Report: New Feinstein-Burr encryption effort in works

Report: New Feinstein-Burr encryption effort in works
© Getty Images

Legislation from Sens. Dianne FeinsteinDianne Emiel FeinsteinSenate GOP breaks record on confirming Trump picks for key court Deal to fix family separations hits snag in the Senate Election Countdown: Senate, House Dems build cash advantage | 2020 Dems slam Trump over Putin presser | Trump has M in war chest | Republican blasts parents for donating to rival | Ocasio-Cortez, Sanders to campaign in Kansas MORE (D-Calif.) and Richard BurrRichard Mauze BurrCongress should build upon the ABLE Act, giving more Americans with disabilities access to financial tools Christine Todd Whitman: Trump should step down over Putin press conference GOP lambasts Trump over performance in Helsinki MORE (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports. 

Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating. 

The Feinstein–Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant.

The bill stated that, if data were encrypted “by a feature, product, or service owned, controlled, created, or provided” by some technology company, that company had to be able to decrypt the data or provide “technical assistance.” 

The new bill, says Sanchez, narrows that focus to encryption “controlled” by a company, striking the words “owned,” “created” and “provided.” The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data. 

The original Feinstein–Burr caused a stir in a tech industry that believes putting “backdoors” into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders.

The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA’s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own. 

These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCainJohn Sidney McCainEx-Montenegro leader fires back at Trump: ‘Strangest president' in history McCain: Trump plays into 'Putin's hands' by attacking Montenegro, questioning NATO obligations Joe Lieberman urges voters to back Crowley over Ocasio-Cortez in general MORE (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence. 

Sanchez, who opposed the original bill, notes in the blog that the second bill is “[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.”