Another Attempt To Backdoor Encryption

Three of our worst Senators, Marsha Blackburn, Tom Cotton and the ever-awful Lindsey Graham yesterday introduced the Lawful Access to Encrypted Data Act, a “bill to bolster national security interests and better product communities across the country by ending the use of warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.”

First, I can’t remember the last time I saw language that baldly Orwellian (“other bad actors,” “illicit behavior”) – and that’s just the description! The actual parameters of this haven’t changed a tick since their last go-round with trying to purposefully backdoor encryption, however: intentionally weakening strong encryption makes it weaker for everyone, not just “the terrorists.” If a backdoor is put in for “lawful requests,” then it can and will be discovered and exploited by people with less “pure” motives for wanting it — criminals, identity thieves, regular money-seeking thieves, abusive partners, and a whole assortment of others. In a similar way that you cannot both share and not-share a password with someone, you cannot both compromise encryption and retain its strength. At least, to date, I have seen no credible proposals that would allow it.

What may have changed is the politics of this. I’d like to think not, but the relentless push on both sides of the pond to roll back privacy for everyone (not just “the terrorists”), has continued unabated. And as usual, they will pit law enforcement and public safety against a “small, hardly noticeable” reduction in privacy and one’s own ability to ensure it. Arguments like “if you’ve nothing to hide, why should you care” will be trotted out for the umpteenth time. Never mind that having things to hide from certain people – oppressive governments, vengeful employers, abusive life partners – isn’t a sign of having done anything wrong.

This time, though, our leaders may just be attempting to make it too difficult in terms of public relations or technology or possibly even money for a few, large companies, specifically Google, Microsoft and Apple. Maybe a few others – Cisco, etc. If the forces of spying and privacy-reduction here can cause those companies to conclude it’s too much of a pain (for them) to continue their anti-privacy, anti-encryption stance in the wake of the Edward Snowden revelations, then the devices we all depend on will become a lot less secure/trustworthy.

Edited to add: apparently (and not unexpectedly), I’m not alone in my estimation of the problems with this bill.