Leak of Senate Encryption Bill Prompts Swift Backlash
The purpose of the Constitutional protections created by our White forefathers was not to make things easier for the police.
SECURITY RESEARCHERS and civil liberties advocates on Friday condemned draft legislation leaked from the U.S. Senate that would let judges order technology companies to assist law enforcement agencies in breaking into encrypted data. (ILLUSTRATION: Senator Richard Burr (R-NC) walks to the Senate chamber to vote on legislation for funding the Department of Homeland Security on Capitol Hill in Washington March 2, 2015.)
The long-awaited bill is emerging just as the U.S. Justice Department redoubles its efforts to use the courts to force Apple to help unlock encrypted iPhones.
The Senate proposal is an attempt to resolve long-standing disagreements between the technology community, which believes strong encryption is essential to keep hackers and others from disrupting the Internet, and law enforcement officials worried about being unable to pry open encrypted devices and communications of criminal suspects.
But the draft bill, leaked online Thursday evening, was planned as an overly vague measure that added up to a ban on strong encryption.
Kevin Bankston, director of the Open Technology Institute, said in a statement it was the “most ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century.”
The leaked 9-page bill is the most current draft of the proposal, a source familiar with the language said.
It would give judges broad authority to order tech companies to hand over data in “an intelligible format” or provide “technical assistance” to access locked data. It does not spell out what form the data must take or under what circumstances a company would be forced to help.
It also does not create specific penalties for noncompliance.
In a joint statement, the authors of the bill, Senators Richard Burr and Dianne Feinstein, said they were still working with stakeholders to finalize the bill, which has repeatedly been delayed.
“The underlying goal is simple: when there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out,” they said. “No individual or company is above the law.”
President Obama is expected to be personally briefed by White House chief of staff Denis McDonough on the proposal on Monday, sources said.
But the administration remains deeply divided over encryption and views it as too controversial to offer public support or opposition for the bill as it is currently written, according to sources.
A White House spokesman told reporters Thursday the administration had not decided whether to support the measure, as it is still in a draft stage.
The fight over encryption has been at the center of a months long dispute between Apple and the FBI over a phone linked to one of the San Bernardino, Calif., shooters.
Though the Justice Department withdrew its request in that case after a secret third party provided a way to unlock the phone, it announced Friday it would move ahead with an appeal of a court ruling blocking the government from forcing Apple to help unlock an iPhone in a separate New York drug case.
The bill from Burr and Feinstein would make it much more difficult if not impossible for Apple to refuse to comply in such cases.
An Apple attorney declined to comment about the draft legislation on a call with reporters.
‘Weaken Their Products’
The proposal from Burr and Feinstein, the top Republican and Democrat on the Senate Intelligence Committee respectively, is expected to face a steep climb in a gridlocked U.S. Congress during an election year.
“For the first time in America, companies that want to protect their customers with stronger security will not have that choice,” Senator Ron Wyden, an Oregon Democrat and vocal privacy advocate told reporters Friday. “They will be required by federal law per this statute to decide how to weaken their products to make Americans less safe.”
Matt Blaze, a professor and computer security expert at the University of Pennsylvania, said on Twitter that the bill was worse than a failed effort by President Bill Clinton’s administration in the 1990s to require a special computer chip in phones to give the U.S. government a way to monitor encrypted conversations.
The Clinton-era push crumbled amid stiff opposition from the technology sector that included a crucial security flaw in the proposal detected by Blaze.
* * *