Last Sunday, Sen. Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Sponsored by Campaign for Tobacco-Free Kids — Trump issues order to bring transparency to health care prices | Fight over billions in ObamaCare payments heads to Supreme Court Senate set to bypass Iran fight amid growing tensions Overnight Defense: House passes T spending package with defense funds | Senate set to vote on blocking Saudi arms sales | UN nominee defends climate change record MORE (D-Ore.) wrote an op-ed describing the role that U.S. law enforcement should play in fostering stronger data encryption to make information technology (IT) systems more secure.  This op-ed explains Wyden’s introduction of the the Secure Data Act, which would prohibit the government from mandating that U.S. companies build “backdoors” in their products for the purpose of surveillance. This legislation responds directly to recent comments by U.S. officials, most notably the Federal Bureau of Investigation (FBI) Director James Comey, chastising Apple and Google for creating encrypted devices to which law enforcement cannot gain access. Comey and others have argued that U.S. tech companies should design a way for law enforcement officials to access consumer data stored on those devices. In this environment, the Secure Data Act is a homerun for security and privacy and is a good step towards reasserting U.S. competitiveness in building secure systems for a global market. 


By adopting its position on the issue the FBI is working against its own goal of preventing cybercrime as well as broader government efforts to improve cybersecurity. Just a few years ago, the Bureau was counseling people to better encrypt their data to safeguard it from hackers. Creating backdoor access for law enforcement fundamentally weakens IT systems because it creates a new pathway for malicious hackers, foreign governments, and other unauthorized parties to gain illicit access. Requiring backdoors is a step backwards for companies actively working to eliminate security vulnerabilities in their products. In this way, security is a lot like a ship at sea, the more holes you put in the system—government mandated or not—the faster it will sink. The better solution is to patch up all the holes in the system and work to prevent any new ones. Rather than decreasing security to suit its appetite for surveillance, the FBI should recognize that better security is needed to bolster U.S. defenses against online threats. 

The Secure Data Act is an important step in that direction because it will stop U.S. law enforcement agencies from requiring companies to introduce vulnerabilities in their products. If this bill is enacted, law enforcement will be forced to use other means to solve crimes, such as by using metadata from cellular providers, call records, text messages, and even old-fashioned detective work. This will also allow U.S. tech companies, with the help of law enforcement, to continue to strengthen their systems, better detect intrusions, and identify emerging threats. Law enforcement, such as the recently announced U.S. Department of Justice Cybersecurity Unit—a unit designed solely to “deter, investigate, and prosecute cyber criminals,” should work in cooperation with the private sector to create a safer environment online. A change of course is also necessary to restore the ability of U.S. tech companies to compete globally, where mistrust has run rampant following the revelations of mass government surveillance. 

With the 113th Congress at an end, Wyden has promised to reintroduce the Data Secure Act again in the next Congress. Congress should move expediently to advance Senator Wyden’s bill to promote security and privacy in U.S. devices and software. Furthermore, as Congress marks up the legislation and considers amendments, it should restrict not just government access to devices, but also government control of those devices. These efforts will move the efforts of our law enforcement agencies away from creating cyber vulnerabilities and allow electronics manufacturers to produce the most secure devices imaginable. 


McQuinn is a research assistant with the Information Technology and Innovation Foundation (ITIF).