Senator Lindsey Graham’s encryption bill could expose Apple to lawsuits

U.S. Senator Lindsey Graham’s encryption attack masquerading as a “child protection” bill could threaten Apple’s and other tech companies’ use of encryption and a liability exemption they prize.

Lindsey Graham's encryption bill: iPhone passcode lock screen
iPhone passcode lock screen
Ben Brody and Naomi Nix for Bloomberg News:

The draft bill from Graham, the South Carolina Republican who chairs the Senate Judiciary Committee, mounts a double attack against encrypted services such as Apple Inc.’s iCloud [sic] [recte iMessage service] and Facebook Inc.’s WhatsApp chat. It jeopardizes technology companies’ immunity to lawsuits by victims for violating child exploitation and abuse statutes and it lowers the standard to bring such cases.

The bipartisan measure, which was obtained by Bloomberg and hasn’t yet been formally introduced, would affect a wide range of social media companies, cloud service providers, email and text platforms and other technology services. It could put Facebook in the government’s crosshairs for its plans to encrypt all of its messaging apps and undercut Apple’s refusal to create back doors into its devices and services.

“The absolute worst-case scenario could easily become reality,” said Berin Szoka, president of TechFreedom, a libertarian think tank aligned with technology companies. “DOJ could effectively ban end-to-end encryption.”

MacDailyNews Note: Graham’s bill is called the “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act,” or “EARN IT Act.”

The Justice Department has tentatively scheduled a Feb. 19 meeting on the future of the immunity known as Section 230 of the Communications Decency Act, according to a person familiar with the plans. The provision protects platforms from responsibility for content posted by third parties.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

If technology companies don’t certify that they are following the best practices set by the 15-member commission, they would lose the legal immunity they currently enjoy under Section 230 relating to child exploitation and abuse laws. That would open the door to lawsuits for “reckless” violations of those laws, a lower standard than contained in current statutes.

MacDailyNews Take: When pressed, they usually resort to using children as the vector to get what they want: the elimination of personal privacy and the ability to snoop on anyone’s iPhone.

In January 2018, we asked, “How soon until the government spooks play the Think of the Children™ card in their misguided quest to shred the Constitution?” Looks like we have our answer: Two years.

Think of The Children™. Whenever you hear that line of horseshit, look for ulterior motives. Fear mongers: Those who use of fear, scare tactics, and emotional appeals in attempts to influence the opinions and actions of others towards some specific end. — MacDailyNews, September 30, 2014

The criminals will always be able to use end-to-end encryption. Measures like this hurt only law-abiding citizens by making it possible to invade privacy, conduct mass surveillance, and God only know what else. The criminals will have their privacy while law-abiding citizens will have their privacy stripped away.

This is not about this phone. This is about the future. And so I do see it as a precedent that should not be done in this country or in any country. This is about civil liberties and is about people’s abilities to protect themselves. If we take encryption away… the only people that would be affected are the good people, not the bad people. Apple doesn’t own encryption. Encryption is readily available in every country in the world, as a matter of fact, the U.S. government sponsors and funds encryption in many cases. And so, if we limit it in some way, the people that we’ll hurt are the good people, not the bad people; they will find it anyway. — Apple CEO Tim Cook, February 2016

Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin, Historical Review of Pennsylvania, 1759

30 Comments

        1. He doesn’t even know what fascism is. A tidbit he might be interested in knowing is that Biden created the US Patriot act, which Pelosi voted for, widely regarded as the worst legislation for civil rights in US history.

    1. Dear Moron,

      Everybody’s walking around with a Swiss bank account in their pocket. So there has to be some concession for the need to get into that information. – Barack Hussein Obama

      If there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say ‘I have a warrant’ and go into your bedroom to rifle through your underwear and see if there’s any evidence of wrongdoing… The question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there’s no key or no door at all. How do we apprehend the child pornographer? – Barack Hussein Obama

      “I am not interested in overthrowing the values that have made us a great nation for expediency. But the dangers are real, maintaining law and order in a civilized society is important, protecting our kids is important,. – Barack Hussein Obama

      Sincerely,

      You’re a moron, buttercup.

      P.S. Barack Hussein Obama, of all people, knows how to get a warrant when he wants a warrant – by any means necessary. He especially loves FISA warrants. They’re really great for spying on political opponents.

  1. We seem to have two problems:

    First, those who are technically ignorant and think it is possible to create a back door to encryption that can only be used by a peace officer with a valid judicial order that complies with every requirement of the Fourth Amendment. Wrong. Open doors allow access by bad actors, too.

    Second, those who are morally impaired and minimize the threat that the use of secure encryption by bad actors poses to public safety. The risk that perverts can rape and physically abuse children isn’t a fantasy. That is the world we live in. Making fun of those who want to protect those children is itself perverse.

    On balance, I think that the danger from back doors is greater than the danger from encryption. If nothing else, encryption protects children by keeping their communications and location secure. However, that does not mean that there is no cost for that benefit

    It does not help Apple’s case to pretend that secure encryption is not a two-edged sword.

    1. I think we can agree that this distills to whether “absolute privacy” is a guaranteed right under the Constitution. I don’t think it’s absolute, rather just reasonable. That’s why warrants.

      So then are the practical issues. It’s impossible to prevent sale or distribution of highly secure encryption programs without adapting App Store level lockdown and censorship.

      My path, if even possible, make the search require a warrant, and make it expensive.

      1. “I think we can agree that this distills to whether “absolute privacy” is a guaranteed right under the Constitution. I don’t think it’s absolute, rather just reasonable. That’s why warrants.”

        USER Apple FANBOY will not agree with you, I DO!

        Apple Is not above the law and if warrants are issued they need to comply. Simple as that!…

        1. As far as I know, Apple has always complied with warrants directed to them for information within their control. Do you know otherwise?

          The issue is whether they can be forced to assist the Government in breaking into devices they do not own for information they do not control, and whether they must deliberately design their products to be insecure.

          If Apple can be forced to help the Government in spying on American citizens, how does that differ from the KGB and Gestapo networks of informants?

          1. “As far as I know, Apple has always complied with warrants”

            FALSE. President Trump and the government need assistance opening up a terrorist phone and Apple is denying access. That is just WRONG!

            “If Apple can be forced to help the Government in spying on American citizens, how does that differ from the KGB and Gestapo networks of informants?”

            FALSE. Typical scare tactic from the LEFT wrapping yourself in the flag and Constitution.

            Apple in this case would be assisting law enforcement to provide valuable information to track terrorist networks. It is their patriotic duty to participate.

            Nuff said…

          2. Ok, after reading your three latest posts I think I understand now:

            First, you absolutely oppose Apple Inc. having a password or alternate back door that would allow them unlimited access to your private information. That would be a gross violation of your civil liberties.

            (I agree with you on this one, by the way. If a corporation or agency with hundreds of thousands of employees could easily access your device without your consent, you would have no privacy at all. It is simply impossible for that many people to keep a secret. If Apple can easily hack your phone, somebody will eventually hack your phone.)

            Second, you, Senator Graham, and the Trump Administration want a law that would force Apple to give anybody who can obtain a court order the password Apple does not, and should not, have. Failure to do so would be a breach of “their patriotic duty” that carries criminal penalties.

            (I strongly disagree on this one. Like most Reagan conservatives, I don’t trust the Government I used to work for. Nothing in the Constitution limits the use of warrants or subpoenas to TERRORISM cases. A search warrant is a search warrant. Any one of almost 18,000 police agencies in the USA can obtain warrants and subpoenas for any felony and almost any misdemeanor. Any of the 1.35 million private lawyers can apply for a court order in civil litigation.)

            Third, you have never heard the saying, “Insanity is the ability to hold two logically inconsistent thoughts at the same time.”

            It used to be that leftists were the advocates for a powerful Federal Government that could exercise nearly totalitarian power over its people… things like requiring private citizens to gather evidence against their fellow Americans as their “patriotic duty.” When did so-called conservatives buy into that?

            1. “That would be a gross violation of your civil liberties.”

              That would be correct if such a search were unimpeded and without a warrant. Why can my home be reasonably searched and not my phone?

              Apple has made this particularly burdensome on themselves from this aspect by imposing their role as IT department. Unlike our PC which may run an encryption program independent of it’s vendor.

              Such is censorship’s slippery slope.

              The broader question, the one that’s not just “what’s good for Apple” is encryption itself.

