Report: New Feinstein-Burr encryption effort in works

Report: New Feinstein-Burr encryption effort in works
© Getty Images

Legislation from Sens. Dianne FeinsteinDianne Emiel FeinsteinLawmakers feel pressure on guns Feinstein: Trump must urge GOP to pass bump stock ban Florida lawmakers reject motion to consider bill that would ban assault rifles MORE (D-Calif.) and Richard BurrRichard Mauze BurrOvernight Finance: Senate rejects Trump immigration plan | U.S. Bancorp to pay 0M in fines for lacking money laundering protections | Cryptocurrency market overcharges users | Prudential fights to loosen oversight Senators introduce bill to help businesses with trade complaints Our intelligence chiefs just want to tell the truth about national security MORE (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports. 

Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating. 

The Feinstein–Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant.

The bill stated that, if data were encrypted “by a feature, product, or service owned, controlled, created, or provided” by some technology company, that company had to be able to decrypt the data or provide “technical assistance.” 

The new bill, says Sanchez, narrows that focus to encryption “controlled” by a company, striking the words “owned,” “created” and “provided.” The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data. 

The original Feinstein–Burr caused a stir in a tech industry that believes putting “backdoors” into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders.

The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA’s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own. 

These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCainJohn Sidney McCainLawmakers worry about rise of fake video technology Democrats put Dreamers and their party in danger by playing hardball Trump set a good defense budget, but here is how to make it better MORE (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence. 

Sanchez, who opposed the original bill, notes in the blog that the second bill is “[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.”