back to article Read America's insane draft crypto-borking law that no one's willing to admit they wrote

A draft copy of a US law to criminalize strong encryption, thought to be authored by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), has been leaked online. And the internet is losing its shit. "We're still working on finalizing a discussion draft and as a result can't comment on language in specific versions of the …

  1. JLV Silver badge

    oxymoron

    [ok-si-mawr-on, -mohr-] ‎

    Word Origin

    noun, plural oxymora  [ok-si-mawr-uh, -mohr-uh] (Show IPA),oxymorons. Rhetoric.

    1.

    a figure of speech by which a locution produces an incongruous, seemingly self-contradictory effect, as in "Senate Intelligence"‎

    1. Anonymous Coward
      Anonymous Coward

      You believe that people actually think there is ANY intelligence in the US Senate, or the other place as well. If there is they definitely don't show it, but then isn't that a requirement for a politician?

      1. Jeffrey Nonken Silver badge

        Ron Wyden?

      2. Steve Davies 3 Silver badge

        Requirements for US Political Office

        The only one seems to be that you are a Lawyer and as such totally divorced from the real world.

        How many senators/congress critters are not lawyers or don't have a degree in Law?

        1) go to Law School

        2) Join top law firm

        or

        2) Become and ADA

        3) Become partner in Law Firm or get elected DA

        4) Run for political office (even if you are a complete idiot as most are)

        4a) Get lots of $$$$$$ from vested interests to fund your election campaign

        5) get elected and start paying back the people who paid for you to get into office.

        Rinse and repeat 4) & 5) until they carry you out in a box.

        1. Joe Gurman

          Re: Requirements for US Political Office

          Actually, thanks to the Teabaggers =, there are lots of people with business, and not legal, backgrounds in the US House of Representatives, at least. One could argue that having Senators and Representatives with at least a law degree (regardless of whether they have practiced law) is helpful in, you know, writing laws.

          This draft legislation was written by Intelligence Committee staff members, also lawyers, not the named Senators nor any other members Congress. I'd be willing to bet a stack of iPhones none of the staff lawyers has a clue as to how encryption works or what you lose if you weaken it.

          1. Red Bren

            @Joe Gurman - Re: Requirements for US Political Office

            "One could argue that having Senators and Representatives with at least a law degree (regardless of whether they have practiced law) is helpful in, you know, writing laws."

            So what is the point of the Judicial branch of the US government, if not to help the Legislative branch to write sensible, constitutional laws?

            One could also argue that having a Legislative branch that's excessively populated by people with strong links to the legal profession, will result in laws that will benefit, and can only be interpreted (for a lucrative fee) by the legal profession.

            1. veti Silver badge

              @Joe Gurman - Requirements for US Political Office

              "One could argue that having Senators and Representatives with at least a law degree (regardless of whether they have practiced law) is helpful in, you know, writing laws."

              One *could* argue that. But it's a bit like arguing that "having Senators and Representatives with criminal records would be helpful in writing laws".

              A decent law student can argue *anything*. Doesn't mean it's a good idea. In fact, it's the worst ideas that tend to get the best advocates, because everyone likes a challenge.

      3. Ledswinger Silver badge

        You believe that people actually think there is ANY intelligence in the US Senate, or the other place as well.

        I certainly do believe there is a lot of intelligence in both houses. Unfortunately that intelligence is almost exclusively deployed in serving the political and financial elite, at the expense of Main Street. That's why Wall Street got bailed out, is now making mega bucks again, the rich are getting richer, but the ordinary people of the US see a flat-lining economy. Your job just got offshored? Too bad, but look at the bonus the execs get. Your privacy just got cancelled, never mind, the TLAs are happy with more power and bigger budgets.

        And so it goes on. Whilst the population vote for the donkey & elephant circus, they vote for the establishment, for the mega rich. Only when you start voting in non-establishment parties who don't represent the elite will this change.

      4. ABehrens

        Congressman Ted Lieu has a degree in computer science from Stanford. He certainly would understand the utter stupidity of this bill.

  2. Anonymous Coward
    Anonymous Coward

    Dumb and dumber

    With allies like these two, who needs enemies?

    1. Big John Silver badge

      Re: Dumb and dumber

      And they represent both sides of the aisle! Truly bi-partisan stupidity.

      That's what America is all about!

      1. Anonymous Coward
        Anonymous Coward

        Re: Dumb and dumber

        When two ideologues of supposed opposite extreme views cooperate, and you don't get extreme/2, but extreme^2, it's because, despite the superficial color differences, they actually are of the same species.

    2. Mark 85 Silver badge

      Re: Dumb and dumber

      Maybe they're sending up a trial balloon to see who shoots at it while May, et al, watch and see if it might work for you in Blighty. There's too much back and forth across the pond similarity anymore. Once one of us passes something like this, the other will too.

      1. Roo
        Windows

        Re: Dumb and dumber

        "There's too much back and forth across the pond similarity anymore. Once one of us passes something like this, the other will too."

        That process has rendered voting pretty much pointless for the citizens of blighty. It would be nice if our MPs didn't try and pretend otherwise, because they could devote more effort to work on the issues that they can do something about.

  3. Herby Silver badge

    All your base belong to US

    The US is (unfortunately I live here) The United States.

    Query: Please tell me the secret?

