Senate Draft Encryption Bill Called 'Absurd,' 'Dangerous,' and Technically Inept

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,446
8,512



A draft of an encryption bill created by Senate Intelligence Committee leaders Richard Burr and Dianne Feinstein was released last night, revealing the scope of the legislation that would require technology companies to decrypt data and share it in an "intelligible format" when served with a legal order.

The Compliance with Court Orders Act of 2016, a copy of which was shared by Re/code, starts out by declaring "no person or entity is above the law." It says that all providers of communication services and products, from hardware to software, must both protect the privacy of residents of the United States through "implementation of appropriate data security," while still respecting the "rule of law" and complying with legal requirements and court orders to provide information stored either on devices or remotely.

To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information.
In acknowledgement of the disagreement between the FBI and Apple, the legislation does include a clause that prevents it from authorizing "any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity," and it shies away from specific technical demands, but the wording of the act itself, with no contingencies for inaccessible data, makes end-to-end encryption impossible. Any data encrypted by companies must also be able to be decrypted.

Security experts have heavily criticized the bill. Daniel Castro of the Information Technology and Innovation Foundation told Re/code the bill "sets up a legal paradox" while the ACT/App Association said it amounts to a government-mandated back door. Security researcher Jonathan Zdziarski says the entire bill is dangerous, calling it "a hodgepodge of technical ineptitude combined with pockets of contradiction."
The absurdity of this bill is beyond words. Due to the technical ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken the security of America's technology infrastructure. This will affect everything from the iPhone you hold in your pocket to how data is transmitted over the Internet, allowing the government to effectively break all electronic commerce and Internet security. This is bad legislation in every way, and it very subtly allows for unconstitutional government control of private industry.
In a report yesterday, Reuters said the White House has decided not to offer public support for the legislation, as "the administration remains deeply divided on the issue." The bill is still in draft form, with the language subject to changes based on input from stakeholders. In a joint statement, Burr and Feinstein said they hope to have a final version completed soon.

Update 4/13: An official draft of the Compliance with Court Orders Act of 2016 was released on April 13, with few changes from the version released earlier in the month.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Senate Draft Encryption Bill Called 'Absurd,' 'Dangerous,' and Technically Inept
 

Z400Racer37

macrumors 6502a
Feb 7, 2011
692
1,556
Noooooo.... No way.... Inept......

Why is it that people are willing to stand up to these morons on technological issues, but not on anything else? Do we really think that they're any more competent in any other area?? Are these the people who you want regulating and running your life?? -__-

Edit: I would add as a reminder that this is a Republican Senate, and its no freaking better than the S***hole that was the Democratic Senate.

Beware, the statists agree on something...
 

chirpie

macrumors 6502a
Jul 23, 2010
639
173
"The absurdity of this bill is beyond words. Due to the ... ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken ... America."

Cut out one or two words and you realize this happens in congress a few times a year, not just with technology. ;-)
 

CFreymarc

Suspended
Sep 4, 2009
3,973
1,137
If this gets any footing, there will be a huge surge in extra-jurisdiction encryption servers for personal data and communications. While these have existed for a while, wide use will create court cases and OS level integration. I can see something like "iCloud secure" resident in outside any USA extradition.
 

Porco

macrumors 68040
Mar 28, 2005
3,031
5,641
The Compliance with Court Orders Act of 2016, a copy of which was shared by Re/code, starts out by declaring "no person or entity is above the law." It says that all providers of communication services and products, from hardware to software, must both protect the privacy of residents of the United States through "implementation of appropriate data security," while still respecting the "rule of law" and complying with legal requirements and court orders to provide information stored either on devices or remotely.
So, privacy must be protected, except that it must not be protected. Easy! But impossible.
 

nozebleed

macrumors 6502
Jul 30, 2008
324
45
I wish people would stop using this stupid Scribd website. I just want to view the PDF itself without having to create an account. Anyone have a link readily available?
govtrack.us

edit - not up yet, but good website in general for tracking bills
 
  • Like
Reactions: jeremiah256

IJ Reilly

macrumors P6
Jul 16, 2002
17,915
1,466
Palookaville
So this bill, unlike virtually every other regulatory bill that comes out Congress, was not ghost-written by the regulated industry itself? That would be so exceptional an occurrence as to be essentially impossible.

It helps to be able to hear the dog that isn't barking.