OPIOID SERIES:

Encryption bill draft worries tech community

The tech and privacy community is pushing back against draft legislation that would force companies to provide “technical assistance” to government investigators seeking locked data.

“The proposed policy is misguided and will ultimately lead to increased insecurity rather than increased security,” said Dean Garfield, CEO of the Information Technology Industry Council, which represents major tech players like Apple, Facebook, Google and Microsoft.

ADVERTISEMENT
The measure — from Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrSenators express concerns over Haspel's 'destruction of evidence' Overnight Cybersecurity: US, UK blame Russia for global cyberattacks | Top cyber official leaving White House | Zuckerberg to meet EU digital chief Senators, state officials to meet on election cybersecurity bill MORE (R-N.C.) and ranking member Dianne FeinsteinDianne Emiel FeinsteinSenate panel punts Mueller protection bill to next week Steyer endorses de León in bid to unseat Feinstein Amid struggle for votes, GOP plows ahead with Cabinet picks MORE (D-Calif.) — was was first obtained by The Hill Thursday night.

The lawmakers’ efforts are a response to concerns that criminals and terrorists are increasingly relying on encrypted devices to hide from authorities.

The tech community’s reaction to the draft was not surprising.

While law enforcement has long pressed Congress for such legislation, the tech community and privacy advocates warn that it would undermine security and endanger online privacy.

The draft language did little to assuage these concerns.

“This bill is a clear threat to everyone’s privacy and security,” said Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union.

The measure states that a company must provide “information or data” to the government “in an intelligible format” when served with a court order.

If the company cannot meet this standard, it must offer “technical assistance as is necessary to obtain such information or data,” according to the draft.

Activist groups and privacy advocates on Capitol Hill insist that this language would require companies to create dangerous “backdoors” for secure products.

“This legislation says a company can design what they want their back door to look like, but it would definitely require them to build a back door,” said Sen. Ron WydenRonald (Ron) Lee WydenOvernight Cybersecurity: Senators want info on 'stingray' surveillance in DC | Bills to secure energy infrastructure advance | GOP lawmaker offers cyber deterrence bill Overnight Tech: Alleged robocall kingpin testifies before Congress | What lawmakers learned | Push for new robocall rules | Facebook changes privacy settings ahead of new data law | Time Warner CEO defends AT&T merger at trial Dems give muted praise to Pompeo-Kim meeting MORE (D-Ore.), the Intelligence Committee’s main opponent to the bill.

Forcing computer engineers to maintain a back door to encrypted data is like leaving a key under the mat, these critics say. Hackers will eventually find that key.

“For the first time in America, companies who want to provide their customers with stronger security would not have that choice — they would be required to decide how to weaken their products to make you less safe,” Wyden said.

Apple has used similar arguments to rebuff several FBI court orders seeking the type of “technical assistance” the bill would require.

The tech giant claimed that complying with such requests would create a back door that could expose millions of Apple users to hackers.

The moves have angered numerous lawmakers who blasted the company for stymying legitimate investigations. The high-profile standoffs also helped spur Burr and Feinstein to move on their bill.

The terror attacks in Paris, San Bernardino, Calif., and Brussels only added to the duo’s urgency. Investigators said the believe encryption helped the assailants evade authorities, although little concrete evidence has been produced to validate the claims.

In a joint statement, Burr and Feinstein cautioned that they were still working on the bill. A public draft is expected sometime next week, after President Obama has a chance to review the measure.

“We’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill," the duo said in a joint statement. “We’re still in the process of soliciting input from stakeholders and hope to have final language ready soon.”

The Burr-Feinstein bill likely faces an uphill battle in Congress.

Eleven bipartisan senators have already signed on as co-sponsors to a competing measure from Sen. Mark WarnerMark Robert WarnerHeitkamp becomes first Dem to back Pompeo for secretary of State Dems walk tightrope on Pompeo nomination Amid struggle for votes, GOP plows ahead with Cabinet picks MORE (D-Va.). His bill would establish a national commission to study how police can get at locked data without endangering Americans’ privacy rights.

But Burr and Feinstein both hold considerable clout, and could garner support from national security hawks in Congress, such as Sen. Tom CottonThomas (Tom) Bryant CottonGOP senators raise concerns about babies on Senate floor Dems walk tightrope on Pompeo nomination FCC moves forward with rule aimed at protecting US communications networks MORE (R-Ark.) and Sen. John McCainJohn Sidney McCainHeitkamp becomes first Dem to back Pompeo for secretary of State Senate committee sets Monday vote even as Pompeo appears to lack support Trump checkmates Democrats in sending Pompeo to North Korea MORE (R-Ariz.).