Washington — A Senate bill introduced last week in reaction — some might argue overreaction — to the government’s battle with Apple over access to encrypted communications would force communications companies to comply with court orders to help unlock that information.
The National Cable & Telecommunications Association had no comment last week, and the American Cable Association was reviewing the draft. But the Consumer Technology Association — the bill would affect device makers as well — was not happy and let it be known, and privacy groups were equally harsh in their criticism.
“[R]equiring American companies to guarantee U.S. government access to encrypted communications upon receiving a court order is premature and potentially damaging,” CTA president Gary Shapiro said.
Sens. Dianne Feinstein (D-Calif.) and Richard Burr (RN. C.) introduced the bill, the Compliance With Court Orders Act, which would make it clear that communications companies must provide unencrypted versions of encrypted user information, or help the government unencrypt such data, when ordered to do so by a court.
Burr and Feinstein are chairman and vice chairman, respectively, of the Senate Intelligence Committee.
DUE PROCESS OBJECTION
The bill would only apply if the target of the order, or a third party on its behalf, had done the encryption. If the communications company provides technical assistance in decoding the data, it would be compensated for reasonable and necessary costs, but that hardly seemed an inducement to what Shapiro saw as giving up a Constitutional right.
“Eliminating the ability to appeal a court order would remove a basic and fundamental due-process right,” he said in reaction to a leaked draft of the bill.
The bill would not authorize the government to require or prohibit any type of operating system, which means the measure could not prevent encryption, but it would require companies to be able to defeat their own encryption to be able to make the information available.
The bill follows the privacy vs. security tug-of-war between Apple and the FBI and, more broadly, among privacy groups, communications and tech companies and government, over accessing the phone of Syed Farook, one of two shooters killed by police following the Dec. 2, 2015, terrorist attack on the Inland Regional Center in San Bernadino, Calif. A cable industry source said the bill would likely apply to cable companies, too.
The FBI got a court order compelling Apple to help it access encrypted information on Farook’s iPhone, but Apple did not comply and fought the order. The FBI ultimately got the information without Apple’s help, so the company wound up not having to comply by default and the agency withdrew its request.
“All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders,” the legislation said.
The bill did not sit well with privacy advocates, who slammed the draft.
“This leaked draft of the upcoming Feinstein-Burr bill instructs every tech vendor in America to use either back-doored encryption or no encryption at all, even though practically every security expert in the country would tell you that means laying down our arms in the constant fight to secure our data against thieves, hackers, and spies,” Kevin Bankston, director of New America’s Open Technology Institute, said. “This bill would not only be surrendering America’s cybersecurity but also its tech economy, as foreign competitors would continue to offer — and bad guys would still be able to easily use — more secure products and services.” Neema Singh Guliani, legislative counsel with the American Civil Liberties Union, added: “This bill is a clear threat to everyone’s privacy and security. Instead of heeding the warnings of experts, the senators have written a bill that ignores economic, security, and technical reality. It would force companies to deliberately weaken the security of their products by providing back doors into the devices and services that everyone relies on.”
The Information Technology & Innovation Foundation said the bill would put communications companies in an untenable position. “While companies should comply with lawful requests, it is simply not possible for a company to do so when the customer controls the only keys used to encrypt the data,” the ITIF said. “In short, this bill sets up a legal paradox that would further muddy the waters about how and when the government can compel the private sector to assist in gaining access to private information.”
Free Press Action Fund policy counsel Gaurav Laroia said: “The leaked draft shows that the Compliance with Court Orders Act of 2016 would undermine any technology that helps secure people’s private communications. It’s a massive overreach by Senators Burr and Feinstein, who appear to have forgotten the rights guaranteed to Americans under the Constitution.”
Linda Moore, president of TechNet, said, “This legislation could establish standards that force companies to eliminate security features that may be exploited by others who do not share law enforcement’s good intentions.”
HOUSE SETS APRIL 19 HEARING
Separately last week, the House Energy & Commerce Committee’s Oversight subcommittee signaled it would be weighing into the issue, scheduling a hearing April 19 titled, “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives.”
A bipartisan encryption working group has also been created in association with the House Judiciary Committee to look at the legal ramifications.
“There’s a delicate balance between the need for strong, secure, and effective encryption and solutions that permit law enforcement to protect the American people,” House Energy and Commerce Committee chairman Fred Upton (R-Mich.) said.
