Why Silicon Valley is worried about the new Senate encryption bill

Senator Diane Feinstein may represent Silicon Valley in Washington, DC, but on the contentious issues surrounding law enforcement access to data, she seems to be out of step with some of the big technology companies.

This week, Feinstein, the vice chairwoman of the Senate Intelligence Committee, and committee chairman Richard Burr of North Carolina, released a first draft of legislation aimed at compelling companies to turn over data to the government in an “intelligible format” whenever they are ordered to do so by a court.

Called the Compliance With Court Orders Act of 2016, the bill is already drawing criticism from the tech lobby, and at least one Senator who has promised to block the bill from going forward.

The Internet Association, which represents companies including Google, Dropbox, Facebook, Twitter and other internet giants, blasted the proposal by saying it “creates a mandate that companies engineer vulnerabilities into their products and services.”

Feinstein and Burr’s draft bill says companies handling communications should protect consumers’ private data through “appropriate data security,” while respecting the “rule of law” and “comply[ing] with all legal requirements and court orders.”

That’s a contradiction, according to some Silicon Valley companies: securing data means using strong encryption, and unscrambling encrypted data under a court’s order would only weaken that security by creating a “backdoor.”

Complying with court orders to turn over data in intelligible format, even when that data has been encrypted, was exactly the problem when Apple refused to obey a judge’s order to provide technical assistance to help the FBI unlock an iPhone at the center of a terrorism investigation.

The weeks-long standoff only ended when the US government dropped its case after the FBI said it was able to hack into iPhone without Apple’s help.

FBI Director James Comey has said in a Congressional hearing on encryption and in recent speeches, that the smart people who brought us great products like the iPhone should be able to come up with a solution to the problem of keeping data secure, yet still accessible to law enforcement.

In the recent iPhone case, however, the technical solution ordered by the court would have forced Apple to create a special version of the phone’s software that would allow law enforcement to make unlimited guesses to break the security passcode.

Apple said in court filings that creating such software would be a burden to Apple, taking dozens of Apple engineers weeks to do, at considerable cost.

Feinstein and Burr’s proposed legislation includes a provision that the companies affected by court orders to provide technical assistance would be compensated for “such costs as are reasonably necessary.”

This is why the legislation is causing concern in the tech community.

While consumers want to buy technology with the best security possible, if passed in its current form, this bill could put the US government in the business of paying tech companies to break the security of their own products.

Follow @JohnZorabedian

Follow @NakedSecurity

Image of pillars of law and order courtesy of Shutterstock.com.


[contentblock id=71 img=gcb.png]


CEO, Author of the #1 Risk to Small Businesses

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}