Modern field guide to security and privacy

Opinion: Burr-Feinstein antiencryption bill a firing offense

Sens. Richard Burr (R) of North Carolina and Dianne Feinstein (D) of California should be stripped of their positions for introducing a bill that would endanger American digital security and privacy.

|
Alex Brandon/AP/File
Senate Intelligence Committee Vice Chair Sen. Dianne Feinstein (D) of California spoke with committee chairman Sen. Richard Burr (R) of North Carolina on Capitol Hill in February.

The Burr-Feinstein antiencryption bill isn't just bad, it's evidence of a dangerous incompetence in congressional leadership that is undermining America’s security.

In fact, the draft bill, leaked two weeks ago and now officially released, is compelling evidence that Senate leadership should strip – or at least not reappoint – Senators Burr and Feinstein of their positions on the Senate Select Committee on Intelligence.

Amongst its many provisions, the draft bill mandates that tech companies make all of our online data "intelligible" when presented with a court order. The bill defines intelligible as "decrypted, deciphered, decoded, demodulated, or deobfuscated" to "the Government of the United States and the government of the District of Columbia, or any commonwealth or possession of the United States, of an Indian Tribe, or of any State or political subdivision thereof."

To put it plainly, this bill would, for example, empower the 11 members of the Augustine Band of Cahuilla Indians to demand that every corporation be able to decrypt all online information of any kind, on any American, and be delivered to that tribe.

And, of course, every "political subdivision" of every state would likewise have this unbelievably over-reaching power. If Burr-Feinstein passes, it guarantees that Americans will have worse encryption than the rest of the world. This bill would make us all less safe by requiring that our data be stored in ways that dramatically increase its susceptibility to malicious hackers, identity thieves, and other malfeasance.

But this bill doesn't just represent one security mistake or one attack on individual privacy – it's the culmination of a history of bad ideas from the committee's cochairs. Burr and Feinstein have proven incapable of fulfilling some of their most important oversight duties time and again – even failing to hold the CIA to account when it was caught illegally spying on Senate staff.

Burr has proven particularly inappropriate – by joking about waterboarding, for instance, rather than taking seriously his role in investigating illegal torture practices. Far more broadly, he has been so against overseeing US intelligence agencies that he actively stops other senators from conducting due diligence on US surveillance activities.

For example, he has worked to ensure that Congress is unable to determine how the recently passed Cybersecurity Information Sharing Act is being implemented – and whether, contrary to what the Obama administration claims, it is actually being used to justify domestic spying.

Burr has even demanded that the White House return the Senate's torture report and called for his own committee to bury the CIA's study of its own wrongdoing – the only thing these actions accomplish is ensuring the continuation of siloed, unaccountable, ineffective and overreaching surveillance.

Moreover, Burr and Feinstein have championed restrictions to surveillance reporting requirements to Congress, seeking to maintain the ignorance of the very institution (and committee) Americans depend on to be the check and balance on surveillance abuses.

By any standard, neither senator has proven bullish about overseeing intelligence agency overreach nor champions about ensuring that Americans' constitutionally guaranteed right to privacy is protected. 

To say this most recent Burr-Feinstein bill fell flat would be a massive understatement. It's been criticized by the Left and the Right – from just about every technology expert who's read the draft bill, and by everyone from privacy technologists to civil liberty advocates. Even the former head of the National Security Agency, Michael Hayden, dismissed their proposed solution as creating a dangerous "backdoor" into consumer devices.

Indeed, it's difficult to imagine a legislative effort this misguided, technologically naive, and outright dangerous to America's interests and ideals. By championing their bill, Burr and Feinstein have proven themselves to be incapable of fulfilling their roles to protect the public's best interests as co-chairs of the Senate Select Committee on Intelligence.

The Burr-Feinstein bill is the technological equivalent of the chairpeople of the Senate Committee on Commerce, Science, and Transportation introducing a bill banning credit cards, microscopes, and roads. It would be like the people in charge of the Committee on Health, Education, Labor, and Pensions introducing a bill to undermine each of these crucial civil society hallmarks, and then waging a PR war to defend their actions.

There is one constituency that would love the Burr-Feinstein bill – dictators. As the FBI v. Apple court fight documents, authoritarian regimes are hoping to follow Burr-Feinstein's lead.

But we don't even need to look to the future. We've already seen the extensive damage caused when bill's like Burr and Feinstein are currently proposing are passed. For years, until Executive Order 13026 was adopted on Nov. 15, 1996, strong encryption was defined as a "munition" and therefore illegal to export overseas. Weak encryption was thus integrated into thousands of software products and systems all around the globe, making them susceptible to digital assaults such as the FREAK attack.

That particular attack affected 36 percent of the all seemingly secure sites (e.g., sites using HTTPS) due to legacy code that incorporated this weaker "export-grade" encryption. The FREAK attack is a direct outcome of shortsighted laws that were passed by politicians who did not realize the damage they were causing with their myopic security-deprecating mandates.

Burr and Feinstein should know better. Either they don't understand the ramifications of their antiencryption bill or, worse yet, they are knowingly seeking to recreate the same situation that made us less safe previously.

Americans need far more oversight from the Senate to protect our privacy. It is a sorry state of affairs that the most efficacious thing the Senate leadership can do is remove Burr and Feinstein from their committee postings.

But given their history and this bill, there is now little doubt their removal is actually the best way to ensure that the Senate Select Committee on Intelligence stops endangering this country and gets back to doing its job: making sure American surveillance programs are keeping us safe and being conducted legally.

Sascha Meinrath is the Director of X-Lab and the Palmer Chair in Telecommunication at Penn State University. Follow him on Twitter @saschameinrath. Sean Vitka serves as counsel for Fight for the Future and is a fellow with X-Lab. Follow him on Twitter @SeanVitka.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Burr-Feinstein antiencryption bill a firing offense
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2016/0419/Opinion-Burr-Feinstein-antiencryption-bill-a-firing-offense
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe