Read America's insane draft crypto-borking law that no one's willing to admit they wrote

Understandable – it's more stupid than expected


A draft copy of a US law to criminalize strong encryption, thought to be authored by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), has been leaked online. And the internet is losing its shit.

"We're still working on finalizing a discussion draft and as a result can't comment on language in specific versions of the bill," the pair said in a joint statement to The Register.

We note that the proposed legislation hasn't been formally published yet: the document is still being hammered out by the Senate intelligence select committee, which Burr chairs and Feinstein is vice-chair. Curiously, the leaked copy has no one's name on it, and no one wants to admit they wrote it.

"The underlying goal is simple," the senators continued, "when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. We're still in the process of soliciting input from stakeholders and hope to have final language ready soon."

The draft legislation, first leaked to Washington DC insider blog The Hill, is named the Compliance with Court Orders Act of 2016, and would require anyone who makes or programs a communications product in the US to provide law enforcement with any data they request in an "intelligible format," when presented with a court order.

The bill stems from Apple's refusal to help the FBI break into the San Bernardino shooter's iPhone, but goes well beyond that case. The bill would require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party.

The bill's text has the authors' names redacted, and it begins by noting that "no person or entity is above the law." It also notes that "economic growth, prosperity, security, stability, and liberty require adherence to the rule of law," just in case anyone needed reminding.

The response to the leaked draft from the tech industry is understandably irate. The industry fought and won this fight in the 1990s during the first crypto wars, and it is now having to go over the same ground again on encryption.

"The absurdity of this bill is beyond words," wrote computer forensics expert and police trainer Jonathan Ździarski.

"Due to the technical ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken the security of America's technology infrastructure."

Which is a good reason why the authors haven't put their name to it. El Reg suspects the draft is a trial balloon leaked deliberately by someone within or close to the committee to gauge reactions before amendments. Burr and Feinstein have both been touting the legislation around Washington and yesterday sources in the White House said the executive branch wasn't going to support the legislation, and it won't be alone.

"This legislation says a company can design what they want their back door to look like, but it would definitely require them to build a back door," said Senator Ron Wyden (D-OR).

"For the first time in America, companies who want to provide their customers with stronger security would not have that choice – they would be required to decide how to weaken their products to make you less safe."

For one thing, it will kill end-to-end encryption.

If the bill is the work of Burr and Feinstein, it's a little worrying, as they are the chairman and vice-chair of the Senate Intelligence committee, which is supposed to oversee US law enforcement. But they do have form in the area.

Last year the dunderheaded duo coauthored the "Requiring Reporting of Online Terrorist Activity Act," which would require social media companies to monitor all comments for anything related to terrorism. That bill is currently going nowhere and it's likely this one will do the same. ®

Similar topics


Other stories you might like

  • Product release cycles are killing the environment, techies tell British Computer Society

    Running Linux on a vintage box is one answer, but someone has to hold big tech's feet to fire

    Bringing an end to the relentless nature of annual product release cycles is something that should be top of the agenda for the soon-to-run 2021 United Nations Climate Change Conference, also known as COP26.

    Or so says the BCS, formerly known as the British Computer Society, which reckons cutting electronic waste is the most pressing concern for 30 per cent of the 1,100 plus members it surveyed recently.

    Alex Bardell, chair of the BCS Green IT Specialist Group, said reducing e-waste was already on the radar thanks to the chip shortage.

    Continue reading
  • UK science suffers as lawmakers continue to dither over Brexit negotiations

    Horizons Europe carrot dangled amid protocol wrangling

    A report from the UK House of Commons' European Scrutiny Committee has blamed delays in Brussels for choking off revenue streams to British institutions and businesses.

    The UK departed the European Union following a 2016 referendum. One of the results was that UK businesses were no longer able to tender for lucrative contracts within the bloc.

    The Brexit Divorce Bill uncomfortably laid out the facts back in 2018. The satellite navigation system Galileo was one victim despite substantial involvement from the UK in its development. Another was the Copernicus Earth monitoring programme; the UK was infamously snubbed when the European Space Agency (ESA) handed out six juicy contracts to institutions from the Continent.

    Continue reading
  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    PAX Technology devices allegedly infected with malware

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware.

    PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries.

    Local Jacksonville news anchor Courtney Cole tweeted photos of the scene.

    Continue reading
  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Advertorial Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading
  • Protonmail celebrates Swiss court victory exempting it from telco data retention laws

    Doesn't stop local courts' surveillance orders, though

    Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm.

    Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders."

    Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos.

    Continue reading
  • Japan picks AWS and Google for first gov cloud push

    Local players passed over for Digital Agency’s first project

    Japan's Digital Agency has picked Amazon Web Services and Google Cloud for its first big reform push.

    The Agency started operations in September 2021, years after efforts like the UK's Government Digital Service (GDS) or Australia's Digital Transformation Agency (DTA). The body was a signature reform initiated by Prime Minister Yoshihide Suga, who spent his year-long stint in the top job trying to curb Japan's reliance on paper documents, manual processes, and faxes. Japan's many government agencies also operated their websites independently of each other, most with their own design and interface.

    The new Agency therefore has a remit to "cut across all ministries" and "provide services that are driven not toward ministries, agency, laws, or systems, but toward users and to improve user-experience".

    Continue reading

Biting the hand that feeds IT © 1998–2021