This bill effectively makes it illegal for US companies and persons to build or use secure enclaves / TPMs and to publish cryptosystems without either including backdoors or retaining and storing keys. It also implies that companies would need to store keys indefinitely, otherwise they would not be able to decrypt data, as no time limitations are set on the capability of accessing data.
This would not make SSH or TLS illegal or require users to hand over keys. It could mean that if a US person or corporation contributed to an SSH or TLS library, they could be expected to provide a backdoor mechanism to the government. (EDIT: would not require to hand over keys enmass, or in any way above and beyond current statutes)
Interestingly, this bill covers vendors and presumably US persons that "provide a product or method". You'll still be able to legally use foreign-developed tools. The US would have grounds to ask those foreign agents to decrypt data, but would have limited means of enforcement.
Section 2 (4) spells it out: communication service and software providers. That's the maker of every app on your phone, the phone manufacturer, your phone company, emails provider, retailer (they're communicating your data to their data warehouses).
The summary clearly says "software manufacturers" (aside: manufacture software? facepalm), "providers of wire...electronic...[or] remote communications services, or any person that provides a product or method to facilitate a communication or to process or store data" are all "covered entities" and that they're responsible when they or "another party on their behalf" have made data unintelligible.
The bill, in section 3 (c) includes "license distributors", e.g. thr App Store and Google Play.
Now that I've typed all that out, and please pardon the profanity, but:
What. The. Actual. Fuck.
"No one is above the law", except clearly the legislators and enforcers themselves. "Protect ... Privacy with strong data security", which doesn't exist with the sort of recovery mechanism the bill would require.
If the data is made intelligible again by a party other than the person who uttered it and their intended recipient, it has, by definition, been breached. You've been pwned. Game over. Full stop. You've lost control of your data.
It would cover your use of SSH/TLS for providing a service, but they can already subpoena those keys under existing law, so it's of limited relevance in a conversation about what this bill introduces.
What changes here is that if you deployed SSH/TLS using a HSM (Hardware security module), you'd need to be prepared to provide a plaintext stream upon a court order. Obviously, the alternative is to choose the non-HSM route which is, and has always been, vulnerable to subpoena.
I would say the HSM example is likely the government's understanding of the law as it exists today anyway. This is a matter of codifying and clarifying that position.
All of the above-such systems are such where the vendor or operator already controls the means and mechanisms for encryption and decryption. These are already vulnerable to subpoena.
The serious changes in this bill are around building systems where only the end-user can control access to their data.
> What changes here is that if you deployed SSH/TLS using a HSM (Hardware security module), you'd need to be prepared to provide a plaintext stream upon a court order. Obviously, the alternative is to choose the non-HSM route which is, and has always been, vulnerable to subpoena.
Forgive me if I'm wrong, but doesn't SSH always use a Diffie-Hellman key agreement, where the keys are destroyed after their use? No subpoena has the power to recover keys destroyed in the past, even if no HSM had been used. The same applies to modern TLS using DHE or ECDHE suites, and AFAIK the current TLS 1.3 proposal allows only these suites.
They might be able to subpoena the authentication keys, but these are useless to recover the ephemeral keys of past connections (except from older TLS cipher suites which didn't use DHE/ECDHE), and even for future connections they would have to be used with an active attack.
I hadn't considered DH, but if this bill would be used as basis for a court order to decrypt data obtained via a wiretap, then yes, it would be problematic for PFS cryptosystems. :(
Also, the government tends to separate out makers (manufacturers) from sellers (vendors), though they could be the same entity. Someone may be able to sell software (say on the Google Play Store or Steam or Apple's App Store), without restrictions. But the makers of the software would be subject to this law if their applications permitted or enabled encrypted communication.
This bill effectively makes it illegal for US companies and persons to build or use secure enclaves / TPMs and to publish cryptosystems without either including backdoors or retaining and storing keys. It also implies that companies would need to store keys indefinitely, otherwise they would not be able to decrypt data, as no time limitations are set on the capability of accessing data.
This would not make SSH or TLS illegal or require users to hand over keys. It could mean that if a US person or corporation contributed to an SSH or TLS library, they could be expected to provide a backdoor mechanism to the government. (EDIT: would not require to hand over keys enmass, or in any way above and beyond current statutes)
Interestingly, this bill covers vendors and presumably US persons that "provide a product or method". You'll still be able to legally use foreign-developed tools. The US would have grounds to ask those foreign agents to decrypt data, but would have limited means of enforcement.