    Question: Can you keep a secret??

    Response: Yes.

    Statement: So can I (so I won't tell you)

    Sometimes you need to be a real BOFH about this stuff.

    Perhaps we should inquire the Senator's email, and ask if it is encrypted? Does Ms. Feinstein have something to hide??

    Yes, she is (unfortunately) my Senator (groan).

  4. Grade%
    Pint

    Um, doesn't this blow a hole

    ah, into the future of American software companies potential product offerings? I mean, if this gets passed then silicon valley goes up in a poof of facepalming and automagically appears in a country where they are allowed to create products immune to third party poking. So, um, Germany? Wow. The Ruhr valley gets my vote.

    1. Crazy Operations Guy

      Re: Um, doesn't this blow a hole

      I would think Iceland or Norway. Both have outstanding rights records when it comes to privacy, not part of the EU, and both have a surplus of electrical generating capacity. Norway currently needs a bit of an economic boost now that a large sector of their economy (oil production) has gone down the drain, so I'd figure that they could give out some pretty healthy tax breaks.

      1. Credas Silver badge

        Re: Um, doesn't this blow a hole

        Well, quite. Anyone remember how difficult it was to get an uncrippled version of PGP outside the USA, when it's export was banned? Not difficult at all. And if these morons think that strong cryptography can only be developed in the USA, perhaps they should remember that the inventors of Rijndael, the winner of the AES selection process, were Belgian. Maths isn't the sole preserve of any one nation.

        1. Down not across

          Re: Um, doesn't this blow a hole

          Well, quite. Anyone remember how difficult it was to get an uncrippled version of PGP outside the USA, when it's export was banned?

          Having been part of the OCR proofreading effort (OCR was pretty poor in those days) of the printed source code I can answer with resounding yes I remember all too well.

      2. Anonymous Coward
        Anonymous Coward

        Re: Um, doesn't this blow a hole

        Can move the hosting to the arctic circle datacenter when it's finished.

    2. Doctor Syntax Silver badge

      Re: Um, doesn't this blow a hole

      Switzerland and Ireland are other possibilities.

      1. Anonymous Coward
        Anonymous Coward

        Re: Um, doesn't this blow a hole

        Estonia - educated workforce, the whole e-residency thing, and if you're a security vendor the neighbours have a track record of testing things ...

      2. Voyna i Mor Silver badge

        Re: Um, doesn't this blow a hole

        "Switzerland and Ireland are other possibilities."

        I can't see the Californians tolerating either the anal retentiveness of one or the weather of the other. Though "Silicon Jura" doesn't sound too bad.

    3. PassiveSmoking

      Re: Um, doesn't this blow a hole

      Absolutely it would, why else do you think normally implacable enemies like Apple, Google and Microsoft are banding together to fight this collectively?

  5. storner
    FAIL

    Well, what did you expect -

    from the Senate INTELLIGENCE Committee.

    Sheesh...

    1. Captain DaFt

      Re: Well, what did you expect -

      "from the Senate INTELLIGENCE Committee."

      Um, exactly this?

      The Good Morons™ in the Senate and House only form committees for things they're trying to control or eliminate.

  6. fnj

    Failure to measure up

    1) It goes against my instinct of the truth, but I am willing to grant well meaning motivation to these two individuals.

    2) We are entitled to expect more than meaning well from our elected leaders. We are entitled to expect them to inform themselves of the issues on which they legislate, and we are entitled to expect them to respect the Constitution, human rights and dignity, and the sovereignty of the People.

    1. Destroy All Monsters Silver badge

      Re: Failure to measure up

      grant well meaning motivation to these two individuals

      ${preferred:socialistic_dictator_from_history_books} also had well-meaning motivation -- it just didn't fully match other people's continued well-being.

    2. Anonymous Coward
      Anonymous Coward

      Re: Failure to measure up

      "I am willing to grant well meaning motivation to these two individuals."

      I'm not.

    3. John Brown (no body) Silver badge

      Re: Failure to measure up

      "It goes against my instinct of the truth, but I am willing to grant well meaning motivation to these two individuals."

      Why? They have the power and money to bring in advisor who actually know what the implications are and yet they either didn't bring them in or didn't listen to them. Or, as is more likely, they brought in only advisers who were paid to come up with the "right" answers.

  7. channel extended
    Happy

    Stealing IT

    Maybe the CIA stole the documents from the Chinese and these two think a police state is a good thing? That might be why they support such idiocy.

    My other theory is 'Clowns gotta be clowns!!!!!!!'

  8. Michael Sanders

    Senators with Disabilities Act

    Or Gift to the People's Republic of China...

    A backdoor in every piece of secure software... So you could just shut down most of Homeland security at that point. As 6-hours after the first crippled security software is installed I'll be able to Google how to get into everything.

    1. hplasm Silver badge
      Thumb Up

      Re: Senators with Disabilities Act

      On the bright side- 10 minutes after banking encryption is outlawed, all IT people have a chance to get very, very rich indeed!

      1. BebopWeBop Silver badge

        Re: Senators with Disabilities Act

        And simultaneously poorer - works both ways.

    2. Yet Another Anonymous coward Silver badge

      Re: Senators with Disabilities Act

      Certainly a gift to Chinese manufacturers.

      When this law is introduced all the other countries will demand access to the backdoor.

