Posted on 04/20/2016 10:14:22 AM PDT by Swordmaker
Coalitions representing major tech companies warn of 'unintended consequences' in letter to US senators
Four coalitions representing Apple, Microsoft, Google, Amazon, and other major tech companies have published an open letter expressing their concerns over a controversial US bill that would require smartphone makers to decrypt data on demand. The letter, published this week, is addressed to the bill's sponsors, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), and signed by four industry groups: Reform Government Surveillance, the Computer and Communications Industry Association, the Internet Infrastructure Coalition, and the Entertainment Software Association. In addition to Apple, Microsoft, Google, and Amazon, the coalitions represent companies like Facebook, Netflix, eBay, and Dropbox.
"Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences," the letter reads. "The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security." The groups go on to note that adhering to the bill's requirements would make any products or services vulnerable to exploitation by "bad actors," and that it could have major ripple effects. "[N]o accessibility requirement can be limited to U.S. law enforcement," the letter continues, "once it is required by the U.S., other governments will surely follow."
An official draft of the bill was published last week, in the wake of Apple's standoff with the FBI over access to an iPhone used by one of the shooters in the San Bernardino terrorist attack. The bill has been met with strong resistance from civil liberties groups like the ACLU and Electronic Frontier Foundation, as well as Senator Ron Wyden (D-OR), who has said he will filibuster it.
But the bill's backers have sought to dispel concerns over privacy and security, arguing that it is critical to law enforcement. "No entity or individual is above the law," Feinstein said in a statement last week. "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so."
If Fineswine is for it, it has to be bad.
Pinging dayglored, Shadow Ace, and ThunderSleeps for their ping lists referencing government over reaching legislation.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Letter to Chairman Burr and Vice-Chairman Feinstein Regarding EncryptionApril 19, 2016
The Honorable Richard Burr
Chairman
Select Committee on Intelligence
United States Senate
Washington, DC 20515The Honorable Dianne Feinstein
Vice-Chairman
Select Committee on Intelligence
United States Senate
Washington, DC 20515Dear Chairman Burr and Vice-Chairman Feinstein:
We write to express our deep concerns about well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm. We believe it is critical to the safety of the nations, and the worlds, information technology infrastructure for us all to avoid actions that will create government-mandated security vulnerabilities in our encryption systems.
As member companies whose innovations help to drive the success and growth of the digital economy, we understand the need to protect our users physical safety and the safety of their most private information. To serve both these interests, we adhere to two basic principles. First, we respond expeditiously to legal process and emergency requests for data from government agencies. Second, we design our systems and devices to include a variety of network- and device-based features, including but not limited to strong encryption. We do these things to protect users digital security in the face of threats from both criminals and governments.
Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences. The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security. As a result, when designing products or services, technology companies could be forced to make decisions that would create opportunities for exploitation by bad actors seeking to harm our customers and whom we all want to stop. The bill would force those providing digital communication and storage to ensure that digital data can be obtained in intelligible form by the government, pursuant to a court order. This mandate would mean that when a company or user has decided to use some encryption technologies, those technologies will have to be built to allow some third party to potentially have access. This access could, in turn, be exploited by bad actors.
It is also important to remember that such a technological mandate fails to account for the global nature of todays technology. For example, no accessibility requirement can be limited to U.S. law enforcement; once it is required by the U.S., other governments will surely follow. In addition, the U.S. has no monopoly on these security measures. A law passed by Congress trying to restrict the use of data security measures will not prevent their use. It will only serve to push users to non-U.S. companies, in turn undermining the global competitiveness of the technology industry in the U.S. and resulting in more and more data being stored in other countries.
We support making sure that law enforcement has the legal authorities, resources, and training it needs to solve crime, prevent terrorism, and protect the public. However, those things must be carefully balanced to preserve our customers security and digital information. We are ready and willing to engage in dialogue about how to strike that balance, but remain concerned about efforts to prioritize one type of security over all others in a way that leads to unintended, negative consequences for the safety of our networks and our customers
Signed,
Reform Government Surveillance
Computer & Communications Industry Association
Internet Infrastructure Coalition (I2C)
The Entertainment Software Association
MEMO TO CONGRESS: Decrypt this “adfemx vpykcslmoq” then send your mothers and fathers over so we can get them legally married.
