Wednesday, April 13, 2016

They Just Don't Get It (Or: Magical-Thinking Strikes Again)

Earlier this week, I wrote to my state Senators to express my disapproval of the forthcoming Burr-Feinstein encryption bill. Today, I got back a form response ...not that I was expecting a personal response - it's not like I'm a million-dollar donor:
Dear Mr. Jones,
     Thank you for contacting me regarding digital security and encryption policy. I appreciate hearing your views on this complex subject, which involves multiple competing security interests.

     While the debate over government access to encrypted communications has long been a contentious subject, the issue has received increased attention and scrutiny in the wake of the terrorist attacks in Paris and San Bernardino and, more recently, the ongoing legal battle between Apple Inc. and the Federal Bureau of Investigation (FBI) over access to the iPhone of one of the alleged perpetrators of the terrorist attack in San Bernardino, California. As these attacks showed us, terrorists have become increasingly sophisticated in their use of technology. Social media platforms have become prominent tools for recruitment and radicalization. And when individuals show interest in terrorists' cause, they move their communications to encrypted applications and other secure platforms to evade detection. This presents an extraordinary security challenge for the United States and our allies, leading to warnings by law enforcement officials that conventional tools to track and apprehend these criminals have become increasingly ineffective.

     Frustratingly, there are no easy answers. The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses. On top of that, technological innovation changes rapidly and, frequently, beyond the reach of U.S. law. Thousands of new apps are submitted to mobile apps stores daily, most of them utilizing some level of encryption, and a majority of them are developed overseas. Moreover, the fundamental architecture of the Internet is a decentralized and resilient one.

     In order to better understand the issues we're facing and explore potential solutions, Rep. Michael McCaul (R-TX), Chairman of the House Homeland Security Committee, and I introduced S.2604/H.R. 4651, the Digital Security Commission Act of 2016 on February 29, 2016. This legislation would create a national commission on security and technology challenges in the digital age. The Commission would convene a body of experts representing all of the interests at stake so we can evaluate and improve America's security posture as technology — and our adversaries — evolve.

     Our proposal will convene the brightest minds from the technology sector, the legal world, computer science and cryptography, academia, civil liberties and privacy advocates, law enforcement and intelligence to collaboratively explore the intersection of technology and security.

     This would not be a group of politicians debating one another. Nor would the commission be like other blue-ribbon panels, quickly established but soon forgotten. Rather, it would be charged with generating much-needed data and developing a range of actionable recommendations that can protect privacy and public safety. That is why this commission has been endorsed by a wide range of stakeholders – from the technology sector, to respected academic and legal experts, and distinguished national security figures.

     The threats we face with regards to digital security are real. They will not be met easily or dispensed with quickly. But I have no doubt that we are capable of overcoming these challenges if we convene the brightest minds in our country and work together.

     Again, thank you for contacting me. For further information or to sign up for my newsletter please visit my website at

United States Senator
So, while the form-mail isn't saying "I plan to vote for this (Burr-Feinstein) important bill", the text really isn't any less disturbing.

The "best minds" thing, by itself is disturbing. The "best minds" have already very publicly told you that what's being asked for isn't possible. Or, more specifically/technically-correct - it's not possible to both make encrypted data accessible to law enforcement without also making it as easily accessible to entities seeking illegal access. But never mind that, they're apparently just not trying hard enough! Technology is fucking magic and if one bit of magic is possible, any given bit of magic is possible if we just wish hard enough.

Even better is the farce of "we'll get a group of all the stakeholders together to work on this." There have been many such "gatherings of stakeholders to solve a difficult problem" exercises. Usually, the way it works out is that the differences between the stakeholders are irreconcilable. Then, the process either completely falls apart or the stakeholders who just aren't trying hard enough are dropped from the process or otherwise ignored. Only one outcome is acceptable - soundness of that outcome be damned.

So, with all due respect, Mr. Warner (or whichever drone you had compose this steaming pile of response), you're a completely clueless fucking tool. You are not worthy of being in a position to make decisions that affect the security of my personal data. You are not worthy of being voted for.