Senators Richard Burr and Dianne Feinstein have been working on an anti-encryption bill for several months, and now we finally get to see the fruit of their labor. A draft of the bill has now been published by reporters. However, the bill has not yet been introduced in the Senate, and may undergo changes before it reaches its final form.
The bill begins with a preamble stating that nobody is above the law, and argues that the rule of law requires judicial orders to be executed. However the heart of the bill is a requirement that any entity which renders data "unintelligible" must be able to provide it to law enforcement in an "intelligible" form if served with a court order, or alternatively provide technical assistance to make the information intelligible. In short, the bill obligates companies to include backdoors in their encryption.
(2) SCOPE OF REQUIREMENT.„ A covered entity that receives a court order referred to in paragraph (l)(A) shall be responsible only for providing data in an intelligible format if such data has been made unintelligible by a feature, product, or service owned, controlled, created, or provided, by the covered entity or by a third party on behalf of the covered entity
Another notable aspect of the bill is that it requires "license distributors" to ensure all products available on their platform meet the requirement laid out in the previous section of the bill. That means Apple's App Store, Google Play or any other storefront that sells software will have to be policed by their owners to make sure all the apps that offer encryption have backdoors.
When questioned about the bill, a spokesman for Senator Feinstein told Wired, "we’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill. However, the underlying goal is simple: when there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. We’re still in the process of soliciting input from stakeholders and hope to have final language ready soon."
It was reported yesterday that the White House has already seen the draft and provided feedback to the senators. However, the White House has declined to publicly support or oppose the bill at this time. It is not clear if President Obama would veto the bill or not, if it was passed by Congress.
The reasoning offered in defense of this bill is absurd. Forcing companies to deliberately sabotage their own security measures is not a requirement for the "rule of law." There has always been information out of reach of investigators, even before the widespread adoption of encrypted apps and devices. Police had and still have other avenues of investigation. Even if encryption inconveniences law enforcement somewhat, this is not a good enough reason to dictate to private companies that they cannot implement common sense security measures.
Are you concerned about attempts by legislators to undermine encryption? Leave your comments below.