Re-read the Fourth Amendment to the Constitution.
Yes, the beautiful people should be exempt from lawful warrants. Only the hoi polloi should be subject to the law.
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
I’d like to pass a law requiring members of Congress to clean my toilet. Then maybe they’ll understand why slavery is wrong.
Thank you Tim Cook!
We must consider the possibility of these attacks becoming more frequent in the future, as Bill Gates mentioned in his statement on this.
It is trivial to make encryption virtually uncrackable. So the time is coming that in order to find where the LA nuke is, a dead terrorists phone will need to be examined.
So somewhere along the way it will be illegal for encryption to be sold where the vendor doesn’t have the key which is also a trivial matter.
During much of the 90’s uncrackable encryption was considered a weapon of mass destruction. It can happen again. A couple of weeks ago legislation was introduced in France to do this. This is another example of this.
The FBI has already kept SilentCircle, Lavabit and others from selling secure email services EVEN WITHOUT LEGAL STANDING.
By going high profile Apple WAS BEGGING for this legislation to be introduced.
I think Tim Cook looked polls which show the US federal government to be the least popular government since Louis the 16th. He thought he’d come out looking like a rose if he took them on. Unfortunately this was hit for both the FBI and Apple.
Every US company including Apple must reasonably co-operate with a legal search warrant. Apple went public with the fact that they considered what the FBI was asking was UNREASONABLE. They should have worked behind the scenes to cooperate.
Think if someone was marketing uncrackable physical storage. A dead terrorist who had brought down 14 commercial jets with surface to air missiles was found to own such a storage. Do you think the owner of this storage facility would refuse to cooperate and go public and make a stink about it? This is exactly what an encrypted phone is and what Apple did in this case.
Hmm. Funny. I don’t hear any concern with how those companies influence politics and votes. It’s OK when they interfere with politics but not when politics interfere with them. Well guys, embrace the suck. You’re feeding and enabling these dogs and you got their fleas.
What you demand is unreasonable and impossible. Encryption is an either one of the other proposition. Either it is secure, or it is not. If you provide a backdoor, it is not secure. . . There is no way to do both. It is impossible to do what the government wants. PERIOD. It was the government that asked Apple and others to make their devices secure. They complied and now it is the government who is demanding they be made insecure. Hypocrites. They cannot have their cake and eat it too.
Perhaps Apple could decrypt 7 or 8 Senator’s girlfriends iPhones...
Yes, and it’s practical and profitable for the companies to do so.
However it’s not as cheap and profitable as not providing access for warranted searches.
The encryption cat is out of the bag. Apple can’t unlock encrypted messages in WhatsApp, Viber, Telegram, etc.
Whack one encrypted mole and another one pops up.
Give it up already. Let’s just be secure in our persons, houses, papers, and effects.
Thanks to Swordmaker for the ping!!
Except for one little detail you're conveniently glossing over. It's been stated a million times already, but obviously you haven't heard it yet. Let me shout it for you. Sheesh...
Period. Sorry for shouting, but your analogy simply does not apply here.
The result: That market niche went overseas (e.g. ProtonMail), thereby exporting money and jobs and preventing the Feds from getting any information (even without access to message content, they could have gotten the who's-talking-to-who metadata easily if the servers were in the US, now they're out of luck).
You mean like a safe that incinerates its content if somebody tries to crack it? I don't have to imagine it; if I needed it I'd just go out and buy it.
The employer has access to the phone's content via the iCloud backup function... until the FBI told them to change the password and decouple the phone from the cloud. Either the FBI investigators are so inept that they make the Keystone Kops look like Sherlock Holmes, or they deliberately sabotaged their existing access so that they could demand new access and set a precedent for routinely doing so in the future. They should not be rewarded for their incompetence (if it's the former) or corruption (if it's the latter).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.