Yottabytes: Storage and Disaster Recovery

Dec 31 2014   12:56PM GMT

Congress Fights FBI ‘Back Door’ Mandate

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
privacy
Security

A Democratic Senator from Oregon is attempting to prevent government agencies from requiring vendors to build “back doors” into their software and electronic products by playing two kinds of security fears against each other. Sen. Ron Wyden introduced the Secure Data Act earlier this month.

People supporting such “back doors” say they are necessary to help protect Americans from terrorists and other criminals. FBI director James Comey, among other law enforcement officials, called for them after vendors such as Apple and Google implemented encryption on their smart phones by default. But Wyden is saying such “back doors” also make it easier for hackers to break in – an increasingly major issue in the past year.

And Wyden isn’t just speculating about the possibility; he cited an incident in 2005 where “an unknown entity had exploited a ‘lawful intercept’ capability built into Greek cellphone technology and had used it to listen to users’ phone calls” — including those of dozens of senior government officials.

“Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons,” Wyden wrote in an op-ed supporting the bill. “There is only strong security or weak security.”

“Security is a lot like a ship at sea,” agreed Alan McQuinn, a research assistant with the Information Technology and Innovation Foundation, in a blog post in The Hill. “The more holes you put in the system—government mandated or not—the faster it will sink.” Just a few years ago, the FBI was encouraging Americans to use encryption to better protect their data, he noted.

Another major issue in the past year has been revelations about agencies spying on Americans, which Wyden said is eroding trust in the government. “Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats. It is the best way to protect our constitutional rights at a time when a person’s whole life can often be found on his or her smartphone. And strong computer security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans,” he said in a statement.

Requiring back doors would also make U.S. companies less able to sell their products outside the U.S., Wyden noted. This could exacerbate problems that vendors such as cloud storage companies are already having outside the U.S. due to agencies using the courts to claim access to such data, even when it’s outside the U.S.

Wyden isn’t alone. The Hill noted that there was bipartisan opposition to Comey’s proposal, which he said didn’t call for a back door but a “front door with clarity and transparency.” But security experts dismissed that as a semantical difference. “The notion that it’s not a backdoor; it’s a front door — that’s just wordplay,” Bruce Schneier, a computer security expert and fellow at the Berkman Center for Internet & Society at Harvard University, told The Hill. “It just makes no sense.”

Nothing happened with the bill in the lame duck Congress, but Wyden reportedly expects to introduce it in the new Congress in 2015. Lily Hay Newman notes in Slate, however, that such bills have typically faced an uphill battle. For example, a similar measure was passed on the House side earlier this year, but funding for it was stripped from the “cromnibus” bill. It also is expected to be reintroduced next year.

Moreover, the Secure Data Act doesn’t prohibit back doors—it just prohibits agencies from mandating them, Newman writes. “There are a lot of other types of pressure government groups could still use to influence the creation of backdoors, even if they couldn’t flat-out demand them.” There are other weaknesses in the bill as well, notes the Electronic Frontier Foundation.

On the other hand, this isn’t Wyden’s first cybersecurity rodeo; he also essentially singlehandedly killed two bills in the past several years that the computer industry said could give the government too much control over the Internet, as well as worked on other Internet control issues.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: