Skip to main content
banner image
venafi logo

Will the DoJ’s Stance on Encryption Change Now that Congress Works from Home? [Encryption Digest 35]

Will the DoJ’s Stance on Encryption Change Now that Congress Works from Home? [Encryption Digest 35]

DoJ encryption
April 3, 2020 | Katrina Dobieski


Congress will have some tough choices to make as they face an unprecedented crisis. With the coronavirus sparing no one and several members of Congress testing positive, school’s “out for summer” as our legislative branch packs in the desktops, mice and coffee mugs and heads to a work-from-home zone like the rest of us. And what will they turn to keep their communications private and secure? Could it be the very encryption that they vilified on March 11 in a Senate Judiciary Committee hearing for the EARN IT Act?




This legislation is the latest in a long line of battering-ram attempts to breach the sanctum of encrypted technology and insert easily accessible backdoors into our devices, services and platforms. Think WhatsApp, Signal, Telegram. Think your iPhone. Think enterprise software. Think Huawei (too late?). Opponents call it semi-legalized government snooping, those in favor call it free season on criminals (as if they’ll just do their business out in the open). And that’s what will be up to Congress to decide. Um, as they potentially use those unlegislated, fully encrypted end-to-end platforms. Think WhatsApp, Signal, Telegram.




 

Will Congress Vote Against the Encryption They May Have to Use?


Senator Lindsey Graham (R-S.C.), proponent of the EARN IT Act of 2020

It seems we have a predicament here. This season, members of Congress, along with the rest of the world, will be struggling with the challenges of working at home securely. They might likely be working and communicating via encrypted chat platforms and videoconferencing software (we hope). And ironically, they might also be voting against them.
 

The EARN IT Act of 2020, put forth by Judiciary Committee Chairman Lindsey Graham (R-S.C.) and Senators Diane Feinstein (D-Calif) and Richard Blumenthal (D-Conn.) states that private end-to-end encrypted messaging platforms would have to either provide encryption backdoors to law enforcement or take full blame for any foul play caught within their encrypted confines.
 

Which begs the question. “If you can catch the foul play within their encrypted confines, why do you need backdoors?”
 

While the move raises eyebrows (the Electronic Frontier Foundation goes so far as to say it violates the Constitution), it’s touted as a bill to prevent online child exploitation. Ten or twenty years ago it was terrorism. Ten or twenty days ago it was the coronavirus. Attempts at government surveillance haven’t passed fully yet.  
 

But unfortunately the peril doesn't stop there. Everything connected to the internet will be affected by encryption backdoors, from your home security system to self-driving cars, nuclear reactors and the grid. Venafi CEO Jeff Hudson explains more.

 

 

 

Congress will have a lot to grapple with, personal interest included, as they publicly risk voting for a measure they themselves would struggle to keep. What are the options? Vote “lesser encryption for the rest of you” while they silver-spoon it on some specially encrypted government platform? How’s that, constituents? Or, “we’ll eat our own dog food” and publicly acknowledge that they made it less safe –as they vote on measures crucial to the security of the American people in a time of global pandemic.
 

The answer may seem befuddlingly clear, but we’ve been surprised in times of crisis before.
 

Child exploitation is without exception a serious, unmitigated crime, and a nauseating one at that. But with the entire globe facing an onslaught of cyber challenges around the new bio-threat, vaccines that have yet to be discovered and everyone from defense contractors to Congress working from home, it may paradoxically not even be the biggest one. However, the consequences of the EARN IT Act could be the most long lasting. A remote-Congress may have to deal firsthand with the task and responsibility of communicating in a vacuum, completely secure to the outside world, in order to pass legislation that would maintain the integrity of the Congressional vote. Without end-to-end encryption, that would not be possible.
 

With backdoors provided via the EARN IT Act, that may not be possible either.


Related Posts:

 

 

Most People Use Unencrypted Note-Taking Apps. What This Really Means.

According to the DuckDuckGo research, 58.2% of people didn’t realize that many notes apps don't encrypt notes by default, which implies that they're not seeking out these manual options.” This is bad, but what’s worse is what it implies.
 

Perhaps not surprisingly, many notepad and similar thought-jotting apps don’t come fully encrypted. It’s still an optional, “special feature.” That doesn’t stop a lot of us from slipping credit card information, passwords and login credentials into the unencrypted pages, according to the research.
 

Don’t worry, there’s a few things that you can do.  

  • Adjust those settings:
    • Microsoft OneNote allows for AES-128 encryption. It’s not available out of the box, but you can enable it.
    • Evernote lets you encrypt a note—on the desktop version.  
  • Encrypt beforehand:
    • Use Adobe Acrobat to encrypt your PDFs. Then save them to your notes.
    • Veracrypt and Bitlocker (Windows) also provide third-party encryption.    
  • Use a password manager:
    • LastPass—Comes completely encrypted out of the box, a full-service secure password manager for the masses. Now let’s just hope that doesn’t get hacked.
    • Standard Notes is a local tool that employs AES-256 by default.  

 


 

Okay, so most people don’t take care of their data, but what’s the point?
 

What the research reveals is far more than poor data hygiene practices. It red flags a pervasive, underlying problem that may explain why the EARN IT act doesn’t get front page (and, it should). In the coming decade, privacy rights and encryption may be the Civil Rights battle ground of the 2020s. If they’re not already, it's only for lack of knowing, as the data points to above. A lot of intelligent people I know still don’t have a useable grasp of what encryption “does” or how it “works” or why it’s indispensable.  


Let’s face it, the tech boom, Fourth Industrial Revolution and all related techno-wonders caught us charmed and unaware. You’ll let me do more in less time? Sure. You’ll store my stuff in less space? Of course. You’ll host my unimpeded communication over your unencrypted platform? Why not. And, just like bundled mortgages, IMF loans or Social Security, we’ll pay for it later.
 

Now is later. Our constitutional and civil rights are wrapped up in where we express them, and for the past two and a half decades, that’s been online. Encryption matters because it protects what you do, and what you say, and how you say it, and who you are, online. It protects you.
 

And that’s worth encrypting.



 

Related Posts:

 

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more