An open letter expressing "deep concerns" about a U.S. draft encryption bill that would force smartphone makers to decrypt data at the behest of the government was published yesterday, signed by four coalitions representing Apple, Microsoft, Google, Amazon, and other major tech companies.
The letter is addressed to the bill's sponsors, Senators Richard Burr and Dianne Feinstein, and warns of the legislation's "unintended consequences", calling its requirements of technology companies "well-intentioned but ultimately unworkable" (via The Verge).
Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences. The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security. As a result, when designing products or services, technology companies could be forced to make decisions that would create opportunities for exploitation by bad actors seeking to harm our customers and whom we all want to stop. The bill would force those providing digital communication and storage to ensure that digital data can be obtained in "intelligible" form by the government, pursuant to a court order. This mandate would mean that when a company or user has decided to use some encryption technologies, those technologies will have to be built to allow some third party to potentially have access. This access could, in turn, be exploited by bad actors.
It is also important to remember that such a technological mandate fails to account for the global nature of today’s technology. For example, no accessibility requirement can be limited to U.S. law enforcement; once it is required by the U.S., other governments will surely follow. In addition, the U.S. has no monopoly on these security measures. A law passed by Congress trying to restrict the use of data security measures will not prevent their use. It will only serve to push users to non-U.S. companies, in turn undermining the global competitiveness of the technology industry in the U.S. and resulting in more and more data being stored in other countries.
We support making sure that law enforcement has the legal authorities, resources, and training it needs to solve crime, prevent terrorism, and protect the public. However, those things must be carefully balanced to preserve our customers’ security and digital information. We are ready and willing to engage in dialogue about how to strike that balance, but remain concerned about efforts to prioritize one type of security over all others in a way that leads to unintended, negative consequences for the safety of our networks and our customers.
The letter is signed by Reform Government Surveillance, the Computer and Communications Industry Association, the Entertainment Software Association, and the Internet Infrastructure Coalition. Facebook, Netflix, eBay, and Dropbox are among other companies represented by the groups.
The news follows heavy criticism of the bill from security experts after a draft titled "The Compliance with Court Orders Act 2016" was circulated earlier this month following Apple's standoff with the FBI over access to an iPhone used by one of the shooters in the San Bernardino terrorist attack. The draft states that all providers of communication services and products must respect the "rule of law" and comply with legal requirements and court orders to provide information stored either on devices or remotely.
Without detailing specific technical demands, the wording of the act itself makes end-to-end encryption impossible. Experts said it was "absurd", "dangerous", and "bad legislation in every way", amounting to a government-mandated back door.
The White House remains deeply divided on the issue and has so far decided not to offer public support for the legislation. Language in the draft bill is subject to changes based on input from stakeholders, although an official draft was released one week ago with few changes from the earlier version. Senators Burr and Feinstein have yet to respond to the letter.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
A hot topic in Europe is tax law, we have been collecting taxes here in the uk for around 1000 years and still legislation allows for dodgy dealings to take place left, right and centre. If we can't get tax law correct after a millennium what chance does the US have of getting encryption law correct.
Once you understand that they are bent on power and domination and not this "we need to protect the children and the weak", then you will understand exactly how smart they are.
The system's broken beyond repair. REVOLUTION!!!
The only part lawyers should play in drafting legislation is making sure the law will have the intended effect in the legal system. The people who should be in charge of the ideas and concepts that comprise the law should be experts in their field and should come from all walks of life.
Also, you realize there are other countries on this planet right? It's mostly just plain US citizens that are subject to US laws. So removing decryption on phones made by a US company really only make the phones of plain US citizens insecure. Globally operating bad guys will be entirely unimpacted because they'll just use devices made elsewhere.
Ben Franklin was an adult, and I'm pretty sure there was no tin foil hat for him to wear, when he said "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." It's solid advice. It's a shame you fail to grasp the concept of what freedom actually is, or worse, you're truly against it. Seriously, the only intelligent, logical adults supporting insecure encryption are bad entities. What's your agenda?
[doublepost=1461338730][/doublepost] I'd hate to live in a world where the government has complete power over me. Private information should always be above the law. When I'm not free to THINK what I want, including writing those thoughts down because I wasn't gifted a perfect memory, then I'm not free whatsoever. Privacy is the very last bit of freedom you can have. Once it's gone, you have literally nothing left.