Government would be barred from mandating crypto backdoors under House bill
A bipartisan group of House lawmakers on Thursday reintroduced legislation that would bar the government from mandating “backdoors” — configurations that enable surveillance — in commercial software and hardware products.
The move is the latest salvo in a long-running legislative fight over law enforcement access to encrypted communications, and it comes after a Senate committee recently sought input from big technology firms on regulating encryption. Law enforcement officials say encryption has hampered investigations by preventing access to suspects’ communications, while cryptographers warn that weakening encryption could greatly undercut digital security for everyday people.
“It is troubling that law enforcement agencies appear to be more interested in compelling U.S. companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services,” Rep. Zoe Lofgren, D-Calif., one of the bill’s sponsors, said in a statement. She introduced the bill in 2014 and has repeatedly sounded the alarm on backdoors since.
The Secure Data Act would prohibit agencies from mandating or requesting a “manufacturer, developer, or seller of covered products [to] design or alter the security functions in its product or service to allow” for surveillance. The bill would exempt surveillance authorized by the Communications Assistance for Law Enforcement Act.
“Backdoors in otherwise secure products make Americans’ data less safe, and they compromise the desirability of American goods overseas,” Rep. Thomas Massie, R-Ky., a co-sponsor of the bill, said in a statement.
Other sponsors of the bill include Democratic Reps. Ted Lieu of California and Jerrold Nadler of New York, and Republican Reps. Matt Gaetz of Florida and Ted Poe of Texas.
The bill’s sponsors were part of a group of lawmakers that wrote to FBI Director Christopher Wray last month slamming the FBI’s handling of the San Bernardino shooter’s locked iPhone, a landmark case in the encryption battle. The lawmakers said the bureau’s claim that it couldn’t bypass encryption on some 7,800 devices last year seemed “highly questionable.”
More than two years after the San Bernardino terrorist attack, the legislative tussle over encryption grinds onward.
On Monday, Attorney General Jeff Sessions said that Congress may need to “take action” on the obstacle he said encryption poses to law enforcement investigations. “That’s why we are working with stakeholders in the private sector, in law enforcement, and in Congress to find a solution to this problem,” Sessions told a group of state investigators, according to his prepared remarks.
CyberScoop reported last month that staffers on the Senate Judiciary Committee have been conferring with representatives of U.S. tech firms for ideas on another potential bill to regulate encryption.