      So all US built equipment will be compromised.

      So the only place that US police, security services, military and politicians will be able to source communications gear from is outside the USA - ie China.

  9. PaulAb

    Full Moon?

    Surely these people are the lunatics of the Early 1960's Hammer house of horror films. Do they actually understand that once they do this, every attractive system in the world will be the focus of attention of criminals and rogue states, once cracked it will be the gateway to everything that operates our world.

    These people prove decisively that if you are a complete moron it should not hinder your advancement in government.

    1. moiety

      Re: Full Moon?

      Not every attractive system in the world...just the ones with US software on. And there wouldn't be many of those outside the US in a very short space of time.

  10. Destroy All Monsters Silver badge
    Big Brother

    "No one is above the law"

    Except us.

    Until the leaks occur (the ones that are not engineered by us, that is)

    Then it's a "temporary misjudgement" that demands "understanding" (and anyway, look at Kardashian's arse and we are fighting Russians in lower bumfuckistan, a country of strategic importance to Oceania, and the economic crisis will be over soon, we are reaching escape velocity tomorrow)

    But the leaker will get it.

    Because, well, no-one is above the law.

    1. ma1010 Silver badge
      Big Brother

      Re: "No one is above the law"

      What do you mean fighting Russians? We are at war with Eastasia. Oceania has ALWAYS been at war with Eastasia.

      1. Destroy All Monsters Silver badge

        Re: "No one is above the law"

        Sorry, I misspoke.

        Hold on, there is a reeducation van holding in front of my house. That's weird. Be right back.

    2. Paul Crawford Silver badge

      Re: "lower bumfuckistan"

      Have an up-vote for that alone!

  11. Version 1.0 Silver badge
    Joke

    Political qualifications

    If you have half a mind to run for political office in the US then that's all you need.

    Ignore this - they are just spinning for votes in November, as has been proved in the past - you can legislate all you like but it's not like the rest of the world will listen to you.

    1. GrumpyOldBloke

      Re: Political qualifications

      > it's not like the rest of the world will listen to you.

      If only that were true.

    2. Voyna i Mor Silver badge

      Re: Political qualifications - Ignore this - they are just spinning for votes in November

      Feinstein "represents" California, doesn't she? I wouldn't have thought that was much of a vote winner there.

  12. a_yank_lurker Silver badge

    If Stupidity Were a Crime

    These two dim bulbs are trying to make stupidity worthy of the death penalty for treason against the humanity.

    1. Tomato42 Silver badge
      Facepalm

      Re: If Stupidity Were a Crime

      don't worry, a bill legislating that pi is equal to exactly 3 is in the pipeline, no one has the time for all this .1415... rubbish!

  13. Christoph Silver badge
    Facepalm

    require anyone who makes or programs a communications product in the US to provide law enforcement with any data they request in an "intelligible format,"

    They had better rephrase that, it reads as that they must break any encryption which the user has applied to the message before sending it.

    So if I encrypt a message with a one-time-pad created with a true random number generator, then I send the message and I destroy the pad, they must break that encryption. Good luck with that!

    1. Michael H.F. Wilkinson Silver badge
      Happy

      If that souns like too much work

      Just send the random numbers (any source of physical random noise will provide that, like thermal noise in a webcam), and let them decrypt that.

      Sit back and have some popcorn

      1. Anonymous Coward
        Anonymous Coward

        Re: If that souns like too much work

        "Just send the random numbers (any source of physical random noise will provide that, like thermal noise in a webcam), and let them decrypt that."

        They can then claim to have decrypted it - and prosecute you for whatever they say they found. Their decryption methods will not be revealed - as that would "compromise national security".

    2. Yet Another Anonymous coward Silver badge

      The UK's equivalent law requires you to reveal any hidden message in any text.

      So you are screwed if you have a copy of Finegans Wake

      1. Voyna i Mor Silver badge

        "So you are screwed if you have a copy of Finegans Wake"

        The hidden message in Finnegans Wake is "I am really struggling to learn to type."

      2. Tomato42 Silver badge
        FAIL

        or if you have any text written in Linear A

    3. Anonymous Coward
      Anonymous Coward

      Could somebody please request an "intelligible format" copy of this bill?

  14. Anonymous Coward
    Anonymous Coward

    ""no person or entity is above the law."

    Except, in its own eyes, the federal government.

  15. EveryTime Silver badge

    I hope that this trial balloon has been considered popped, stamped on, spit upon, burn, irradiated, buried and forgotten.

    1. Ropewash

      Not a chance.

      It will be brought back over and over and over until people have given up protesting it and then it'll get slipped in with a bunch of other spurious laws that get passed to protect "the innocent" from whatever they are guilty of that year.

      By that time everyone that really cares (and the criminals) will have moved on to better encryption and the whole cycle will need to be re-started because legislators/lawyers need paycheques.

      Perhaps if the governments want these backdoors a little give&take is in order, since no-one is above the law after all...

      ...Freedom of Information Requests could now count as court orders and all government data must be backdoored/unlockable so the requestor can view it.

      Any bets they'd go for that?

      Anyone?

      ?

      1. arkhangelsk

        Re: Not a chance.

        I agree. Right now, it doesn't really cost the legislative anything to propose these Anti-People measures and in practice it doesn't cost the Executive anything to overstep what laws have been created. The worst is that a court rolls them back, and even if they do levy a fine who cares its not coming from those people's pockets but from taxpayer's money. Nobody actually pays on a personal level.

