June 24, 2020
Yesterday Senators Graham, Cotton, and Blackburn introduced the Lawful Access to Encrypted Data Act, yet another attempt to force service providers and device manufacturers to provide backdoor access to their users’ encrypted information. What Senator Graham describes as “a balanced solution” is just the same recycled attack on individual privacy and security that we have seen for decades. The concept that there is a way to undermine encryption to investigate “the terrorists and criminals” while still “[protecting] the privacy rights of law-abiding Americans” is a fallacy.
The bill is a comprehensive assault on encryption, and would amend statutes ranging from the Wiretap Act to the Communications Assistance for Law Enforcement Act (CALEA) to the Foreign Intelligence Surveillance Act (FISA). Requiring service providers and device manufacturers to be able to decrypt any user information upon request means that these companies cannot implement effective security features to protect their customers, and are forced to design substandard products that put everyone’s privacy and security at risk. Everyone who uses a smartphone or communicates with family and friends over chat services like WhatsApp benefits from strong encryption, but if this bill becomes law, they would no longer be able to trust that these communications were secure. Millions of ordinary people could have their privacy violated, and the actual criminals could simply use one of the many other encryption tools not provided by one of the U.S. providers that would be covered by this misguided bill.
The following quote can be attributed to Andi Wilson Thompson, senior policy analyst at New America’s Open Technology Institute:
"The requirements that the Lawful Access to Encrypted Data Act would impose upon companies would undermine the security and privacy of ordinary people while the real targets of criminal investigations could just migrate to new encrypted services. This bill would ensure that companies that provide products and services used by millions in the United States have to offer weaker encryption technology, putting all of their users at risk. The idea that an exceptional access backdoor can safely be developed solely for government use has been debunked over and over again by experts, including former senior members of the U.S. Justice Department. This bill is just another attack on encryption, and trying to portray it as a ‘balanced solution’ that could protect privacy is just an attempt to distract from its true intent. It is also shocking that senators would push forward a bill that threatens strong encryption during an ongoing pandemic that has caused our entire society and economy to rely on secure internet communications, online banking and commerce, and so much more, to function.”