SPONSORED:

Report: New Feinstein-Burr encryption effort in works

Report: New Feinstein-Burr encryption effort in works
© Getty Images

Legislation from Sens. Dianne FeinsteinDianne Emiel FeinsteinCaitlyn Jenner exploring bid for California governor: report WokeWorld comes for 'oppressor' Obama: Activists rip school being named after 'deporter in chief' Senators press for answers in Space Command move decision MORE (D-Calif.) and Richard BurrRichard Mauze BurrNorth Carolina mayor Rett Newton launches Senate bid Democratic hopeful Jeff Jackson raises .3M for North Carolina Senate bid Rick Scott 'very optimistic' Grassley will run for another term MORE (R-N.C.) meant to curb the use of encryption rendering data unable to be accessed by law enforcement is being revived, a security blog reports. 

Julian Sanchez, a Cato Institute fellow who co-edits the Just Security blog, says he has seen a moderately rewritten version of the Compliance with Court Orders Act that the senators have been circulating. 

ADVERTISEMENT

The Feinstein–Burr legislation as introduced in April was intended to make sure law enforcement and intelligence agencies could read encrypted data with a warrant.

The bill stated that, if data were encrypted “by a feature, product, or service owned, controlled, created, or provided” by some technology company, that company had to be able to decrypt the data or provide “technical assistance.” 

The new bill, says Sanchez, narrows that focus to encryption “controlled” by a company, striking the words “owned,” “created” and “provided.” The bill exempts critical infrastructure and no longer applies to intelligence agencies or the military. It also says companies only have to give reasonable efforts to decrypt data. 

The original Feinstein–Burr caused a stir in a tech industry that believes putting “backdoors” into encryption fundamentally makes all data vulnerable, including all internet commerce. Online banking, for example, encrypts data as it goes from customer to bank and back to prevent eavesdropping criminals from stealing passwords or altering transfer orders.

The computer security community consensus is that there is no way to provide a backdoor securely because it adds a new key that can be stolen; many note that extremely sensitive NSA cyberweapons were hacked despite the NSA’s strength in protecting leaks. It also makes computer code more complex in ways that increase the odds hackers might find ways to break the encryption on their own. 

These concerns, paired with an unenthusiastic public, ultimately torpedoed the bill. But many high-profile legislators, including Burr, Feinstein and Sen. John McCainJohn Sidney McCainColbert mocks Gaetz after Trump denies he asked for a pardon Five reasons why US faces chronic crisis at border Meghan McCain calls on Gaetz to resign MORE (R-Ariz.), argue that without some compromise, law enforcement will be unable to retrieve valuable evidence. 

Sanchez, who opposed the original bill, notes in the blog that the second bill is “[p]otentially a good deal narrower than the original version of the bill, and therefore not subject to all the same objections that [the first] met with. Still a pretty bad idea.”