        Maybe what is necessary is an actual, personal cost to any Senator or administrative official trying for these anti-People measures.

        1. pete 22

          Re: Not a chance.

          "Nobody actually pays on a personal level."

          IMHO this is precisely the problem with both the US Govt *and* businesses

          1. Anonymous Coward
            Anonymous Coward

            Re: Not a chance.

            But without that evasion of risk, no one would be willing to invest. That's why the Limited (Liability) Company was created in the first place. You can't have it both ways. Do you want ideas to die on the vine or get turned into corrupted vinegar?

            As for the government, I suspect that human condition makes things like this inevitable. SOMEONE will eventually have the cojones to tear up the Constitution, seize power, and casually bomb enemies like it was Tuesday. And if the whole countries rises up, there's always the threat to set off the Yellowstone supervolcano.

        2. hplasm Silver badge
          Meh

          Re: Not a chance.

          "Maybe what is necessary is an actual, personal cost to any Senator or administrative official trying for these anti-People measures."

          But- but- isn't that what the 2nd amendment is all about?

          1. Anonymous Coward
            Anonymous Coward

            Re: Not a chance.

            I have a fellow tin-foil wearing friend who recommends that politicians be held financially responsible for their own personal security details. It might make them a bit less reckless in the legislature and the bully pulpit.

          2. redpawn Silver badge

            Re: Not a chance.

            It's what elections are for but the populace does not spend much effort thinking and less remembering and voting.

            1. Charles 9 Silver badge

              Re: Not a chance.

              Seems the election process is a no-win situation. Universal suffrage guarantees a glut of stupid, pliable votes that obey the whims of Pied Piper Politicians. Putting up any sort of standards test will eventually be corrupted to ensure only party loyalists can vote. Either way, the average person ultimately loses his/her ability to keep the government honest.

  16. redpawn Silver badge

    I wrote it,

    but I was sleep legislating, while having a nightmare about terrorists and pedophiles, after taking sleep aids.

  17. Anonymous Coward
    Anonymous Coward

    You learn something new every day

    I didn't realise that "Senate Intelligence" is actually a synonym for "abject stupidity".

    And here I was thinking that "Military Intelligence" already was a virulent oxymoron. The "moron" of that word certainly applies.

    How do they find these people, and how did they ever make it into that position? Oh no, wait. There's Trump, and there was Bush. Forget I asked.

    1. Tomato42 Silver badge

      Re: You learn something new every day

      To be honest, Bush wasn't so bad. He was stupid, but it was the stupid we knew. It was predictable.

      Trump is a complete wild card.

      1. el_oscuro

        Re: You learn something new every day

        That is why I am voting for Gary Johnson. He has little chance of winning but when your only other choices are between Dumb and Dumber, why not?

        1. Swarthy Silver badge

          Re: You learn something new every day

          From the complete shit-shower the two "Main" parties have given us, I believe that if more people knew of Gary Johnson he would stand a very good chance.

          Of course, given the offerings of the Left and the Right, Cthulhu would seem like a viable alternative.

          Vote Cthulhu, and He'll eat you first!

  18. Doctor Syntax Silver badge

    "For one thing, it will kill end-to-end encryption."

    No it wouldn't. It would just mean USians would have to buy it from abroad. The interesting question is whether the abroad vendors they'd have to buy it from would be someone new or familiar names that used to be US corporations.

    The amazing thing about legislators is that they never seem to learn from history. If you pass legislation that enforces something unpopular it doesn't get obeyed, it gets worked round in ways which were usually obvious to everyone else before you even passed the legislation.

  19. a_yank_lurker Silver badge

    Catch 22

    If there is a mandated backdoor, aka hacker entry port, what does that do for companies and people who must keep client/patient information secure. Does this mean online banking, online medical portals are illegal because their lack of security violates other laws such as HIPPA?

    1. Yet Another Anonymous coward Silver badge

      Re: Catch 22

      It will be secure. The FBI, CIA, NSA, USSS, every branch of the military and 20,000 local police departments will have access to the backdoor - with that many security professionals protecting the access how can it not be secure?

      Then add in the security services of every foreign country the manufacturer wants to do business in, and the secret will be super secure squared !

  20. Someone_Somewhere

    Occam's Razor

    dictates that the smart money is in pork futures.

    It has been said that one should never attribute to malice aforethought that which is adequately explained by stupidity.

    The corollary of that is, of course, that one should be careful of assigning to stupidity that which is adequately explained by malice aforethought.

    There is a certain kind of person (colloquially known as a 'politician') who doesn't become a representative of 'The People' because they want to actually represent the People, but because it's the internship for their subsequent career as lobbyist for special interest groups, special advisor, (non-executive) director, etc.

    Such people might just be smart enough to have an eye on the idea that their future earnings potential might just be that 'little bit' (i.e. a whole load) greater, if they can introduce legislation during their tenure that will result in their being in a position to offer their knowledge of said legislation to the highest bidder afterwards - that is, they have the key to the backdoor and are willing to sell a copy of it, if the money is right.

    All they have to do whilst in Office is make sure that a back door gets added to the blueprints in the first place and their future will be even rosier than it was already going to be.

