This article is more than 1 year old
New law would stop Feds from demanding encryption backdoor
The Secure Data Act has returned and is lookin' for love
US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares.
The bill, known as the Secure Data Act of 2018, was returned to the US House of Representatives by Representative Zoe Lofgren (D-CA) and Thomas Massie (R-KY), with the support of Jerrold Nadler (D-NY), Ted Poe (R-TX), Ted Lieu (D-CA) and Matt Gaetz (R-FL), cosponsors of a past failed version of the bill from 2014 and a similarly ill-fated 2015 successor.
In the US Senate in 2014 and 2015, Sen. Ron Wyden (D-OR) sponsored parallel versions of the bill; a Senate equivalent has yet to be floated for this legislative term.
The Secure Data Act forbids any government agency from demanding that "a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency."
It also prohibits courts from issuing orders to compel access to data.
Covered products include computer hardware, software, or electronic devices made available to the public.
The bill makes an exception for telecom companies, which under the 1994 Communications Assistance for Law Enforcement Act (CALEA) would still have to help law enforcement agencies access their communication networks.
Though not specifically mentioned in the legislative text, this is a bill to protect the integrity of encryption systems.
After the FBI in 2015 faced delays accessing the iPhone used by mass shooter Syed Rizwan Farook, law enforcement officials became more vocal about concerns that encryption can leave investigators in the dark.
Though authorities fought and lost this battle in the early 1990s when they tried to mandate adoption of a backdoored chip, the Clipper Chip, they've not conceded. The argument also came up after the September 11 atrocity but was shot down on practical grounds.
But for the last few years the FBI has been pushing for backdoors again. Last month Ray Ozzie, designer of Lotus Notes and the former CTO of Microsoft, proposed a similar key escrow scheme, reviving hope among backdoor supporters that security and insecurity can safely coexist. Ozzie's ideas have been panned by experts
In a speech on Monday, Attorney General Jeff Sessions said, it is "critical that we deal with the growing encryption or the 'going dark' problem."
Thus backdoor skeptics have returned to do battle again.
"Encryption backdoors put the privacy and security of everyone using these compromised products at risk,” said Lofgren in a statement.
"It is troubling that law enforcement agencies appear to be more interested in compelling US companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services."
Lofgren argues that encryption backdoors represent a demonstrated security risk and that they harm US companies and jobs by making American tech products less secure and thus less competitive on the global market. ®
Biting the hand that feeds IT
