Lawmakers just took the first step in forcing tech companies to hand over your encrypted data.
Senators Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) introduced a bill on Wednesday that aims to weaken encryption, thus endangering all of your messages and personal data.
The “Compliance with Court Orders Act of 2016” — which was leaked late last week, but officially released Wednesday — requires tech companies, or really any company or person involved in processing or storing data, to provide a way to access that data if the government asks for it via court order.
“This is an insane, dangerous bill that would make it very hard for US companies to offer communication products,”Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, told Tech Insider. “This bill, essentially, bans a number of modern security things that we value on the internet and on the web and it basically makes it impossible to offer end-to-end encryption.”
End-to-end encryption is a security technology that ensures only the people communicating are capable of reading the messages. Each person has a key on the endpoint device that makes it so they are the only ones who can unlock that message.
For example, whenever you send an iMessage and they are blue that means they are fully encrypted and those communications can only be viewed on the sending and receiving device.
If the bill became law, tech companies would either have to disable end-to-end encryption or they would have to build a work around in their software, which is often referred to as a backdoor, that would enable them to gain access to their customers’ data.
Completely disabling the encryption would not work because it would leave customers data exposed. But building a backdoor is also a dangerous solution because there’s no guarantee that only authorised people will use that backdoor to gain access to the data. Bad guys could also use the workaround to get to your data.
This was the argument that Apple made when the FBI asked for its help unlocking the iPhone belonging to one of the suspected shooters in the San Bernadino terrorist attack.
Not surprisingly, many tech giants are not in favour of the bill.
Reform Government Surveillance, which is an advocacy group made up of several tech companies including Google, Twitter, and Facebook, said in a statement shared by Google that while members respond to lawful requests for data, they have been “consistently opposed government mandated vulnerabilities that would weaken strong encryption systems.”
Michael Beckerman, President and CEO of the Internet Association, which is a lobbying group of which Facebook is a member, said in a statement on the group’s site that the legislation creates a mandate for tech companies that would actually harm national security and ultimately put Americans at risk.
What’s more, though, such a law has the potential to threaten democracy as a whole in the US, Lorenzo said.
“What it comes down to is to what extent can normal people keep hard secrets? To what extent can the average user keep secrets from the government? That’s what is at stake here,” Lorenzo said.
“If we are never allowed to do that again, then we are going to start looking a lot like more like a Big Brother, sort of Chinese, very paternalistic society here in the US, and I don’t think that is anybody wants to go.”