Senate Draft Encryption Bill Called 'Absurd,' 'Dangerous,' and Technically Inept
A draft of an encryption bill created by Senate Intelligence Committee leaders Richard Burr and Dianne Feinstein was released last night, revealing the scope of the legislation that would require technology companies to decrypt data and share it in an "intelligible format" when served with a legal order.
The Compliance with Court Orders Act of 2016, a copy of which was shared by Re/code, starts out by declaring "no person or entity is above the law." It says that all providers of communication services and products, from hardware to software, must both protect the privacy of residents of the United States through "implementation of appropriate data security," while still respecting the "rule of law" and complying with legal requirements and court orders to provide information stored either on devices or remotely.
To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information.
In acknowledgement of the disagreement between the FBI and Apple, the legislation does include a clause that prevents it from authorizing "any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity," and it shies away from specific technical demands, but the wording of the act itself, with no contingencies for inaccessible data, makes end-to-end encryption impossible. Any data encrypted by companies must also be able to be decrypted.
Security experts have heavily criticized the bill. Daniel Castro of the Information Technology and Innovation Foundation told Re/code the bill "sets up a legal paradox" while the ACT/App Association said it amounts to a government-mandated back door. Security researcher Jonathan Zdziarski says the entire bill is dangerous, calling it "a hodgepodge of technical ineptitude combined with pockets of contradiction."
The absurdity of this bill is beyond words. Due to the technical ineptitude of its authors, combined with a hunger for unconstitutional governmental powers, the end result is a very dangerous document that will weaken the security of America's technology infrastructure. This will affect everything from the iPhone you hold in your pocket to how data is transmitted over the Internet, allowing the government to effectively break all electronic commerce and Internet security. This is bad legislation in every way, and it very subtly allows for unconstitutional government control of private industry.
In a report yesterday, Reuters said the White House has decided not to offer public support for the legislation, as "the administration remains deeply divided on the issue." The bill is still in draft form, with the language subject to changes based on input from stakeholders. In a joint statement, Burr and Feinstein said they hope to have a final version completed soon.
Update 4/13: An official draft of the Compliance with Court Orders Act of 2016 was released on April 13, with few changes from the version released earlier in the month.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.