This bill is flawed but worth your support anyway. It's flawed for at least three reasons:
* It doesn’t stop NSA from weakening security standards, bribing crypto vendors, or hacking into systems to insert backdoors. Even if a future law were to address that, a future president could instruct the NSA (part of the U.S. military, after all) to disregard it. We've all seen some recent examples of aggressive presidential action even in the non-military space where executive authority is weaker.
* Wyden's bill doesn't seem to apply to FedGov spending. So if a company wants that fat .gov/.mil $10 billion-dollar contract, well, it might feel obliged to discontinue that full-device encryption product. It surely makes sense to focus on other unencrypted product lines to support that $10B contract, right?
* A future Congress could overturn it, for instance by enacting FBI’s draft “Going Dark” surveillance legislation. I disclosed some details here about the FBI's proposal to target Internet companies (in retrospect, FBI was carrying water for NSA): http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites...
But despite those caveats, Wyden's bill is worth supporting anyway. It does no harm, it's highly symbolic -- and it would stop future agencies from creatively interpreting their statutory authority to screw over the Internet and companies represented here on HN.
While no agency has clear legal authority in this area, that doesn't always stop them, with the FCC the most likely suspect. Remember this is the same agency that unilaterally extended CALEA backdoor requirements to broadband providers, despite Congress never giving it that authority, and despite the FBI director assuring politicians this would never happen. A federal appeals court judge called the FCC's argument for surveillance mandates "gobbledygook" and "nonsense," but unfortunately ended up dissenting in a 2-1 decision, as I wrote here in 2006: http://news.cnet.com/Appeals-court-upholds-Net-wiretapping-r...
This is not a case of a bill doing some harm and some good, like the problematic USA Freedom Act, where different groups applied different weights and reached different recommendations. Wyden's bill does only good, even if doesn't go nearly far enough. Fixing a broken system is not a one-step process.
And the overturn that overturned the overturn could in turn, be overturned. ;P
No but a little more serious - once a bill makes it to law, its far more challenging to overturn it (not to mention the negative PR that can/will be run for a "we're making it so the government can subvert your privacy again" campaign).
We have amendments for these though. It will be tiresome to have to continually revisit amendments to basically say "they mean what they say". How about this Amendment instead:
Any attorney general should be able to sue for impeachment and criminal charges against any top officials in federal government, and the cases could be heard by a panel of judges from the states. After a ruling, governors should be authorized to deploy state police/military to arrest and incarcerate federal officials as indicated by the trials.
* It doesn’t stop NSA from weakening security standards, bribing crypto vendors, or hacking into systems to insert backdoors. Even if a future law were to address that, a future president could instruct the NSA (part of the U.S. military, after all) to disregard it. We've all seen some recent examples of aggressive presidential action even in the non-military space where executive authority is weaker.
* Wyden's bill doesn't seem to apply to FedGov spending. So if a company wants that fat .gov/.mil $10 billion-dollar contract, well, it might feel obliged to discontinue that full-device encryption product. It surely makes sense to focus on other unencrypted product lines to support that $10B contract, right?
* A future Congress could overturn it, for instance by enacting FBI’s draft “Going Dark” surveillance legislation. I disclosed some details here about the FBI's proposal to target Internet companies (in retrospect, FBI was carrying water for NSA): http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites...
But despite those caveats, Wyden's bill is worth supporting anyway. It does no harm, it's highly symbolic -- and it would stop future agencies from creatively interpreting their statutory authority to screw over the Internet and companies represented here on HN.
While no agency has clear legal authority in this area, that doesn't always stop them, with the FCC the most likely suspect. Remember this is the same agency that unilaterally extended CALEA backdoor requirements to broadband providers, despite Congress never giving it that authority, and despite the FBI director assuring politicians this would never happen. A federal appeals court judge called the FCC's argument for surveillance mandates "gobbledygook" and "nonsense," but unfortunately ended up dissenting in a 2-1 decision, as I wrote here in 2006: http://news.cnet.com/Appeals-court-upholds-Net-wiretapping-r...
This is not a case of a bill doing some harm and some good, like the problematic USA Freedom Act, where different groups applied different weights and reached different recommendations. Wyden's bill does only good, even if doesn't go nearly far enough. Fixing a broken system is not a one-step process.