Tag: encryption

(Reuters) – Two U.S. senators on Wednesday issued a formal draft of a controversial bill that would give courts the power to order technology companies like Apple to help authorities break into encrypted devices or communications for law enforcement or intelligence purposes.

The proposal arrives just days after an earlier draft leaked online and drew fire from security researchers and civil liberties advocates who warned it would undermine Internet security and expose personal data to hackers.

Those same groups on Wednesday said the new draft is little different from the leaked version.

The bill comes as the U.S. Justice Department has redoubled its efforts to use the courts to force Apple to unlock encrypted iPhones.

Senators Richard Burr and Dianne Feinstein, the Senate intelligence committee’s Republican chair and top Democrat, said in a statement they intended now to “solicit input from the public and key stakeholders before formally introducing the bill.”

“I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law,” Burr said. “Based on initial feedback, I am confident that the discussion has begun.”

The new discussion draft does not require manufacturers or communications companies to process, transmit or store data in any particular format.

Rather, it requires companies, upon receipt of a court order, to turn over to the government “data in an intelligible format” even if encryption has rendered that data inaccessible to anyone other than the owner.

Companies must ensure their products “be capable of complying,” the bill states. Critics say that amounts to a ban on strong encryption.

The latest version of the bill narrows the scope of cases where a court can issue an order. Those include crimes that caused or could cause death or serious injury or that involve drug offenses or child victims, in addition to foreign intelligence operations, according to the text.

Andrew Crocker, staff attorney at the Electronic Frontier Foundation, a digital rights group, said changes in the new discussion draft were minimal and the bill still threatened Internet security because companies would only be able to comply by weakening encryption in all their products.

The proposed legislation, which is expected to continue facing strong opposition from the technology sector and privacy advocates, faces an uphill battle in a gridlocked Congress.

“This flawed bill would leave Americans more vulnerable to stalkers, identity thieves, foreign hackers and criminals,” said Democratic Senator Ron Wyden in a statement.

(Reporting by Mark Hosenball and Dustin Volz in Washington; Editing by Andrew Hay)

All articles

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Wyden:  “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Rogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

From VentureBeat

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $ 300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.

All articles