This post was originally published on July 2, 2020.
Following the introduction of the EARN IT bill in the U.S. Senate in March—a bipartisan legislation that sought to impose government-mandated “best practices” on social media and instant messaging apps, U.S. Republicans have doubled down on their desire to hold tech companies accountable for the behavior of their users.
On Tuesday, Senators Lindsey Graham, Tom Cotton, and Marsha Blackburn introduced the “Lawful Access to Encrypted Data Act” which, if passed into law, would force device manufacturers and service providers (such as Apple, Google, Facebook, Twitter, and more) to “assist law enforcement with accessing encrypted data.”
[Keep up with the latest in privacy and security. Sign up for the ExpressVPN blog newsletter.]
However, the government would not be able to request data willy-nilly. The law would only come into effect after a warrant for the data is issued by a U.S. court, based on probable cause that a crime has occurred.
Encryption and the U.S. government: a tetchy history
One of the thorniest issues among a long list of grievances that the current U.S. administration has with tech companies is the hands-off approach they have when it comes to assisting law enforcement.
The bill itself mentions five instances where criminals relied on end-to-end encryption to communicate with their handlers or carry out their dirty work. Once identified, the tech companies in question refrained from assisting law enforcement with their investigation, saying that the data’s encrypted nature prevented them from doing so.
The FBI, for example, has officially requested Apple’s help on at least two occasions. The first after the 2016 San Bernardino shooting, and most recently after the shooting at Pensacola Naval Air Station in Florida. Both times, however, Apple declined to comply with the request of enabling a “back door”, saying it would compromise the individual security and privacy of millions of users.
Tim Cook even wrote a public letter outlining Apple’s decision to build encryption backdoors, saying that the long-term implications of this decision were “chilling” and that “the government could […] demand that Apple build surveillance software to intercept your messages […] track your location, or even access your phone’s microphone without your knowledge.”
Other tech CEOs have also spoken up against building encryption backdoors, arguing that it imperils fundamental freedoms and is a violation of constitutional rights.
At a time when cyberthreats from criminals, hackers, and nation states are on the rise, our nation's leaders should not be calling on companies to weaken the encryption that allows us all to communicate privately and securely.https://t.co/hEnd0Oba69
— Will Cathcart (@wcathcart) June 24, 2020
The Lawful Access to Encrypted Data Act makes no mention of the previously-introduced EARN IT bill, but it’s clear that both pieces of legislation attempt to compel tech companies to bow to the will of the U.S. government.
For its part, the Lawful Access to Encrypted Data Act doesn’t specify weakening encryption either, noting that the Attorney General doesn’t have the mandate to specify what technical steps providers must take to implement the data-scraping requirements.
However, the Attorney General is allowed to specify a timeline for implementation, ostensibly to prevent companies from dragging their feet on the matter. To make things worse, the Act proposes the creation of a hybrid bounty program, giving third-parties financial incentives to extract encrypted data following a request from U.S. agencies.
In short, if the tech companies won’t build a backdoor, the U.S. government will pay hackers top dollar to use whatever means necessary to get the data for them.
Israeli firm Cellebrite reportedly assisted the FBI in hacking into the San Bernardino shooter’s iPhone, and the Act may spur further innovation in this field.
William Barr, the current U.S. Attorney General, is a big advocate for clipping the wings of tech companies and has repeatedly asked for encryption backdoors to be hardcoded into devices and apps.
In a statement, he said, “Passing legislation that allows warrant access to encrypted data will allow law enforcement to further provide for the safety and security of the American people. I applaud Chairman Graham and Senators Cotton and Blackburn for introducing the first-ever bill to address this issue.”