Consumer Technology Association president Gary Shapiro said a new Senate bill mandating government access to encrypted information would eviscerate cybersecurity.
A draft was leaked last week of legislation that would be introduced by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.), the Compliance With Court Orders Act, that would make it clear that communications companies have to provided unencrypted versions of encrypted user information, or help the government unencrypt it, when ordered to by a court.
Speaking at a Media Institute luncheon in Washington, Shapiro said the bill, or at least the draft, "is dangerously overreaching and technically unsophisticated" and would "essentially make effective cybersecurity illegal in the United States."
Shapiro said the bill would enable almost any government agency -- federal, state or local -- to demand encrypted information from ISPs, tech companies or software manufacturers.
Shapiro said the bill would push cybersecurity companies offshore, representing a huge hit on the U.S. economy.
"To be clear, if the government wants the authority to access private data in the interest of national security, investigators should turn to Congress, not industry," he said. "And in the absence of sane and sensible congressional action, Silicon Valley must protect and promote the responsibility tech companies have to their customers. That means making sure their customers’ data is secure. And they should be able to do this without fear of legal reprisal.
"We have to think long term about the benefits and challenges of data sharing," Shapiro added. "Is it better to create software which bad actors will likely obtain and exploit to compromise the security of our phones?"
The bill was prompted in part by the FBI's effort to force Apple to help it access encrypted info on the phone of one of the San Bernardino, Calif., shooters. While the FBI ultimately did not need Apple's help and dropped its court effort to compel that assistance, the government has other cases in which it wants legal help to compel decryption.