[liberationtech] US law actually protects companies that want to offer products w/ end-to-end encryption & no backdoors

Mon Jul 15 12:00:21 PDT 2013

http://paranoia.dubfire.net/2010/09/calea-and-encryption.html
Christopher Soghoian

CALEA and encryption

Reading through Charlie Savage's New York Times piece yesterday, which
arguably marks the beginning of the 2nd crypto wars, one might get the
impression that law enforcement officials are merely seeking to tweak
the law, in order to maintain the existing status quo:

"We're talking about lawfully authorized intercepts," said Valerie E.
Caproni, general counsel for the Federal Bureau of Investigation. "We're
not talking expanding authority. We're talking about preserving our
ability to execute our existing authority in order to protect the public
safety and national security."

...

To counter such problems, officials are coalescing around several of the
proposal’s likely requirements:

* Communications services that encrypt messages must have a way to
unscramble them.

I think it is reasonable to assume that very few people have read the
text of the Communications Assistance for Law Enforcement Act (CALEA),
and so it is quite reasonable that the average layperson (or even
interested technologist) might assume that existing US law has nothing
to say about encryption, since, after all, Skype didn't exist when CALEA
was passed in 1994. That is incorrect -- not only does the law speak
about encryption, but it specifically protects the right of companies to
build strong encryption for which only the customer has the decryption
key into their products.

47 USC 1002(b)(3):
A telecommunications carrier shall not be responsible for decrypting, or
ensuring the government’s ability to decrypt, any communication
encrypted by a subscriber or customer, unless the encryption was
provided by the carrier and the carrier possesses the information
necessary to decrypt the communication.

Also from the CALEA legislative history:

Finally, telecommunications carriers have no responsibility to decrypt
encrypted communications that are the subject of court-ordered wiretaps,
unless the carrier provided the encryption and can decrypt it. This
obligation is consistent with the obligation to furnish all necessary
assistance under 18 U.S.C. Section 2518(4). Nothing in this paragraph
would prohibit a carrier from deploying an encryption service for which
it does not retain the ability to decrypt communications for law
enforcement access
...
Nothing in the bill is intended to limit or otherwise prevent the use of
any type of encryption within the United States. Nor does the Committee
intend this bill to be in any way a precursor to any kind of ban or
limitation on encryption technology. To the contrary, section 2602
protects the right to use encryption.”

If the FBI and other law enforcement agencies get their way, they will
not be tweaking existing law to deal with new technologies, but
fundamentally changing how the government regulates technology.

-- 
Moritz Bartl
https://www.torservers.net/