Opinion: Burr-Feinstein antiencryption bill a firing offense(Read article summary)
Sens. Richard Burr (R) of North Carolina and Dianne Feinstein (D) of California should be stripped of their positions for introducing a bill that would endanger American digital security and privacy.
The Burr-Feinstein antiencryption bill isn't just bad, it's evidence of a dangerous incompetence in congressional leadership that is undermining America’s security.
In fact, the draft bill, leaked two weeks ago and now officially released, is compelling evidence that Senate leadership should strip – or at least not reappoint – Senators Burr and Feinstein of their positions on the Senate Select Committee on Intelligence.
Amongst its many provisions, the draft bill mandates that tech companies make all of our online data "intelligible" when presented with a court order. The bill defines intelligible as "decrypted, deciphered, decoded, demodulated, or deobfuscated" to "the Government of the United States and the government of the District of Columbia, or any commonwealth or possession of the United States, of an Indian Tribe, or of any State or political subdivision thereof."
To put it plainly, this bill would, for example, empower the 11 members of the Augustine Band of Cahuilla Indians to demand that every corporation be able to decrypt all online information of any kind, on any American, and be delivered to that tribe.
And, of course, every "political subdivision" of every state would likewise have this unbelievably over-reaching power. If Burr-Feinstein passes, it guarantees that Americans will have worse encryption than the rest of the world. This bill would make us all less safe by requiring that our data be stored in ways that dramatically increase its susceptibility to malicious hackers, identity thieves, and other malfeasance.
But this bill doesn't just represent one security mistake or one attack on individual privacy – it's the culmination of a history of bad ideas from the committee's cochairs. Burr and Feinstein have proven incapable of fulfilling some of their most important oversight duties time and again – even failing to hold the CIA to account when it was caught illegally spying on Senate staff.
Burr has proven particularly inappropriate – by joking about waterboarding, for instance, rather than taking seriously his role in investigating illegal torture practices. Far more broadly, he has been so against overseeing US intelligence agencies that he actively stops other senators from conducting due diligence on US surveillance activities.
For example, he has worked to ensure that Congress is unable to determine how the recently passed Cybersecurity Information Sharing Act is being implemented – and whether, contrary to what the Obama administration claims, it is actually being used to justify domestic spying.
Burr has even demanded that the White House return the Senate's torture report and called for his own committee to bury the CIA's study of its own wrongdoing – the only thing these actions accomplish is ensuring the continuation of siloed, unaccountable, ineffective and overreaching surveillance.
Moreover, Burr and Feinstein have championed restrictions to surveillance reporting requirements to Congress, seeking to maintain the ignorance of the very institution (and committee) Americans depend on to be the check and balance on surveillance abuses.
By any standard, neither senator has proven bullish about overseeing intelligence agency overreach nor champions about ensuring that Americans' constitutionally guaranteed right to privacy is protected.
To say this most recent Burr-Feinstein bill fell flat would be a massive understatement. It's been criticized by the Left and the Right – from just about every technology expert who's read the draft bill, and by everyone from privacy technologists to civil liberty advocates. Even the former head of the National Security Agency, Michael Hayden, dismissed their proposed solution as creating a dangerous "backdoor" into consumer devices.
Indeed, it's difficult to imagine a legislative effort this misguided, technologically naive, and outright dangerous to America's interests and ideals. By championing their bill, Burr and Feinstein have proven themselves to be incapable of fulfilling their roles to protect the public's best interests as co-chairs of the Senate Select Committee on Intelligence.
The Burr-Feinstein bill is the technological equivalent of the chairpeople of the Senate Committee on Commerce, Science, and Transportation introducing a bill banning credit cards, microscopes, and roads. It would be like the people in charge of the Committee on Health, Education, Labor, and Pensions introducing a bill to undermine each of these crucial civil society hallmarks, and then waging a PR war to defend their actions.
But we don't even need to look to the future. We've already seen the extensive damage caused when bill's like Burr and Feinstein are currently proposing are passed. For years, until Executive Order 13026 was adopted on Nov. 15, 1996, strong encryption was defined as a "munition" and therefore illegal to export overseas. Weak encryption was thus integrated into thousands of software products and systems all around the globe, making them susceptible to digital assaults such as the FREAK attack.
That particular attack affected 36 percent of the all seemingly secure sites (e.g., sites using HTTPS) due to legacy code that incorporated this weaker "export-grade" encryption. The FREAK attack is a direct outcome of shortsighted laws that were passed by politicians who did not realize the damage they were causing with their myopic security-deprecating mandates.
Burr and Feinstein should know better. Either they don't understand the ramifications of their antiencryption bill or, worse yet, they are knowingly seeking to recreate the same situation that made us less safe previously.
Americans need far more oversight from the Senate to protect our privacy. It is a sorry state of affairs that the most efficacious thing the Senate leadership can do is remove Burr and Feinstein from their committee postings.
But given their history and this bill, there is now little doubt their removal is actually the best way to ensure that the Senate Select Committee on Intelligence stops endangering this country and gets back to doing its job: making sure American surveillance programs are keeping us safe and being conducted legally.
Sascha Meinrath is the Director of X-Lab and the Palmer Chair in Telecommunication at Penn State University. Follow him on Twitter @saschameinrath. Sean Vitka serves as counsel for Fight for the Future and is a fellow with X-Lab. Follow him on Twitter @SeanVitka.