            2. Once again, cynic:

              The issue here is not whether the Government can search your home or device with a proper warrant. Nobody is saying they can’t; certainly not Apple. Harping on that theme is a straw man argument.

              The question is whether the Government can force you to search somebody else’s home or device, or force you to only build homes and devices that are inherently insecure.

            3. @TxUser
              The government already compels companies and deputizes companies and individuals for such purposes. Always did, nothing new.

              And Apple is in the unique position to be able to do it. Do you mean to tell me Cellebrite can do it, and Apple can’t do it better?

            4. Of course they CAN hack their own customers’ devices if they choose to make them insecure.

              I just don’t happen to think that the Government in what has historically been a Constitutional Republic should force them to do it.

            5. @TxUser

              If Cellebrite can do it, it’s already insecure. Apple has locked down the whole thing, who better to help? And yes, be compelled to help just as the phone and safe companies are compelled to do.

    2. TxUser wins again. Strangely, I like it when that happens. When it comes to such issues, politicians always toss us under the bus and tell us it was for our safety. Why is that? They must be getting lectures on security from all kinds of real experts.

    3. “First, those who are technically ignorant and think it is possible to create a back door to encryption that can only be used by a peace officer with a valid judicial order”

      Stating your opinion and just saying so does not make it TRUE. Why is not possible, FAKE conservative? Right, you did not say so back to opinion minus facts.

      “Open doors allow access by bad actors, too.”

      Yes, “open doors” allow bad actors to enter. But we are not talking about “open doors,” we are are talking about the wealthiest most successful tech company of all time with closed closely held company secret back doors.

      Set up service in FBI facilities nationwide when a warrant is issued where Apple can unlock a terrorist phone, WITHOUT GIVING AWAY THE KEYS, change the password and hand it over to law enforcement to do their investigation. What’s the problem with that scenario?

      Answer, NOTHING!… 🇺🇸👍🏻🦅

      1. Considering all that you have said about Tim Cook over the years, it is a bit surprising that you think he should have access to all your personal and financial information. Given all you have said about Apple missteps, it is surprising that you are now arguing that they can devise a foolproof way to protect the password you think they should possess.

        1. “it is a bit surprising that you think he should have access to all your personal and financial information.”

          Once again you have a reading comprehension problem, I said NOTHING of the sort, that is a FALSE accusation. For a person who supposedly worked in law enforcement it never ceases to amaze me how you put words in people’s mouths and then FALSELY accuse them.

          “it is surprising that you are now arguing that they can devise a foolproof way to protect the password”

          NO, I’m saying Apple can devise a “foolproof” method in a secure location to open the phone and hand it over to law enforcement for their TERRORIST INVESTIGATION.

          I never said Apple “should have access to all your personal and financial information.” Only law enforcement SHOULD have access after the phone is unlocked and handed over.

          This is common sense and I hope the Trump administration prevails to keep us safe. Fat cat Apple is keeping us venerable to the Number One TERRORIST phone of choice and they should feel ashamed all in the holy name of the bottom line…

      2. @GoeB:

        “‘First, those who are technically ignorant and think it is possible to create a back door to encryption that can only be used by a peace officer with a valid judicial order’

        “Stating your opinion and just saying so does not make it TRUE. Why is not possible, FAKE conservative? Right, you did not say so back to opinion minus facts.”

        It’s not possible because (in order of severity):
        A – Passwords can get compromised by hack or social manipulation (even law enforcement officers’ passwords);
        B – People with access to the “unbreakable” (but back-doored) encryption can be suborned to give out the back door keys by flattery/bribery/blackmail/physical threat;
        C – The possession of a universal back boor key would be greatly desired by adversarial governments. Even something as secure as the Manhattan Project had foreign spies embedded it to steal its secrets. Expecting the quest for this technology to be more secure than THAT is naive, at best;
        D – Anything that technology can create, technology can subvert.

        1. “‘First, those who are technically ignorant and think it is possible to create a back door to encryption that can only be used by a peace officer with a valid judicial order’

          Not what I have posted several times and not what I am advocating. I’ll be happy to spell it out again and hope it breaks through to selective readers.