    Some people are good actors and playing the bumbling incompetent fool is their forte - they allow (nay encourage) others to typecast them as such.

    Not all of them are on the stage or screen.

    1. Someone_Somewhere

      Re: Occam's Razor

      In this instance, however, it's probably fairly safe to attribute it to stupidity:

      https://motherboard.vice.com/read/whatsapps-encryption-burr-feinstein

  21. Mage Silver badge
    Facepalm

    No individual or company is above the law

    True.

    So you go after the person with the key. You don't force lockmakers to make faulty door locks so everyone's car can be stolen and house burgled.

    TSA keys are online.

    If you weaken encryption so you can get in with a court order, without the users key, then shortly all the unfriendly governments and criminals can do it without a court order.

    1. Anonymous Coward
      Anonymous Coward

      Re: No individual or company is above the law

      "So you go after the person with the key."

      Good luck doing that when he's in and under the protection of another country yet can still wreak havoc on you. They're using sovereignty against you, which basically means all bets are off.

  22. PiltdownMan

    police trainer Jonathan Ździarski

    Clearly his surname is encrypted!!!

  23. moiety

    Both beggars and buggers belief. Simultaneously sinking your technology industry in it's entirety (or forcing it to relocate; where possible; but it wouldn't be a US industry any more); collapsing banking and e-commerce; and rendering the whole population much more vulnerable to attack.

    The guys who wrote it aren't Russian are they? Or terrorists? Actually; there's probably a bunch of people who'd want the US to burn that badly; because US foreign policy hasn't really been about making friends of late.

    Whoever wrote that ought to be impeached immediately; or whatever you do to senators to stop them hurting themselves and others. There just isn't a word for gormlessness on that scale. Traitor covers part of it though.

    1. War President
      Black Helicopters

      "Whoever wrote that ought to be impeached immediately; or whatever you do to senators to stop them hurting themselves and others."

      'You,' as in 'ordinary citizen,' can do nothing other than complain to the government and vote out the twats that make bad laws the next time they're up for re-election. Congress has a 9% approval rating, yet, overwhelmingly, the incumbents are re-elected. As a long term resident of the US, I can confidently say that the citizenry gets the government it deserves. Often to the detriment of the rest of the world...

  24. ChubbyBehemoth

    Maybe this document got delayed in the mail?

    April,.. first?

    I wonder if the same people have ideas on changing the postal laws as well. If not it spells good times for the paper industry in the US as all communication has to revert back to mail for any level of security. Hmm,.. how about using clay? Durable and fireproof.

    Would the law also apply to software created prior to the law? If not the US will just be stagnant from the time it passes, but if so, how are they going to make companies comply? They have all moved to Iceland for some reason. Nuke em? Maybe with Trump or Cruz in power a lot more of these bipartisan products will pass legislation. Certainly explains why nothing much happens on the hill if this is any indication of the current level of legislators in the States. Those poor sods...

  25. albaleo

    Possessive pronouns also illegal

    "[my] economic growth, prosperity, security, stability, and liberty require [your] adherence to the rule of law,"

    1. Rich 11 Silver badge

      Re: Possessive pronouns also illegal

      It's the order of the nouns which caught my eye. You can tell where their priorities lie.

  26. Anonymous Coward
    Anonymous Coward

    "If the bill is the work of Burr and Feinstein, it's a little worrying,"

    Oh I doubt it. It may be nut-jobbery, but the ideas in it seem to be coherent and the technical detail is reasonably complete and well expressed.

    I'd say the author is at least as capable as an experienced security pro. The aims and desires of the Bill seem to be those of law enforcement / security services.

    The two politicians are merely today's couriers. Laugh at them all you like - the real authors will just carry on pushing the message.

  27. clatters
    FAIL

    Don't dismiss this

    just remember two other (idiots) Senators who issued a knee-jerk piece of complete shite to a stupid president who rushed this into law affecting the IT industry...

    Sarbannes-Oxley.

    Nuff said!

  28. Anonymous Coward
    Anonymous Coward

    Excellent news for non Americans

    When the exodus of US hi tech companies to the rest of the world starts, although they're unlikely to relocate to the UK, courtesy of our overlords.

    Go Feinstein go!

    1. Someone_Somewhere

      Re: Excellent news for non Americans

      Also @ moiety

      Makes no difference to the U.S. where the business is located - or whether it pays taxes there - the U.S. will get its cut because it doesn't care whether any other party taxes it or not - the U.S. taxes U.S. businesses where'ere they may be.

      And that's all that matters: the money.

      1. moiety

        Re: Excellent news for non Americans

        All the more reason to make a complete break, citizenship for employees and all. Pretty sure Ecuador would be happy to issue visas/passports in bulk lots after the US forced down their leader's jet looking for Snowden.

        1. Someone_Somewhere

          Re: Excellent news for non Americans

          I doubt the U.S. would have any qualms about <ahem> 'repatriating' its wayward emigres however.

  29. TechnicalBen Silver badge

    Well, there is an easy loophole.

    Theoretically there is an easy method to provide the requirements for the bill, while also keeping security for the users.

    Now I just need $1005, $1000* to file the patent, and $5 to phone Apple to offer a licence for the "obvious" to them. :D

    *I've no idea how much it is really.

    1. BurnT'offering

      Re: Well, there is an easy loophole.

