Three Republican senators, who have never showed that they understand how encryption works, have now introduced a bill that would force tech companies to break their own encryption when asked by a judge.
Sen. Lindsey Graham (R-South Carolina), Sen. Tom Cotton (R-Arkansas), and Sen. Marsha Blackburn (R-Tennessee), introduced the Lawful Access to Encrypted Data Act, the first bill in years that attempts to make it easier for cops and feds to access data encrypted on a phone, or end-to-end encrypted messages exchanged through apps like Signal, iMessage, or WhatsApp.
“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations,” Graham was quoted as saying in the press release announcing the bill.
While the senators do name a few instances in which encryption made it harder for the cops to investigate shootings and organized crime, they also chose the well-trodden path of waving their arms and scream about terrorism and protecting children, while blaming tech companies for not doing enough. As a Motherboard investigation in March showed, law enforcement agencies around the country have had varying degrees of success in trying to access evidence from locked iPhones seized from criminal suspects.
Do you work or did you use to work in Congress on encryption and cybersecurity issues? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
A law that would force tech companies to access encrypted data might help law enforcement in some situations, but as cybersecurity and encryption experts have explained for years, the same access would jeopardize the privacy of all users.
It’s unclear how many real chances this bill has to pass, but privacy experts are already slamming it.
“It's bananas given the current state of affairs to think that only criminals and terrorists use encryption, or that the billions of people that out protects everyday are less important than acute crime that affects small numbers of people,” said Joseph Lorenzo Hall, a technologist that works at the Internet Society and has long followed the encryption debate.
Andrew Crocker, a senioor staff attorney at the civil liberties organization the Electronic Frontier Foundation said in an email that "this bill is simply blind to reality."
"It is blind to the fact that as millions of us march in the streets and shelter in place, we've never been more dependent on secure communications and devices," Crocker continued. "It is blind to the expert consensus that there is no way to provide access to securely encrypted data without a backdoor, something that legislating a prize for a magical solution cannot change. And it is blind to public opinion."
Spokespeople for Graham, Cotton, and Blackburn did not respond to a request for comment.
The bill would authorize a court, in support of a search warrant to “order a device manufacturer, an operating system provider, a provider of remote computing service, or another person to furnish all information, facilities, and assistance necessary to access information stored on an electronic device or to access remotely stored electronic information, as authorized by the search warrant.”
The companies’ duties will include: “isolating the information authorized to be searched,” “decrypting or decoding information on the electronic device or remotely stored electronic information that is authorized to be searched,” and “providing technical support as necessary to ensure effective execution of the warrant for the electronic devices particularly described by the warrant,” reads the bill, which has identical language related to interception of encrypted communications, such as iMessage or Signal texts.
The only caveat is “unless the independent actions of an unaffiliated entity make it technically impossible to do so,” which seems to exclude the current reality, which is that tech companies themselves have made it impossible to decrypt data stored on a phone encrypted with a passcode, or messages exchanged in end-to-end encrypted apps.
The bill is the latest salvo in the Forever Crypto Wars, the constant struggle between governments and tech companies over the right to access encrypted communications and data.
Subscribe to our new cybersecurity podcast, CYBER.