April 8, 2016
Last night, a discussion draft of the long-awaited anti-encryption bill from Senate Intelligence Committee Chairman Senator Burr, and Ranking Member Senator Feinstein was leaked online. The bill requires that any provider of electronic communications, storage, or processing service, or any software or hardware manufacturer, be able to decrypt any encrypted data of its users when the government demands that data with a court order.
The following can be attributed to Kevin Bankston, Director of New America’s Open Technology Institute:
This leaked draft of the upcoming Feinstein-Burr bill instructs every tech vendor in America to use either backdoored encryption or no encryption at all, even though practically every security expert in the country would tell you that means laying down our arms in the constant fight to secure or data against thieves, hackers, and spies. This bill would not only be surrendering America’s cybersecurity but also its tech economy, as foreign competitors would continue to offer—and bad guys would still be able to easily use!—more secure products and services. The fact that this lose-lose proposal is coming from the leaders of our Senate’s intelligence committee, when former heads of the NSA, DHS, the CIA and more are all saying that we are more secure with strong encryption than without it, would be embarrassing if it weren’t so frightening.
Not only does this bill undermine our security, it is also a massive Internet censorship bill, demanding that online platforms like Apple’s App Store and the Google Play Store police their platforms to stop the distribution of secure apps. Of course, just as the bill fails to explain how security engineers are supposed to keep our data secure while also making it completely available to the government on request, it also offers no clue as to how online providers are supposed to comprehensively audit and censor every app on the Internet. In other words, this draft bill—which reflects no understanding at all of computers, the Internet, or digital security in general—demands that tech companies do the impossible. Considering that the White House reportedly won’t endorse this bill, the Senate Majority Leader seems uninterested in moving it, the House of Representatives would never pass anything like it, and the Internet community will oppose it with everything it’s got, this bill might as well be named the DOA Act, because it is certainly dead-on-arrival as currently written. Indeed, I can say without exaggeration that this draft bill is the most ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century so far.