Feinstein-Burr's bonkers backdoor crypto law is dead in the water
US senators' bill won't make it to the floor of Congress
A proposed piece of US legislation that would have required American tech companies to cripple the encryption in their products is dead in the water.
The daft bill was championed by Senators Richard Burr (R‑NC) and Dianne Feinstein (D‑CA) in February following an increasingly rancorous debate over encryption, and at one point it looked likely to make it into law. Just last month, Senator Ron Wyden said he was planning to filibuster it.
But this week, it became clear that the proposed law – which would, essentially, require engineers to make their encryption reversible for investigators – will not make it to the Senate floor. Which is good because it was so poorly written, it could have banned image compression among other things.
In many respects, the public fight between the FBI and Apple has been the deciding factor. Despite having been set back a number of times, the FBI used the shootings in San Bernardino, from a couple who associated themselves with the Islamic State, as the start point for a renewed campaign to be given access to encrypted phone data.
The FBI clearly did not expect Apple to come out as forcefully as it did in opposition to a court order demanding that the company find a way around its software security. Even with Apple's opposition, the FBI felt certain that the terrorism aspect to the case would win people around – and with politicians backing the FBI and public opinion narrowly in its favor, the FBI looked like it might win.
But then came a decision against its use of the 1789 All Writs Act by a New York magistrate, a tech sector that largely rallied behind Apple, and suddenly the FBI was faced with the prospect of losing its universal legal precedent in the form of the All Writs Act – something that it wants intact to be able to use in all sorts of other cases in future. Rather than face that, it blinked and withdrew the case, saying it had found another way into the iPhone at the center of the case.
Done and done
When the FBI blinked again in a separate but related case, the tower of cards came down. And brought Burr and Feinstein's bill with it.
Last month, the White House walked away. An early draft was leaked, allowing for broader public review of the proposed legislation: it never recovered from the onslaught of criticism (ours included). Among other things, the poorly drafted bill would have effectively outlawed file compression.
The bill did not receive backing from other security services, concerned that it would interfere with their own work for little or no gain, and criticism of the FBI's approach started to build.
The result was that other members of the intelligence committee – through which Burr and Feinstein proposed the bill – started distancing themselves. And with that, other members of Congress walked away.
Burr and Feinstein continued to insist up to this week that the legislation would be forthcoming. Feinstein – who represents California, where most of the companies that would be impacted are based – said she was talking more with relevant stakeholders. But even she admitted Friday that the bill was not going to make it out of committee. It is dead.
Not that the issue is going to go away for long.
Both the FBI and Apple have agreed that with such a significant issue as access to billions of people's data on the table, a few extreme lawsuits is not the best way to find a workable compromise.
Pretty much everyone agrees that where the line is drawn – and how it is drawn – is something Congress has to tackle. And tackle in the way that democratic institutions are supposed to do it: through widespread public consultation, the inclusion of all relevant parties, and the considered views of experts.
Whether the elections later this year will produce a Congress that is less dysfunctional and so able to get back to the complex business of writing laws, we will have to see.
But as with other poorly thought-out, badly drafted and technologically ignorant legislative efforts such as SOPA and PIPA, the Compliance with Court Orders Act of 2016 has died. For good reason. Good riddance. ®