Last active
April 8, 2016 15:57
-
-
Save rietta/77bd4fe9d0496718b798219797c2da99 to your computer and use it in GitHub Desktop.
Revisions
-
rietta revised this gist
Apr 8, 2016 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ The anticipated Feinstein-Burr *Compliance with Court Orders Act*, an anti-security bill, would [require the provision of data in an intelligible format to a government pursuant to a court order](https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft) (scribd.com). A draft copy has appeared online though whether it has been submitted officially within the Senate is [not yet clear](https://motherboard.vice.com/en_ca/read/leaked-burr-feinstein-encryption-bill-is-a-threat-to-american-privacy) (vice.com). -
Apr 8, 2016 . 1 changed file with 8 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,22 +1,17 @@ The anticipated Feinstein-Burr Compliance with Court Orders Act, an anti-security bill, would [require the provision of data in an intelligible format to a government pursuant to a court order](https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft) (scribd.com). A draft copy has appeared online though whether it has been submitted officially within the Senate is [not yet clear](https://motherboard.vice.com/en_ca/read/leaked-burr-feinstein-encryption-bill-is-a-threat-to-american-privacy) (vice.com). This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. It is the legal culmination of what the FBI has been lobbying Congress for years. If Feinstein-Burr becomes law, it will be illegal to deploy strong encryption *without key escrow* maintained by each company. Cryptographers and computer scientists near-unanimously assert key backup systems are insecure at scale. <!--more--> The first read of the bill is chilling. Strong cryptography within the United States would effectively be banned, preventing U.S. companies from building secure software. These companies would be mandated to provide real technical assistance. Unlike the best effort of today, they would be required to give plain-text data in it's original format or risk penalties for violating the law. Specifically, any U.S company would be required to maintain the ability, through unspecified means, to retrieve the plain-text from any data "*made unintelligible by a feature, product, or service owned, controlled, created, or provided by the [company]*." And the company would then be required to turn over such data in real-time "*concurrently with its transmission*" or "*expeditiously, if stored by the [company] or on a device*." This would appear to mean that any U.S. organization involved in the design and programming of software, @@ -25,8 +20,6 @@ who sells such device and software to connect to their network would all be requ data on short notice and provide it real-time to the government. This is far, far more insidious than going after [unlocking an iPhone](/blog/2016/03/16/its-not-just-one-iphone/). If this becomes law, the mere existence of the means to be able to decrypt your data can be potentially exploited by any private party, not just the U.S. government. Unnecessary liabilities for data breaches will now be required for every company dealing with data digitally, no matter how private. This mandates the creation of back-doors without prescribing the exact nature of those back-doors. Let that sink in. -
Apr 8, 2016 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,8 +2,8 @@ The anticipated Feinstein-Burr anti-security bill has been submitted within the [require the provision of data in an intelligible format to a government pursuant to a court order](https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft). This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. It is the legal culmination of what the FBI has been lobbying Congress for years. If Feinstein-Burr becomes law, it will be illegal to deploy strong encryption *without key escrow* maintained by each company, which is a key backup system that the great consensus of cryptographers and computer scientists assert is insecure at scale. This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. -
Apr 8, 2016 . 1 changed file with 6 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,12 @@ The anticipated Feinstein-Burr anti-security bill has been submitted within the United States Senate to [require the provision of data in an intelligible format to a government pursuant to a court order](https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft). This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. It is the legal culmination of what the FBI has been lobbying Congress for years. If Feinstein-Burr becomes law, it will be illegal to deploy strong encryption *without key escrow*, which is a key backup system that the great consensus of cryptographers and computer scientists assert is insecure at scale. This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. <!--more--> The first read of the bill is chilling. It would effectively ban strong cryptography within -
Apr 8, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ assistance that means a best effort. But actual, effectual and rapid turning ove in its original format or else the company and its employees are violating the law. Specifically, any U.S company would be required to maintain the ability, through unspecified means, to retrieve the plaintext from any data "*made unintelligible by a feature, product, or service owned, controlled, created, or provided by the [company]*." And the company would then be required to turn over such data in real-time "*concurrently with its transmission*" or "*expeditiously, if stored by the [company] or on a device*." This would appear to mean that any U.S. organization involved in the design and programming of software, -
Apr 8, 2016 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,8 +13,8 @@ assistance that means a best effort. But actual, effectual and rapid turning ove in its original format or else the company and its employees are violating the law. Specifically, any U.S company would be required to maintain the ability, through unspecified means, to retrieve the plaintext from any data "**made unintelligible by a feature, product, or service owned, controlled, created, or provided by the [company]**." And the company would then be required to turn over such data in real-time "*concurrently with its transmission*" or "*expeditiously, if stored by the [company] or on a device*." This would appear to mean that any U.S. organization involved in the design and programming of software, the packing of the software, the creation of any device that runs such software, and any service provider -
Apr 8, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,29 @@ The anticipated anti-security bill has been submitted within the United States Senate to [require the provision of data in an intelligible format to a government pursuant to a court order](https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft). This is the legal culmination of what the FBI has been lobbying Congress for years. If Feinstein-Burr becomes law, it will be illegal to deploy strong encryption *without key escrow*, which is a key backup system that the great consensus of cryptographers and computer scientists assert is insecure at scale. <!--more--> The first read of the bill is chilling. It would effectively ban strong cryptography within the United States and prevent domestic companies from building secure software. The companies would be mandated to provide technical assistance. Not the kind of assistance that means a best effort. But actual, effectual and rapid turning over of plaintext data in its original format or else the company and its employees are violating the law. Specifically, any U.S company would be required to maintain the ability, through unspecified means, to retrieve the plaintext from any data "**made unintelligible by a feature, product, or service owned, controlled, created, or provided by the [company]**." And the company would then be required to turn over such data in real-time "**concurrently with its transmission**" or "**expeditiously, if stored by the [company] or on a device**." This would appear to mean that any U.S. organization involved in the design and programming of software, the packing of the software, the creation of any device that runs such software, and any service provider who sells such device and software to connect to their network would all be required by law to decrypt your data on short notice and provide it real-time to the government. This is far, far more insidious than going after [unlocking an iPhone](/blog/2016/03/16/its-not-just-one-iphone/). It seriously disincentives any U.S company from even attempting to create secure software and services. Far from removing the liability for data breaches, if this would become law, it creates new liability for every tech company. It mandates the creation of backdoors without prescribing the exact nature of the backdoors. Let that sink in.