      Yes, I think you probably can provide the requirements for a few bucks. Meeting them may cost rather more

    2. kmac499

      Re: Well, there is an easy loophole.

      Damn I was just about to go with that idea..but with a twist

      Obtain a Patent for Crypto wIthout backdoors..

      Sell patent to a Patent Troll ( Apple is a computer Co not a trolling Co (allegedly))

      Get the patent troll to sue the arse of all cryptomakers that infringe; unless of course they have included a backdoor.avoiding the patent.

      Simples

      (Diane you can send me my fee via my Nigerian associates.)

  30. BurnT'offering

    Please, please, please enact this law!!!!

    Sincerely yours - Russia, China, North Korea, and hackers everywhere.

  31. moiety

    Just as scientific interest, how many bits of the constitution does this contravene? Unreasonable search and seizure is definitely there. If you're counting encryption as a weapon (as these people seem to be) then there's the right to arm bears as well. Anything else?

    1. Charles 9 Silver badge

      Against a constant and existential threat, ANY search or seizure will be considered reasonable. As for using encryption as arms. they'll construe that you're taking up arms AGAINST the country. Guess what? That's treason, one of the few crimes explicitly listed in the Constitution.

  32. 404 Silver badge

    Unintended Consequences

    I want to encrypt *everything* now... just because I'm contrary and don't think these idiots could program a VCR... they have 'people' for that mundane stuff...

  33. billse10

    hmm ...

    require anyone who makes or programs a communications product in the US to provide law enforcement with any data they request in an "intelligible format,"

    Intelligible format?

    Intelligible to whom, exactly?

    https://xkcd.com/257/

  34. 101

    The Usual Suspect

    Burr and Feinstein are too stupid to write even a stupid law.

    I would suspect Mr. Comey's agents wrote the law and the fact that it's in committee shows Congress is more than willing to pass it in the name of security: In the dark of night by unanimous voice vote, with no debate, with the bill attached to something existential to keep government running.

  35. Anonymous Coward
    Anonymous Coward

    For their next trick, I'm expecting them to cite Noah's parting of the Red Sea as concrete evidence that the impossible really can be done if you only try hard enough.

    Or has April fools come ten days late?

    1. Voyna i Mor Silver badge

      For their next trick, I'm expecting them to cite Noah's parting of the Red Sea

      Feinstein's Jewish - I expect she can tell Noah from Moses.

      1. Anonymous Coward
        Anonymous Coward

        Re: For their next trick, I'm expecting them to cite Noah's parting of the Red Sea

        Whoops, sorry - no excuse for that except beer.

        That said, this document suggests Feinstein probably has trouble telling her arse from her elbow, however good her grasp of biblical patriarchs.

  36. anniemouse

    they would BURN the Bill of Rights if they could

    Monsters are never concerned that what they do might squash free will, independence, the American Way, free enterprise, free speech or what Jesus taught. Monsters that occupy congress are so immersed in power that collateral damage of the deaths of the youth of America is the price people have to pay for their greedy abuses. Oh yes, do you think imeciles like Feinstein and Burr give a royal carp about the Panama Papers other than their dammed lip service? or that their wallstreet bankster peemps robbed Americans of home values? or that their dumya master falsified WMD and illegally invaded a country? HALE NO.

    These monsters are no better than mubarek (whom they paid and worshipped) nor bashar al-assad. All they really want is to condition Americans to take a beating so they can promote their yinon.

  37. Velv Silver badge
    Headmaster

    "no one is above the law"

    But that doesn't mean you author utterly stupid and dangerous laws that no one should be above!!!

  38. Someone_Somewhere

    If A -> B, B -> C then A -> C

    Anyone who is in favour of weakened security* is an enemy of the State: they are advocating the facility for enemies of the State to have easier access to the infrastructure - ergo A -> C.

    Moreover, not only does that infrastructure include commercial, financial and Military activity, but, furthermore, hospitals, schools.

    By extension, therefore, A -> Z, where Z = paedophilia.

    There you go, there's the "won't someone think of the children?" angle that can be used against them.

    Add in hopspital equipment, people's pacemakers, etc. and they want to kill your grand/parents too!

    Done properly, the reporting on this could see an end to any and all attempts by traitors, paedophiles and murderers to weaken encryption.

    * which is, after all, what weakened crypto /is/.

    1. Charles 9 Silver badge

      Re: If A -> B, B -> C then A -> C

      "Done properly, the reporting on this could see an end to any and all attempts by traitors, paedophiles and murderers to weaken encryption."

      NOPE. Because as long as they're in Congress, they can't be forcibly removed except by impeachment trial, and Congress looks to their own; sorta like how you can't expect foxed in a hen house to keep themselves in check. As for the election, being in Congress gives you the political muscle to reduce your risk of an ouster. After all, how often is an incumbent actually voted out in any given election?

      1. John G Imrie Silver badge

        Re: If A -> B, B -> C then A -> C

        I've got a Wookie over here.

        1. Someone_Somewhere

          Re: If A -> B, B -> C then A -> C

          > I've got a Wookie over here.

          Would you be interested in trading it for a tiger-repelling rock?

