For several months, Senators Richard Burr and Dianne Feinstein have been cooking up a bill to undermine strong encryption. Last week, journalists leaked a draft of the bill, which gave the public a sneak peek at what the senators were planing. Now the pair have released an official draft of the bill, which is to be discussed by the Senate. Despite criticism directed at the leaked version, this version has no significant changes.
Called the Compliance with Court Orders Act, the stated purpose of the bill is to make sure court orders can always be carried out. If a covered entity receives a court order to turn over data, they must make sure it is in an intelligible form or provide technical assistance to make it intelligible. However, entities can only be given such a court order if they are responsible for making it unintelligible in the first place. A phone manufacturer would not be punished if some third-party app encrypted data on a phone, for example. Entities that are covered by this bill include hardware manufacturers, software developers, and communications providers.
The language in the bill amounts to a ban on strong encryption. Companies must either include backdoors or remove encryption entirely if they want to abide by its requirements. An additional requirement is that storefronts like Google Play must police the apps on their platform to make sure none of them are in violation of the previous requirement.
In defense of the bill Burr made the following statement:
I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information – which involves strong encryption. I do not believe, however, that those solutions should be above the law. I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law. Based on initial feedback, I am confident that the discussion has begun. We remain eager to sit down and discuss a way forward with all who are willing to engage constructively on this critically important and challenging issue.
Feinstein also made a statement on the bill:
No entity or individual is above the law. The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.
Meanwhile, senator Ron Wyden has already stated that he will do whatever it takes to stop the bill, even a filibuster if that's what it takes. He made the following tweets on the subject.https://twitter.com/RonWyden/status/720343774099017728
Do you think this bill will be passed by Congress? Leave your comments below.