The final version of a proposed bill that would require vendors to have a method for providing plaintext data to law enforcement agencies has been released, and privacy advocates and legislators are calling it “flawed” and “dangerous”.
The Burr-Feinstein bill has been making the rounds of Capitol Hill in draft form since last week, and the reviews have not been kind. Proposed by Sen. Richard Burr and Sen. Diane Feinstein, the bill attempts to define a method through which technology vendors and communications providers must give unencrypted data to law enforcement agencies on demand.
“To uphold both the rule of law and protect the interest and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to to obtain such information or data,” the bill says.
“Covered entities must provide responsive, intelligible information or data, or appropriate technical assistance to a government pursuant to a court order.”
If passed, the bill would have the effect of making the use of end-to-end encryption on services such as iMessage or secure email systems essentially impossible, at least for American companies. Critics of the bill say it would have the opposite effect of what its authors intended.
“The encryption debate is about having more security or having less security. This legislation would effectively outlaw Americans from protecting themselves. It would ban the strongest types of encryption and undermine the foundation of cybersecurity for millions of Americans. This flawed bill would leave Americans more vulnerable to stalkers, identity thieves, foreign hackers and criminals,” Sen. Ron Wyden (D-Ore.), a frequent advocate for encryption, said in a statement.
“And yet it will not make us safer from terrorists or other threats. Bad actors will continue to have access to encryption, from hundreds of sources overseas. Furthermore, this bill will empower repressive regimes to enact similar laws and crack down on persecuted minorities around the world.”
“This legislation would effectively outlaw Americans from protecting themselves.”
The Burr-Feinstein proposal comes at a time when legislators, policy analysts, and technologists are locked in a debate about the use of strong encryption. Tech vendors and communications providers have increased their use of encryption on services such as email, SMS, voice communications, and others greatly in the last few years. At the same time, law enforcement agencies and legislators have warned that this trend is making it more difficult to investigate criminal and terrorist activity.
“The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans,” Feinstein (D-Calif.), vice chairman of the Senate Intelligence Committee, said in a statement.
Widen said that if the Burr-Feinstein bill reaches the Senate floor he will filibuster it.
Image from Flickr stream of Christiaan Colen.