  39. BitDr

    it takes generations to regain trust

    The stroke of a pen can cause the software industry in the U.S. to wither and die. Their products will not be trustworthy. These people would put screen-doors on submarines. Setting up dual lines of development and supply to comply with U.S. only rules would be a nightmare. It would probably be easier to strong arm their "economic partners" into passing the same laws.

    1. Charles 9 Silver badge

      Re: it takes generations to regain trust

      And what happens when these policies get pushed elsewhere in the world, regardless of the "ink on a page" people call laws?

  40. W. Anderson

    No wonder most voters have low opinions of politicians

    Feinstein, Burr and other numb-skulls and their technology advisors on the hill have not stopped to think about and understand clearly that much of the most widely used and best (software) technology used today is not even American developed, and comes from various non-commercial, non-government control entities around the world, so the Congress has no influence or authority over such matters.

    Even hardware, and particularly Internet/computer Networking is moving to "Software Defined Network" (SDN) model, that makes the purpose of this Bill doubly unworkable and stupid.

  41. gollux

    require companies to either build a backdoor into their encryption systems or use an encryption method that can be broken by a third party

    And by federal mandate, all federal, state and municipal entities, law enforcement military and intelligence and any other unspecified government entity must use said encryption systems and methods.

    No governmental, commercial entity or person is above the law.

  42. Matt Bryant Silver badge
    FAIL

    Another click-bait headline.

    From the text of the article - "....when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out....." Nothing there about making encryption illegal as claimed, just making it a crime to not decrypt when served with a court order (as is already the law in the UK). And that's a court order, more than just a warrant. Just another article pandering to the paranoid.

    1. Charles 9 Silver badge

      Re: Another click-bait headline.

      But in order to be able to actually carry out the court order, you need a system that enables them to do it even when the only source of the original key no longer exists (like what happened in the San Bernadino case; the only person who knew the PIN was dead). Ergo, a backdoor must exist or the bill will have no merit.

  43. DerekCurrie
    FAIL

    The Fifth Amendment to the US Constitution IS THE LAW!

    #MyStupidGovernment at work, once again:

    "When there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law."

    Neither are my stupid US senators.

    1) This idiocy of a bill blatantly attempts to destroy the Fifth Amendment to the US Constitution. If any US citizen chooses to encrypt their PRIVATE information, they have the right to AND to never divulge information they know that would allow access.

    2) This idiocy of a bill is ignorant of the fact that unbreakable end-to-end encryption is free, available everywhere, is plentiful and is not going away ever.

    3) Every US company has the right to provide Fifth Amendment supporting encryption in their products AND the right to refuse to break that encryption. That's going to stand up in court no matter how hard the totalitarian maniacals try to fight it.

    4) As Apple has already pointed out: "Contrary to the government’s contention that CALEA is inapplicable to this dispute, Congress declared via CALEA that the government cannot dictate to providers of electronic communications services or manufacturers of telecommunications equipment any specific equipment design or software configuration."

    Summary: #MyStupidGovernment is hopelessly drowning in this issue. All they are accomplishing is to drive a deeper and wider wedge between the rights and wishes of We The People, with OUR US Constitution in hand, and our technologically inept and politically corrupt government. No, totalitarianism is never the way. Totalitarianism is government FAILure, which is what this ridiculous bill seeks. It demands that the terrorists win.

  44. JeffyPoooh Silver badge
    Pint

    Deep Thought

    "I'm not done yet. This takes time."

    How long will it take?

    "10^77 years. The bill didn't specify a maximum time."

  45. Winkypop Silver badge
    Facepalm

    What next?

    A bill to print more money to end poverty?

  46. Paul Kosinski

    Intelligible non-decryption

    Perhaps there will be a market for software that converts obviously encrypted data into "intelligible format" without actually decrypting it. If the encryption is effectively unbreakable and the output is plausible -- given the originating person or organization, the size of the encrypted file and some clever AI -- it might be hard to prove it was not the actual decryption.

    1. Andy A

      Re: Intelligible non-decryption

      That's a scheme which is already widely used.

      Steganography is the hiding of information in places where it will normally be overlooked, such as a digital watermark hidden in an image file. You could hide any number of bits in a picture of a crowd scene.

      1. Anonymous Coward
        Anonymous Coward

        Re: Intelligible non-decryption

        But stego normally contains tells that can make them detectable if subject to image manipulation (It's kinda part and parcel--it's also what allows you to retrieve the information). The only way to avoid this is to use very subtle methods like wavelet methods. Problem is, such subtle means don't allow for a lot of "space" to hide your information plus may still not be robust enough to get past a regime that enforces mangling of every picture upload.

        1. Someone_Somewhere

          Re: Intelligible non-decryption

          You aren't restricted to images for stego - an audio file with lots of noise*, can easily take the extra data without becoming as obvious as an image file would be (especially if you do noise-reduction on it first to create some extra headroom).

          * like, say, a live recording of a musical event with lots of crowd whooping, cheering, whistling, etc. Or a street scene** with roadworks.

          ** an on-the-spot reporter canvassing public opinion on the street.

          1. Charles 9 Silver badge

            Re: Intelligible non-decryption

            A lossy compression say to AAC would then likely mangle it. If I were an autocrat, I'd mandate it and probably a reduction to 22kHz to further mangle audio stego.

            1. Someone_Somewhere

              Re: Intelligible non-decryption

              People here may be interested in https://en.m.wikipedia.org/wiki/List_of_cryptographic_file_systems - particularly stegFS, rubberhose Filesystem and PEFS.

