Many of our politicians in both the House and Senate are outraged that Apple didn’t want to create a backdoor to the iPhone, so they are pushing for new laws that would effectively ban end-to-end encryption.
One Congressman, Ted Lieu, has a different perspective after his phone was quickly and easily hacked into by a team working with 60 Minutes. He’s calling for an investigation on why it was so easy for his phone to get hacked.
On the side of destroying encryption, we have Senators Diane Feinstein (D-CA) and Richard Burr (R-NC). They issued a draft of a bill called “Compliance with Court Orders Act of 2016.”
An article in Wired is harshly critical of the proposed bill. A few choice quotes:
- “This basically outlaws end-to-end encryption. It’s effectively the most anti-crypto bill of all anti-crypto bills.” (Lorenzo Hall)
- “…this is easily the most ludicrous, dangerous, technically illiterate proposal I’ve ever seen.” (Kevin Bankston)
The bill would affect not only equipment makers but “license distributors” as well – meaning every app available from Google, Apple, or a third party would either have to have such weak encryption as to be easily hacked by anyone, or would have to have a “backdoor,” making the data accessible to law enforcement (and also, inevitably, accessible to criminals and hackers). The bill would effectively make PACid’s BoSS technology illegal.
The bill would essentially force millions of Americans to “unilaterally disarm” themselves in the battle to secure their data, while doing nothing to stop the bad guys. The technology that enables end-to-end encryption is well-known and widely available. Bad guys will continue to operate securely, acquiring their technology from other sources, while the law-abiding citizens will be exposed to every hacker out there.
On April 17, 2016, 60 Minutes aired an episode that showed all the bad guys need to hack into your phone is your phone number. The show’s producers had sent California Congressman Ted Lieu an off-the-shelf iPhone, and he agreed to use it as his phone for a week. They Karsten Nohl, a German hacker and datasecurity expert, the phone’s number. That’s ALL they gave Nohl.
The 60 Minutes reporter, Sharyn Alfonsi, called Lieu’s cellphone. Using a flaw he discovered in SS7, a communications protocol used in all cellular networks, Nohl was able to listen in on the call. Not only could he listen in on the call, but Lieu, who has a degree from Stanford in computer science, was shocked to learn that Nohl had been listening to and recording not only his calls, but his movements all week. Even though Lieu had GPS off, Nohl knew where Lieu was, presumably thanks to data regarding which cell towers Lieu was using that was picked up off the network.
Congressman Lieu has a message for Senators Feinstein and Burr:
You cannot have 300-some million Americans– and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable.