Legislation from Sens. Dianne FeinsteinDianne Emiel FeinsteinOvernight Energy & Environment — Starting from 'scratch' on climate, spending bill Senate panel advances bill blocking tech giants from favoring own products Eight senators ask Biden to reverse course on Trump-era solar tariffs MORE (D-Calif.) and Richard BurrRichard Mauze BurrOvernight Health Care — Senators unveil pandemic prep overhaul Bipartisan senators unveil bill to improve pandemic preparedness These Senate seats are up for election in 2022 MORE (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports.
Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating.
The Feinstein–Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant.
The bill stated that, if data were encrypted “by a feature, product, or service owned, controlled, created, or provided” by some technology company, that company had to be able to decrypt the data or provide “technical assistance.”
The new bill, says Sanchez, narrows that focus to encryption “controlled” by a company, striking the words “owned,” “created” and “provided.” The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data.
The original Feinstein–Burr caused a stir in a tech industry that believes putting “backdoors” into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders.
The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA’s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own.
These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCainJohn Sidney McCainBiden's year two won't be about bipartisanship Biden: A good coach knows when to change up the team These Senate seats are up for election in 2022 MORE (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence.
Sanchez, who opposed the original bill, notes in the blog that the second bill is “[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.”