Senator Diane Feinstein may represent Silicon Valley in Washington, DC, but on the contentious issues surrounding law enforcement access to data, she seems to be out of step with some of the big technology companies.
This week, Feinstein, the vice chairwoman of the Senate Intelligence Committee, and committee chairman Richard Burr of North Carolina, released a first draft of legislation aimed at compelling companies to turn over data to the government in an “intelligible format” whenever they are ordered to do so by a court.
Called the Compliance With Court Orders Act of 2016, the bill is already drawing criticism from the tech lobby, and at least one Senator who has promised to block the bill from going forward.
The Internet Association, which represents companies including Google, Dropbox, Facebook, Twitter and other internet giants, blasted the proposal by saying it “creates a mandate that companies engineer vulnerabilities into their products and services.”
Feinstein and Burr’s draft bill says companies handling communications should protect consumers’ private data through “appropriate data security,” while respecting the “rule of law” and “comply[ing] with all legal requirements and court orders.”
That’s a contradiction, according to some Silicon Valley companies: securing data means using strong encryption, and unscrambling encrypted data under a court’s order would only weaken that security by creating a “backdoor.”
Complying with court orders to turn over data in intelligible format, even when that data has been encrypted, was exactly the problem when Apple refused to obey a judge’s order to provide technical assistance to help the FBI unlock an iPhone at the center of a terrorism investigation.
The weeks-long standoff only ended when the US government dropped its case after the FBI said it was able to hack into iPhone without Apple’s help.
FBI Director James Comey has said in a Congressional hearing on encryption and in recent speeches, that the smart people who brought us great products like the iPhone should be able to come up with a solution to the problem of keeping data secure, yet still accessible to law enforcement.
In the recent iPhone case, however, the technical solution ordered by the court would have forced Apple to create a special version of the phone’s software that would allow law enforcement to make unlimited guesses to break the security passcode.
Apple said in court filings that creating such software would be a burden to Apple, taking dozens of Apple engineers weeks to do, at considerable cost.
Feinstein and Burr’s proposed legislation includes a provision that the companies affected by court orders to provide technical assistance would be compensated for “such costs as are reasonably necessary.”
This is why the legislation is causing concern in the tech community.
While consumers want to buy technology with the best security possible, if passed in its current form, this bill could put the US government in the business of paying tech companies to break the security of their own products.
Image of pillars of law and order courtesy of Shutterstock.com.
Billy Reuben
>> “FBI Director James Comey has said in a Congressional hearing on encryption and in recent speeches, that the smart people who brought us great products like the iPhone should be able to come up with a solution to the problem of keeping data secure, yet still accessible to law enforcement.”
Well, Mr. Comey, some smart people came up with the solution a long time ago. It’s called the Constitution of the United States. The writers understood that ultimate authority exists outside of mankind, and there is no such thing as a benevolent ruling class. There’s also the whole matter of controlling whom we allow to enter this country and what criteria we use to determine if they should become citizens (think: San Bernardino terrorists). Too bad this elephant in the room can’t be openly discussed without being marginalized.
Michael
Is it true that the bill also bans irreversible encryption such as password hashing?
Paul Ducklin
Technically, hashing is not encryption, although you can use hashes to create encryption tools, and you can use encryption algorithms to build hashes. However, if the goal of this bill is to be able to “go back to the original input for every file out there,” you might imagine that hashing is covered, too.
I saw a comment somewhere from B. Schneier suggesting that the law is out of control even if you approve of the idea of crackable crypto as matter of course. His point was that a law dedicated to ensuring that all data transforms were reversible would end up illegalising JPEG files and the like – anything with lossy compression – because it’s impossible to recover the original file. No idea whether that’s a reasonable reading of it, but then I’d oppose the law even if that turns out not to be the case.
jkwilborn
Encryption is here, wether the Government likes it or not. Even if they force us to submit, the rest of the world will be encrypting and America will be left in the dust. It’s only use is to cripple our tech industry and allow the rest of the world to read our data (like ISIS.) I doubt they can read my hard disk as it’s encrypted by open source Debian code. We are at the point where total encryption is possible, lowest cost and the future will assure it is secure, even if not in the USA. They can’t pass this it would be devastating to economy and country.
I bet the Government people won’t have phones that can be accessed, like the legislators who passed Obama Care, exempted themselves.
Han
“Apple said in court filings that creating such software would be a burden to Apple, taking dozens of Apple engineers weeks to do, at considerable cost.” Ah yes the quote from Apple (above) Considerable cost is mentioned why would a “corporation” care about cost??? Is it a bit strange that none of the above companies (including APPLE) ever cite a situation where the harm has been done by law enforcement but readily cite cost?
Remember when “BIG AUTO” was required to do better milage-wise or how about safety-wise they all threw up their arms and cried “cost” shoulder harnesses, airbags my goodness think of the cost! 25 MPG in an eight cylinder vehicle the cost!!! Unleaded gasoline? are you crazy forcing ALL of our cars to eventually use unleaded gasoline think of the cost!
NOT allowing us companies to do whatever we want under the guise of “privacy” think of the cost! after all…all those other products and services we created before now that were totally compliant with the law…it hurt millions right??? and we never complained about “cost” then, we just added it on to the people who bought our goods and services and moved our manufacturing to China, I mean we are talking cost here right? and we are corporations…