Remember the Apple vs FBI fiasco a few months ago? It appears a few members of Congress are still bitter over Apple’s refusal to unlock one of the San Bernardino shooter’s encrypted iPhones. So bitter, in fact, that they’ve decided to draft a bill to make sure it will never happen again.
The bill, tentatively named the Compliance with Court Orders Act of 2016, is a lackluster attempt to force tech companies into helping the government, and the terrifying first draft was leaked last week.
A Backwards Way to Fight Encryption
Drafted by Senators Richard Burr and Dianne Feinstein, the bill would require U.S. tech companies help law enforcement access sensitive information. The language contained within the 9-page bill is vague at best, as it indicates data would need to be handed over in an “intelligible format.” In other words, tech companies would need to decrypt whatever information is needed before handing it over to the authorities.
In cases where the data is scrambled (like the San Bernardino incident), the company must provide “technical assistance” to help law enforcement decrypt it, meaning they’d need to help law enforcement hack into the scrambled device.
— Edward Snowden (@Snowden) April 10, 2016
In technical terms, the bill would force companies to create weaker encryption software for their devices. In practical terms it would make the entire world a little less safe.
Is This the Beginning of the End for Encryption?
It comes as no surprise to hear government officials don’t like encryption. After the world backed Apple CEO Tim Cook’s stance opposing the FBI, lawmakers have been itching for another way to try to enforce backdoor technology upon the tech industry. According to Senator Feinstein:
“No company or individual is above the law, and I’m dismayed that anyone would refuse to help the government in a major terrorism investigation.”
While Apple’s recent refusal isn’t implicitly cited as the reason why this bill was created, it’s fair enough to assume that’s why. Fortunately, in its current state the White House has already said it has no intention of backing this bill. But that’s not the point. Senators Feinstein and Burr, however out of the loop they may be, are not alone in their attempts to curtail encryption software. If this bill fails, another will inevitably take its place.
Why Do People Still Fear Encryption?
Bills like these are dangerous because they basically order companies to weaken their encryption software. It’s like asking locksmiths to purposely build locks that can easily be tampered with.
Devin Coldewey from TechCrunch helps put it into perspective: “Secrets used to be written on paper; that paper would be burned. No one tried to pass a law requiring people to unburn things.”
Why This Is a Big Deal
The fact that Feinstein and Burr (the top Democrat and Republican on the Senate Intelligence Agency, respectively) are writing such unintelligible bills just goes to show how little some Senate members–especially those in charge of intelligence committees–understand encryption.
I could spend all night listing the various ways that Feinstein-Burr is flawed & dangerous. But let’s just say, “in every way possible.” — matt blaze (@mattblaze) April 8, 2016
Either they purposely want to weaken privacy software or they don’t understand how encryption works. Both are scary, but the latter is particularly so when you’re in charge of policy laws.
Weakening Encryption Has Always Been a Bad Idea
Let’s make this clear: It’s almost impossible to decrypt encrypted info. And building technology that would do so would completely negate the point of having encryption in the first place.
When lawmakers try to pass policies like this, it affects everyone, everywhere. No one ever tries to outlaw locks on doors, so why are they trying to outlaw locks on phones? This bill is just another drop in the growing river of animosity towards that which Congress doesn’t really understand.
If the past few years have taught us anything, it’s that encryption should be valued instead of destroyed.