          I never said develop a password that can be handed over to authorities with warrants. What I said was Apple work with federal law enforcement to develop secure locations for Apple employees unlocking of a terrorist phone and hand it over to authorities for their investigations. Apple guards the keys and keeps them private and in house. Apple has the resources to appoint stringent FBI background check approved employees to carry out the program.

          Same as impeachment requests should rise to the level of high crimes, warrants should also rise to the same level. Not every dog peeing on a lawn is worth Apple’s time by every law enforcement agency in the U.S., this is common sense.

          “Even something as secure as the Manhattan Project had foreign spies embedded it to steal its secrets. Expecting the quest for this technology to be more secure than THAT is naive, at best;”

          “The Manhattan Project” began in 1939 and a poor example of the current state of tech and security. If an Apple bad actor goes rouge, certainly they have the resources to shut it down in nanoseconds and bring justice for all.

          “D – Anything that technology can create, technology can subvert.”

          Thank you for making my point, it works BOTH WAYS… 👍🏻

  2. Both sides have pushed the idea of breakable encryption by the government. It’s such a tantalizing idea that most politicians are unable to see the consequences to everyone, including themselves. Can you imagine what we would find on their cell phones?

  3. Unfortunately, this is an issue that both parties can agree upon (see Diane Feinstein). I do think there are enough younger Dem members of the House that will scrap this bill should it get out of committee and through the Senate. And frankly, Nancy can return the favor of not debating anything the Senate passes anyway. That’s all that Mitch does.

  4. “What I said was Apple work with federal law enforcement to develop secure locations for Apple employees unlocking of a terrorist phone and hand it over to authorities for their investigations. Apple guards the keys and keeps them private and in house. Apple has the resources to appoint stringent FBI background check approved employees to carry out the program.”

    1 – Chelsea Manning and Edward Snowden underwent FBI background checks as well as, presumably, investigations by army intelligence and the NSA, respectively, before being given their clearances. Those checks were not, ultimately, successful at keeping secret data secret. Are you suggesting that Apple could do better at keeping a secret that, e.g., international criminal cartels and adversarial governments would find extremely useful and might go to great lengths to obtain? Anyone who knows a secret that others would pay large amounts of money for, or would commit violence to obtain is at risk and, so, is a risk to the keeping of that secret. This doesn’t just include the workers in your proposed secure facility, but anyone who ever worked on the system and knows the details of the “super-sekrit password”. And the more people who worked on the system and had knowledge of the weakness, the more vectors there are for the secret to get out. Are you going to mandate a top-secret FBI check of EVERYONE Apple hires as an iOS system programmer and who might come in contact with the information?

    “Three may keep a secret, if two of them are dead.” – Benjamin Franklin

    2 – Right now, based on Apple’s statements, they do not know a user’s iPhone password and have no way of getting into the device. To an extent, this absolute statement forces the government to limit their demands to high-profile (generally terrorism-related) cases since making the demands too often might indicate to the public that law enforcement was open to “mission-creep”, where the demand for unlocking might be made for less serious crimes. This sort of mission creep is not at all uncommon among law enforcement agencies (Look, for example, how use of SWAT armored vehicles and other paramilitary materiél, which used to be reserved for the most serious of multi-gunman situations, has reached down to become common for “one guy barricaded in his house who might be armed”.) How do you propose to guarantee — ABSOLUTELY GUARANTEE — that this sort of step-down will never happen? Because, without that absolute guarantee, well… President Lyndon Johnson said it best: “You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered.”

    3 – “’D – Anything that technology can create, technology can subvert.’

    “Thank you for making my point, it works BOTH WAYS.”

    Wrong. You have asserted without evidence or logical argumentation that it is possible to create a backdoor into an operating system that could be kept absolutely secret:

    from anyone EVER suborning any keeper of that secret,
    or EVER having it be used by otherwise-authorized personnel for their own purposes,
    or EVER reverse-engineering it,
    or EVER independently discovering the vulnerability,.

    Any ONE of those situations would cripple your argument that it could be kept strictly for The Good Guys™ and only for Good and Noble Purposes™. All together, they chop it off at the knees. Now, you can keep repeating that It Absolutely Could Be Done, but you haven’t presented anything that solves the obvious flaws that I’ve noted above. And, as you noted above, the fact that you keep repeating something without evidence doesn’t make it true.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.