Since it was leaked last week, a draft bill pushed by the two leading members of the Senate Select Committee on Intelligence has been rebuked by trade and advocacy groups. The bill takes a conversation on encryption and national security, previously driven by the FBI and the federal court system, into the halls of Congress.
The federal government’s latest effort to change the rules on data encryption—this time coming from Congress rather than federal prosecutors—has industry groups and privacy watchdogs speaking up.
This week, Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), the two ranking members of the Senate Select Committee on Intelligence, introduced draft legislation [PDF] that would effectively require companies to work with federal intelligence officials to break encryption in criminal cases and would also require that any information handed over in such cases be “intelligible.”
If this legislation had been on the books when the FBI pushed Apple for help in breaking into a terror suspect’s phone earlier this year, the company would have had to comply with the court order, with no option to appeal. But, even more troubling for privacy advocates and tech companies, the legislation, if passed, would also take the teeth out of end-to-end encryption methods commonly used on smartphones and online platforms.
In comments on the discussion draft legislation, Burr suggested that current encryption solutions limit the effectiveness of the law enforcement and intelligence communities.
“I have long believed that data is too insecure and feel strongly that consumers have a right to seek solutions that protect their information—which involves strong encryption,” Burr said in a news release. “I do not believe, however, that those solutions should be above the law. I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law.”
The discussion draft, leaked last week by The Hill and formally introduced on Wednesday, has already received rebukes from the Consumer Technology Association (CTA), whose president and CEO, Gary Shapiro, stated that the measure would both endanger consumers and harm the technology industry’s ability to grow and attract workers.
“[R]equiring American companies to guarantee U.S. government access to encrypted communications upon receiving a court order is premature and potentially damaging,” Shapiro said in a news release. “Eliminating the ability to appeal a court order would remove a basic and fundamental due process right. Indeed, requiring access to protected communications would defeat the entire purpose of encryption—opening Americans’ data to not only the U.S. government, but also hackers, contentious foreign regimes, and other bad actors.”
Think tanks and advocacy groups across the political spectrum also came out against the bill, including FreedomWorks, a group traditionally associated with the Tea Party movement.
“To say that this bill would be a blow to digital privacy would be one of the biggest understatements in history,” FreedomWorks CEO Adam Brandon said in a statement on Thursday. “This bill turns backdoor access to encrypted data into a meteor-sized crater. Any notion of digital privacy is thrown out of the window if this bill becomes law.”
In the tech space, meanwhile, groups such as the Internet Association and the Electronic Frontier Foundation are strongly opposing the bill, according to Re/Code. “The draft legislation, as currently written, creates a mandate that companies engineer vulnerabilities into their products or services, which will harm national security and put Americans at risk,” said Internet Association CEO Michael Beckerman in a statement.
If passed, the bill presumably would have an immediate impact on numerous court cases around the country. The American Civil Liberties Union last month uncovered 63 separate cases in which the FBI has attempted to compel either Apple or Google in assisting with decrypting a phone.