this bill, in an attempt to balance between the issues of encryption and privacy. In fact, the bill claims to not require any specific design limitation on certain products. The bill, however, does raise the fact that communications companies are obliged to provide unencrypted data to the authorities, or means for law enforcement entities to obtain the data on their own.
Likes And Dislikes
The tech security experts are speaking in consensus, arguing there is no possible method to provide a secure backdoor since it simply presents a new key that can most likely be the target of theft. A wise reminder made by many these days is the hacking case of NSA cyber-weapons, considered extremely sensitive in nature. Through this practice a computer code is made even more sophisticated in methods that in fact increase the possibility of hackers able to find other methods to clinch encryption through their own efforts.
This bill would “harm national security and put Americans at risk,” as explained by the Internet Association. Burr and Feinstein also received a letter from Reform Government Surveillance, a significant body including the likes of Apple, Facebook, Google, Microsoft and Twitter, warning and raising serious concerns regarding “unintended, negative consequences.”
The legislation goes as far as enforcing tech firms into obligations of providing “reasonable assistance.” In fact, the bill calls on such companies to provide “assistance as is necessary.” This means the bill takes steps to go far beyond existing laws, such as the All Writs Act, that the government has already attempted to compel tech companies to assist with accessing data.
In quite a shocking measure, the new draft bill includes a requirement for “license distributors” to ensure all the “products, services, applications or software” that they dispense present a similar and simple access key for the authorities.
The row around backdoors has placed FBI Director James Comey and many other national-security officials faced against a long line of big American tech firms. Relations have been extremely strained between a murky yet vital government body, the FBI, and the security industries that once considered it a trusted and necessary partner.
The bill placed forward by Burr and Feinstein has come as a major disappointment for privacy critics, especially as it apparently ignores completely the issues expressed in a debate that dragged on for more than a year. In 1997, considered by many as the climax of the “Crypto Wars,” the quarrel over backdoors was very much alive, and was ignited once again by Comey back in October 2014. Over two decades ago, a history law dubbed CALEA was the first phase of this war. The Communications Assistance for Law Enforcement Act, passed on October 25th, 1994, laid the ground basis for Washington to establish electronic wiretapping. Prior to this companies were only required to obtain warrants for wiretaps. Opponents of this law focused their attention on the limitations section, banning certain features/designs and exempting “information services” and sites connecting two carriers. This certain exemption to this day remains probably the most important Internet-privacy endowment in U.S. law.
In the post-9/11 world new surveillance laws were placed in order and privacy advocates closely monitored the USA Patriot Act for traces of new wiretap restrictions aimed at undermining encryption. None were found. It seemed that the Crypto Wars had come to an end.
The Federal Communications Commission, the body interpreting CALEA, was asked by the George W. Bush administration to include Internet service providers, such as AT&T and Comcast, into this law. The FCC agreed through an August 2005 order.
Comey sparked the Crypto Wars after delivering his controversial “going dark” speech in October 2014. Apple had just made the announcement of measures to by default encrypt devices, making the codes unbreakable even by their own engineers. As the FBI sought its own unique version of a backdoor, a significant alliance of cryptographers, civil-liberties devotees and tech companies issued a letter to U.S. President Barack Obama, arguing the FBI initiative posed a grave danger for Internet security.
Even the United Nations Office of the High Commissioner for Human Rights got involved by releasing a report commending encryption benefits. Tech companies, and researchers in particular, are mainly worried about a backdoor adding new vulnerability to an already tricky system under an operator that cannot fully handle the issue.
The December 2015 San Bernardino attack in California acted as a major wake-up call and boosted the anti-encryption campaign. The U.S. Justice Department in mid-February of this year took advantage of the occasion by requesting from a federal judge to impel Apple to assist the FBI unlock an iPhone belonging to one of the dead attackers. Suddenly, America and the entire world became the audience to an unprecedented and rancorous public dispute over the extent of which the U.S. government can, or even should, advance in degrading and piercing commercial security technology in its drive to protect the American citizen from terrorist attacks.
In Simple Words
Consider your own house having locks on the doors made by a company that you trust. Then comes the police asking you to open a new door to be protected by a lock with the key not in your possession. The police will try to assure you by saying they will be the only party controlling that particular key, yet they will not shed any light on how the key will be guarded. They also have a dark history of thieves stealing important keys from them. To make things even more concerning, the police refuses to even promise to inform you if that special key to your own house is lost! No logical individual would agree to these terms.
Through such a system the U.S. government is turning itself into a massive and tempting target for foreign governments, including the likes of China, Iran and Russia, along with a long line of malicious parties waiting to show off their abilities. Even hi-tech security firms are having difficulties in protecting military secrets from hackers. Therefore, providing a backdoor would simply be considered foolish and leaving one’s system remarkably more sensitive.
“If you put a key under the mat for the cops, a burglar can find it, too,” Apple CEO Tim Cook said.
The U.S. would in fact be forced to launch a campaign of Internet censorship if it intends to block the storage of secure data and protected end-to-end communication. Web apps would also be blocked in the process.
Just this last summer, however, more than a dozen top cryptographers issued a paper cautioning the threats of weakening the power of encryption for the sake of law enforcement. They warned any backdoors providing law enforcement entities access to encrypted communications will in the end be misused by sophisticated and capable hackers, and more dangerously, foreign cyber spies. Any attempt aimed at banning powerful encryption in U.S.-made products will most definitely force those seeking to keep their data safe from law enforcement to resort to encryption software from across the seas, as pointed out by privacy advocates. And rest assured, there is plenty of such software out there to find and choose from. In long and detailed arguments against the FBI before Congress, and also in its legal filings, Apple has a made a case arguing that downgrading security for the American consumer will be a “unilateral disarmament” in the never-ending war against hackers, and serve as a major blow in the strive to protect the privacy of its users.
The irony lies in the fact that the Burr/Feinstein draft bill may essentially be so extremely horrible for privacy that it actually benefits the issue of privacy. In its current version there is a near zero chance of this bill becoming law, as the Obama administration has with quite conviction declined to express public support for the bill, despite rumors of Obama himself supporting the move.
There is no definite forecast about where the encryption row is heading. Can Congress mandate backdoors is certainly one main issue and serious question to be answered. Congress will most likely not be able to force tech firms seek encryption approval from the government. This would allow Washington to continuously disapprove backdoor-lacking encryption until the companies finally succumb to their terms.
Considering the increase in terrorist attacks across the globe, there will most definitely be a growing demand on regulating cryptography that is currently cloaking the communication of such attackers from authorities. This is one debate we will certainly hear more about.