Report: New Feinstein-Burr encryption effort in works

Report: New Feinstein-Burr encryption effort in works
© Getty Images

Legislation from Sens. Dianne FeinsteinDianne Emiel FeinsteinTrump administration urges Congress to reauthorize NSA surveillance program The Hill's Morning Report - More talk on guns; many questions on Epstein's death Juan Williams: We need a backlash against Big Tech MORE (D-Calif.) and Richard BurrRichard Mauze BurrHoekstra emerges as favorite for top intelligence post Trump casts uncertainty over top intelligence role Trump withdraws Ratcliffe as Intelligence pick MORE (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports. 

Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating. 

ADVERTISEMENT

The Feinstein–Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant.

The bill stated that, if data were encrypted “by a feature, product, or service owned, controlled, created, or provided” by some technology company, that company had to be able to decrypt the data or provide “technical assistance.” 

The new bill, says Sanchez, narrows that focus to encryption “controlled” by a company, striking the words “owned,” “created” and “provided.” The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data. 

The original Feinstein–Burr caused a stir in a tech industry that believes putting “backdoors” into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders.

The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA’s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own. 

These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCainJohn Sidney McCainFighter pilot vs. astronaut match-up in Arizona could determine control of Senate The Hill's Morning Report — Recession fears climb and markets dive — now what? Trump makes rare trip to Clinton state, hoping to win back New Hampshire MORE (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence. 

Sanchez, who opposed the original bill, notes in the blog that the second bill is “[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.”