Senators’ major encryption bill is ‘clueless’

Related Story: http://www.washingtonexaminer.com/article/2587983

“The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so,” Ranking Member Sen. Dianne Feinstein, D-Calif., said in a statement announcing the proposal. “We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”

Condemnation for the legislation, which was coauthored by committee Chairman Sen. Richard Burr, R-N.C., came swiftly and from a broad spectrum of groups. Those ranged from nonprofits like the Electronic Frontier Foundation to trade organizations such as the Internet Association, which includes Google and Facebook.

Yet while that demarcation between the tech world and the intelligence community may come with some degree of predictability, the consequences are becoming more noticeable. Specifically, tech critics said, the legislation is not only objectionable, it is written in a way that is technically incomprehensible.

“Burr-Feinstein may be the most insane thing I’ve ever seen seriously offered as a piece of legislation. It is ‘do magic’ in legalese,” Julian Sanchez, a senior fellow in technology at the Cato Institute, said on Twitter. Matthew Green, a cryptography professor at Johns Hopkins, expressed a similar interpretation, calling it “clueless” and “unworkable.”

In a nutshell, critics say, the legislation is written so haphazardly that the issue of “encryption” is nearly lost. It assures, for instance, that the law should not be taken as a prohibition on “any specific design or operating system,” but it would also require a company such as Apple to redesign its software in order to police third parties in its app store.

It also asks that privacy be protected “through implementation of appropriate data security,” but also asks that information be accessible upon request.

Speaking to that point, the Internet Association said in a statement, “The bill creates a contradiction by asking companies to both weaken and maintain security at the same time.”

The issue speaks to a fundamental problem for security-minded members of Congress: An apparent dearth of technical talent willing to assist in writing legislation that would regulate the tech sector. That dilemma is manifesting itself not only legislatively, but also in terms of broader support.

One example of that is Sen. Ron Wyden, another member of the Senate Intelligence Committee and a familiar face of opposition to Burr and Feinstein. Though the Oregon Democrat often votes against measures offered by his colleagues on the committee, he’s taking his opposition to the latest proposal to a new level. “It makes Americans less safe,” Wyden said. “If this dangerous anti-encryption legislation reaches the Senate floor, I will filibuster it.”

At the same time the legislation is facing intense opposition from Wyden, it is finding little sympathy outside of Congress. Asked if any tech groups had offered their support, Burr’s office did not return a request for comment.

Related Story: http://www.washingtonexaminer.com/article/2587830

Perhaps realizing the challenges inherent to passing a bill without broad support, Burr has also said the proposal will not lay out any penalties for failing to comply with its terms, but that he hopes it will provoke some thought. “I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law,” Burr said last week. “Based on initial feedback, I am confident that the discussion has begun.”

Former NSA contractor Edward Snowden waded into that discussion on Twitter. “Who could have imagined Congress, famous for technical illiteracy, would fail to understand cryptography,” Snowden deadpanned.