This week on “Why Politicians Shouldn’t Pretend They Know Things They Clearly Don’t,” we feature Dianne Feinstein (D-CA) and Richard Burr (R-NC), two United States Senators who are asking the government to consider their bill regarding encryption.
Much controversy has been had over encryption since the FBI asked Apple to decrypt the iPhone of one of the now-deceased San Bernadino attackers, a request Apple responded to with “yeah, that’s a terrible idea, so, no.” Most people would think Apple is filled with a lot of smart people, and at least in this case, they’re correct.
The Feinstein-Burr bill, however, is far beyond asking for a single iPhone to be unlocked. It would require every company that engages in any encryption method at any level to be able to quickly provide a method to decrypt the data, at law enforcement’s behest.
Quick primer on how encryption works: when two endpoints communicate, without encryption the data transmitted between the two endpoints is in plain-text form. This is enormously insecure, as sniffing and intercepting traffic isn’t difficult.
With encryption in play, the messages sent between two endpoints are then scrambled exponentially; imagine a message sent using one of those decoder rings from a cereal box, except that instead of a single coded translation it’s coded dozens of times, and instead of needing a decoder ring to decipher it, you need an encryption key that’s normally at least one hundred characters long. This way, if a message is intercepted, decoding the mention is near impossible unless the attackers have access to bona-fide supercomputers (and a lot of time on their hands).
Normally, encryption keys are only held as long as they’re needed (i.e. the time it takes to encrypt the message, send it, the other side to receive it, then decrypt it), or they’re kept extremely secure behind many layers of security. This bill would force software and hardware companies to keep those keys, and decrypt any message asked of them by law enforcement.
Throw away any big brother thoughts you have, the danger is plainer than that: rule #1 of network security is that no solution is invulnerable. No matter how secure a company makes its encryption key vaults, attackers will go after them, and one of them will succeed.
Essentially, this bill would murder any reality of security or privacy on any computer in the United States.
This isn’t sensational; it’s pure insanity. It would likely ruin the tech industry in America.
The fact that a bill like this is even going to get a vote is preposterous. It’s another classic example that Washington does not understand technology, at all.