              Of course, with enough computing resources and sufficiently small search spaces - your average jpg for instance - even encryption won't help you because, for a given search space, all that need be done is to calculate all possible sequences of 0 and 1 equal to the size of the file in question and, eventually, the data will be presented as 'plaintext' so to speak.

              Obviously, it's not a trivial exercise even for small searches, but its still technically doable.

              In fact, given enough time, 'all' that need be done is to generate all meaningful sequences at all sizes from n=1 bit to n=largest-storage-capacity-available, discarding those that represent random/meaningless data, and all data-sets that can possibly be created can be known in advance anyway.

              From there, it's merely a matter of mapping a given data-set to a given individual (or individuals) by cross-indexing the encrypted form to the stored data-set template - i.e. we know that a given encrypted pattern maps to a specific set of unencrypted data of the same size, so we know what the data would be if we unencrypted it.

              Ultimately, the only way you can be even reasonably sure your data will be safe from prying eyes would be to create an infinite stream of compressed data which, like a zip file, doesn't reveal its index until the end. Of course, since the data stream is infinite, the index will never be transmitted and no-one will ever be able to recreate it - but that includes the recipient, so its useless as anything but a though exercise. Stochastic analysis might result in sufficiently large portions of it being made intelligable, however, for enough of it to be revealed along the way to create a sufficiently robust case for "We've got enough for our purposes and the rest doesn't matter" - so even /that/ approach might fail eventually.

              As for the steganographic element, as the AC above mentioned, there are often 'tells', so subtracting intelligable data from the complete data-set might reveal sufficient quantities of the hidden data to provide a data-set to which the above approach might reasonably be appled - if the need is great enough then a data-set the size of a jpg might be worth brute-forcing that way.

              </just some idle musing>

              1. Someone_Somewhere

                Re: Intelligible non-decryption

                Probably the best way to 'hide' data would be to write a program in 'whitespace' that, when compiled and run would generate the desired data-set that one wishes to comunicate. Then all one has is a file consisting (seemingly) of white space - like a blank document. If one then gives it some sort of crazy-assed name (e.g. %$kl(_!:ߧz), one could plausibly pass it off as a 'corrupted' 'doc' file for instance.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Intelligible non-decryption

                  But because legible text tends to have a grammar behind it with rules, this is quite prone to getting "mangled" by a text sanitizer that reduces all spacing to the bare minimum to maintain legibility (say for English, no more than two line breaks at a time, single spaces only, and no indentation). And this would happily chew through your "corrupt doc file" because, in its eyes, if it's corrupt, it has nothing of use anyway: sanitize anyway.

                  1. Someone_Somewhere

                    Re: Intelligible non-decryption

                    Why would you sanitise it in the first place?

                    It's the source-code that you will subsequently feed into a whitespace compiler/interpreter that knows to expect code written in whitespace and won't, therefore, sanitise it but compile/interpret it.*

                    You then run the resultant binary (if one is necessary**) - which generates the desired 'plaintext' (so to speak) output.

                    It's only an n>1 party that would be likely to mistake it for a corrupted 'document' - you (and any other parties privy to it) know otherwise and won't make the mistake of doing anything else with it.

                    Or have I misunderstood the point you are making?

                    * assuming, of course, that there are no syntax errors.

                    ** which, of course, it /wouldn't/ be, if it were being interpreted.

                    1. Charles 9 Silver badge

                      Re: Intelligible non-decryption

                      Because I'm the Autocrat and I demand all traffic in my land be intercepted mid-flight and sanitized. All plaintext gets scrubbed of excessive whitespace, all images are squashed and color-reduced, all videos heavily recompressed, and so on...

                      In other words, hiding in plain sight is going to be a challenge.

                      1. Someone_Somewhere

                        Re: Intelligible non-decryption

                        > Because I'm the Autocrat

                        Ah, I see.

                        Am I to take it that I won't make it across town without a cavity search and the USB key I have hidden in my rectum will be discovered then?

                        Any day of the week?

                        Any week of the year?

                        I suppose I might get away with it once only then, if you're using something like Red Star Linux.

                        However, what if I write the code, as I suggested, on my own machine, direct to my USB key and don't take it anywhere until the due time?

                        Then there's nothing /to/ intercept.

                        At least not until the day I travel (rather uncomfortably) across town.

                        1. Charles 9 Silver badge

                          Re: Intelligible non-decryption

                          X-ray machines at every transit point and community limit. That'll take it all the way down to a face-to-face encounter in the same community. Add in 1984-like laws to encourage snitching (or you get nailed as an accomplice), and every odd face-to-face is going to be subject to scrutiny.

                          As for writing code, how will you do that when every machine sold has to be approved by me, to the point that it's going to be extremely difficult to roll your own from scratch, covertly, and still remain compatible.

          2. This post has been deleted by its author

  47. You aint sin me, roit
    Pirate

    Strong encryption doesn't kill people, weapons do.

    Isn't Hillary in trouble for *not* using strong encryption?

  48. cortland
    Big Brother

    Whoops!

    There go the one-time-pads. Ate 'em, did you? Off to Leavenworth! And what about this one, Professor? Decrypt it or rot in jail. http://www.skyknowledge.com/voynich-eg.gif

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019