An open letter to Senator Richard Burr

I sent this to Senator Richard Burr through his website. I am also leaving it here, and will update with his response:

Senator Burr,

First, I want to say Thank You for working on the behalf of North Carolina in our nation’s capital. I recognize that there are hundreds, if not thousands of issues that you are asked to consider on a regular basis, which cannot be easy.

I am contacting you regarding the encryption bill that you are working on with Senator Feinstein. North Carolina is a very tech savvy state. We have major technology companies in almost every tech sector, and now are home to some of the largest and most efficient data centers in the US. There is much to be proud of. With that in mind, I am surprised to see you as one of the advocates of the bill.

I recognize that as the Chair of the Senate Intelligence Committee you hear from our intelligence services on a regular basis. I am certain the current conversation is heavily geared towards how to deal with the pervasive nature of encryption. Today it is easy for a terrorist organization to have fully encrypted end-to-end communication. I am sure that is incredibly frightening to the intelligence services and their job is a very difficult one. I recognize that every attack on American citizens ultimately creates hundreds of questions like “How did the [insert three letter acronym] not know this was going to happen?” It’s an impossible battle.

I am a network engineer and I have worked in IT for many years. I intimately understand encryption and the basic underpinnings of the internet. I have spent many years protecting my employers networks and systems from outside attack. I understand that ever evolving battle first-hand.

With that said, I am very concerned that you feel that you can force companies to provide backdoor access to devices and communication without affecting every citizen who chooses to use an electronic device. I assume that you have chosen to believe the rhetoric which states that open access can be protected. Otherwise, the only other assumption is that you believe that normal everyday citizens should not have the ability to protect their private, personal information; that corporations should not have the ability to protect their intellectual property.

Assuming that you believe the former; I want you to consider these questions. How long do you expect that backdoor to be kept safe? How long do you think it will take before technical terrorist, both foreign and domestic find and utilize that backdoor?

If the US makes and is granted the demand, what prevents other foreign entities from doing the same? What do you think the economic impact would be for companies when China has a backdoor to every corporate device of every manufacturing company in the US? I have spent eight years of my career working with large international manufacturing companies. I know first hand what the impact of that is. I have watched it with my own eyes. I could argue this particular point, citing experience, but I want to respect your time. If you would like to discuss, I will be happy to do so.

I have one more question I would like to present. How do you expect that forcing backdoor access will actually aid the intelligence services? This is an exercise in futility and escalation. Assume for a moment that the NSA/CIA/FBI has root access to every device. What happens when the user also employs an encrypted communication app which also requires a passcode and does not store data locally? Let’s also suppose that they are always running a VPN or TOR client. Finally, let’s assume that the server the encrypted app on the encrypted phone, communicates to through an encrypted tunnel, lives in a non-friendly foreign state. What good does this legislation then do? The answer is, none. The US cannot compel the foreign server to give it a back door. But, the US, who loves to discuss freedom has created a wide exploit that will then begin to be used for a different type of terrorism and removed every citizens right to privacy with their most personal data.

I am not hurling these questions at a wall to see what sticks. I would like a response. This is a very important discussion to be had without rhetoric and fear-mongering. I can be contacted with the information provided if you would like to further discuss these or other concerns.

With respect,

Jonathan Davis

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s