US anti-encryption law is so 'braindead' it will outlaw file compression
Burr-Feinstein's proposed legislation will screw over the NSA, too, says Bruce Schneier
The proposed bill put forward by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to force US companies to build backdoors into their encryption systems has quickly run into trouble.
Less than 24 hours after the draft Compliance with Court Orders Act of 2016 was released, more than 43,000 signatures have been added to a petition calling for the bill to be withdrawn. The petition, organized by CREDO Action, calls for Congress to block the proposed law as a matter of urgency.
Meanwhile, in the technical world, experts have been going through the legislation and pointing out glaring holes in the draft bill. Bruce Schneier, the guy who literally wrote the books on modern cryptography, noted that the bill would make most of what the NSA does illegal, unless No Such Agency is willing to backdoor its own encrypted communications.
"This is the most braindead piece of legislation I've ever seen," Schneier – who has just been appointed a Fellow of the Kennedy School of Government at Harvard – told The Reg. "The person who wrote this either has no idea how technology works or just doesn't care."
He pointed out that it isn't just cryptographic code that would be affected by this poorly written legislation. Schneier, like pretty much everyone, uses lossy compression algorithms to reduce the size of images for sending via email but – as it won't work in reverse and add back the data removed – this code could be banned by the law, too. Files that can't be decrypted on demand to their original state, and files that can't be decompressed back to their exact originals, all look the same to this draft law.
Even deleted data could be covered, he opined. Are software companies to put in place mechanisms to retrieve any and all deleted information? It could be inferred from the bill as it stands.
saying math can't frustrate court orders is like saying a truck can't frustrate purple. these are different things.— Joseph Lorenzo Hall (@JoeBeOne) April 14, 2016
While the big names in the technology have yet to make public statements on the matter, their pressure group the Business Software Alliance (BSA) has come out against the Burr-Feinstein bill, saying it "strongly urges" Congress to think again.
"We have serious concerns with the proposal released today because it effectively puts limits on data security and we are concerned it would ultimately undermine security, innovation, and public safety," said BSA president Victoria Espinel.
"We believe this bill would stunt the development and use of security technologies such as encryption, both today and into the future." ®
Sponsored: Becoming a Pragmatic Security Leader