A draft bill that would force tech companies to hack encrypted devices in response to a court order was already drawing heat from Silicon Valley on Friday as it began circulating on Capitol Hill.
The legislation from Senate Intelligence Committee Chairman Richard Burr, R-N.C., and Vice Chair Dianne Feinstein, D-Calif., would effectively derail the growing use of “end-to-end” encryption, which is designed to be so strong that only users have the ability to get into their smartphones, tablets and other electronic devices.
Apple, Google and other companies have been developing stronger encryption in response to consumer demand for greater privacy and protection from identity thieves.
But the FBI and other law enforcement agencies say that encryption allows criminals and terrorists to conceal crucial information that investigators need to thwart plots and make arrests. And they complain that court orders allowing them to access information mean nothing if they can’t make companies decode the information.
“We’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill,” Burr and Feinstein said in a joint statement Friday. “However, the underlying goal is simple: when there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law.”
“The extent to which Burr-Feinstein would threaten the security of the entire Internet is simply breathtaking,” said Morgan Reed, executive director of ACT | The App Association, which represents more than 5,000 app makers. “The bill would force hundreds of thousands of companies to choose between breaking the law and protecting customer data. It would require everyone who writes software to provide the government with a backdoor.”
“This legislation places an unqualified demand on companies to decrypt their customers’ data upon receiving a court order from law enforcement,” Castro said. “While companies should comply with lawful requests, it is simply not possible for a company to do so when the customer controls the only keys.”
The popular messaging app WhatsApp, which provides end-to-end encryption to its users, would not be able to comply with the legislation unless it modified its system, Castro said.
The encryption debate came to a head this year when the FBI went to court to try to force Apple to unlock the iPhone of one of the dead terrorists who killed 14 people and wounded 22 others in an attack in San Bernardino in December.
The FBI abruptly dropped its legal battle with Apple last week after a third party helped agents unlock the phone. But the debate is still raging.
The Department of Justice said Friday it is pressing forward in its legal fight to force Apple’s assistance in unlocking an iPhone linked to a drug conspiracy case in New York City. And scores of prosecutors and police agencies throughout the country are seeking the FBI’s help in unlocking other encrypted phones.
“This debate is not about privacy versus security,” the senator told a small group of reporters Friday. “It’s about less security versus more security. I’m going to re-focus this debate.”
Manhattan District Attorney Cyrus Vance, Jr., praised the proposed bill, saying it “restores the authority of neutral judges to require meaningful compliance with their orders.”
“For the past year and a half, Apple and other large technology companies have effectively decided who can and cannot access crucial evidence in criminal investigations,” Vance said.
Junior Trader Daniel Dimitrov