GOP senators introduce bill that would create a backdoor for encryption


Senate Judiciary Chairman Lindsey Graham, (R-SC)., speaks at a news conference proposing legislation to issues regarding the southern border on May 15, 2019 in Washington, DC.

Anna Moneymaker | Getty Images

A group of Republican senators introduced a bill Tuesday that would weaken the lawful use of encryption so law enforcement officials could gain access to devices and communication services with a warrant.

The tech industry has fought to maintain the integrity of encryption, which prevents even the companies that make the devices or platforms from being able to access their contents. Encrypted services only let the sender and recipient see messages. Law enforcement officials have insisted that they must have some way to access encrypted platforms and devices when investigating crimes. But industry leaders have warned that any system requiring a “backdoor” to encryption would undermine the privacy protections altogether.

The Lawful Access to Encrypted Data Act, introduced by Senate Judiciary Chairman Lindsey Graham, R-S.C., and Sens. Tom Cotton, R-Ark., and Marsha Blackburn, R-Tenn., would require tech companies to assist law enforcement to access their encrypted devices and services when officials obtain a court-issued warrant based on probable cause that a crime has occurred.

The bill would also empower the Attorney General to direct service providers and device manufacturers to report their ability to comply with the warrant and how long it would take to do so. The Attorney General cannot direct companies to take specific technical steps and the firms could appeal the directives in federal court. The government would also be required to compensate the firms for “reasonable costs” taken on while complying with the directive, according to a press release.

While the bill does not call for an end to encryption technology outright, tech firms like Apple have argued there is no way for “lawful access” to occur that would not break the security provided by encryption for all users.

Law enforcement concerns with encryption reached the public consciousness in 2015, when Apple clashed with the Federal Bureau of Investigation by refusing to help unlock a shooter’s iPhone in an attack in San Bernadino, Calif.

More recently, the FBI and Department of Justice under William Barr have taken aim at Facebook, which revealed plans to integrate its three messaging services and make them all end-to-end encrypted. Facebook has played an integral role in law enforcement’s efforts to detect and track down child predators. Law enforcement has feared that the new encryption push will further endanger children that will continue to be exploited with fewer ways to track them down.

Last year, Barr asked Facebook to postpone its encryption plans and create a way for law enforcement to access illegal content. In response, Facebook executives wrote, “It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it.”

Law enforcement officials have argued it’s gotten harder to access encrypted content. At a December hearing in front of the Senate Judiciary Committee, Manhattan District Attorney Cyrus Vance testified that breaking into encrypted devices has been harder to do since Apple released its iOS 8 in 2014 with greater security features.  

Still, in many cases, law enforcement has been able to break encryption technology on their own or with the help of third parties. That was the case in 2015 with the San Bernadino shooter’s phone, for example. Vance testified last year that his office is able to unlock about half of Apple devices it obtains in criminal investigations with the help of third-party vendors, but said that work could be “cost-prohibitive.”

The bill would install new incentives for tech companies to come up with innovative ways to provide “lawful access” to encrypted devices and services. It would direct the Attorney General to create a prize competition for lawful access solutions that operate in encrypted environments while maximizing privacy and security. It would also fund a grant program at the DOJ to train law enforcement on digital evidence and set up a call center to assist during investigations.

The new bill fulfill’s a promise Graham made to Apple and Facebook representatives at the 2019 hearing. 

“You’re going to find a way to do this or we’re going to do this for you,” he said at the time.

Graham has also introduced the “EARN IT Act” with Sen. Richard Blumenthal, D-Conn., which tech advocates have criticized as a thinly veiled way to undermine encryption, an argument the senators have disputed. The bill aims to revise Section 230 of the Communications Decency Act that shields online platforms from liability for their users posts. Rather that grant a blanket protection, the bill would require companies to “earn it” by certifying compliance with a set of best practices for detecting and reporting child sexual exploitation materials. The bill is slated for a markup on Thursday.

Subscribe to CNBC on YouTube.

WATCH: Why the U.S. government is questioning your online privacy


Source link