Feedback
Tech

Draft Encryption Bill Would Mandate Companies Assist Investigators

Two Senate lawmakers have released a draft bill that would require companies like Apple to provide "technical assistance" in cases where law enforcement has a warrant to obtain data.

"No entity or individual is above the law," said Sen. Dianne Feinstein, D-California, who co-authored the bill with fellow Senate Intelligence Committee member Sen. Richard Burr, R-North Carolina. "Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."

A leaked draft of the bill was published by The Hill on April 7, and provoked a swift response from security and cryptography experts who said that the requirements were dangerous and technically unfeasible.

Read More: Facebook's WhatsApp Strengthens Encryption for 1 Billion Users

The issue of encryption — the garbling of information and data to provide security and privacy — came to widespread attention after the FBI sought assistance from Apple to unlock an iPhone 5C used by San Bernardino terrorist Syed Farook. While investigators in that case were not directly asking Apple to break the device's encryption, it brought a focus to concerns law enforcement officials have been voicing for years that terrorists and criminals will use the technology to hide.

Encrypted Data: Simple Idea, Complex Math 1:41

The draft legislation released by Burr and Feinstein on Wednesday would require companies to make "intelligible" — non-encrypted — data available to the government when a court order demands it, and to provide "technical assistance" if that data is encrypted or not accessible for some other reason.

"All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders," the draft legislation released on Wednesday states.

Read More: For Renowned Cryptographer, Encryption Remains As Important As Ever

Companies confronted with a court order would be required to provide "responsive, intelligible information or data, or appropriate technical assistance," the draft bill states.

Sen. Ron Wyden, D-Oregon, said that he does not support the proposed bill, and that it would make Americans "more vulnerable to stalkers, identity thieves, foreign hackers and criminals." Thirty-two academics and nonprofits were among the signers of a letter sent to President Obama on Monday urging him to oppose the bill from Feinstein and Burr.

"Instead of heeding the warnings of experts, the senators have written a bill that ignores economic, security, and technical reality," Neema Singh Guliani, legislative counsel with the American Civil Liberties Union, said in a statement. "It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on."