The proposed bill put forward by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to force US companies to build backdoors into their encryption systems has quickly run into trouble.
Less than 24 hours after the draft Compliance with Court Orders Act of 2016 was released, more than 43,000 signatures have been added to a petition calling for the bill to be withdrawn. The petition, organized by CREDO Action, calls for Congress to block the proposed law as a matter of urgency.
Meanwhile, in the technical world, experts have been going through the legislation and pointing out glaring holes in the draft bill. Bruce Schneier, the guy who literally wrote the books on modern cryptography, noted that the bill would make most of what the NSA does illegal, unless No Such Agency is willing to backdoor its own encrypted communications.
"This is the most braindead piece of legislation I've ever seen," Schneier – who has just been appointed a Fellow of the Kennedy School of Government at Harvard – told The Reg. "The person who wrote this either has no idea how technology works or just doesn't care."
He pointed out that it isn't just cryptographic code that would be affected by this poorly written legislation. Schneier, like pretty much everyone, uses lossy compression algorithms to reduce the size of images for sending via email but – as it won't work in reverse and add back the data removed – this code could be banned by the law, too. Files that can't be decrypted on demand to their original state, and files that can't be decompressed back to their exact originals, all look the same to this draft law.
Even deleted data could be covered, he opined. Are software companies to put in place mechanisms to retrieve any and all deleted information?
Friday, April 15, 2016
US anti-encryption law is so 'braindead' it will outlaw file compression Burr-Feinstein's proposed legislation will screw over the NSA, too, says Bruce Schneier
The Register has a good article on the inanity of proposed U.S. legislation regarding encryption.