New bill seeks to preempt state encryption rules
Two lawmakers want to head off efforts by states to write their own rules when it comes to encryption and law enforcement.
Rep. Ted Lieu (D-Calif.) is leading the charge on a bill to prevent states from making their own encryption laws.
States are beginning to address the issue of giving law enforcement access to encrypted electronic communications via warrant to resolve the "going dark" problem identified by FBI Director James Comey and many state and local police and prosecutors.
Already, legislatures in New York and California are considering measures that would give law enforcement new authority in those states.
Two members of Congress are hoping to avoid a potentially messy patchwork of state regulations with a new bill that would preempt states from making their own laws regarding access to encrypted communications. The Encrypt Act of 2016 (short for Ensuring National Constitutional Rights for Your Private Telecommunications) would prevent states from requiring device manufacturers and communications service providers to alter their products and services to create backdoors for law enforcement searches. The bill is backed by Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas). Reps. Suzan DelBene (D-Wash.) and Mike Bishop (R-Mich.) have also signed on as supporters.
"We are deeply concerned that a patchwork system with different encryption requirements in every state would not only undermine national security, it would also threaten the competiveness of American companies and dampen innovation," Lieu and Farenthold wrote in a letter to members of Congress seeking support for the draft bill.
Lieu, who has a degree in computer science from Stanford University, is strongly opposed to government efforts to require device manufacturers and service providers to retain encryption keys to their customers' accounts. However, he is making the case to colleagues that even those who want some regulatory action on commercial encryption should support the bill to avoid the chaos of 50 separate rulebooks governing encryption.
"This should be settled at the federal level," said Jack d'Annibale, a senior aide to Lieu. He told FCW that the bill is likely to be referred to the House Judiciary Committee. It could also see secondary referral to the Energy and Commerce and the Homeland Security committees.
The bill has already attracted support from the IT industry, including the Information Technology Industry Council, the Internet Association, other groups representing hardware and software companies, and mobile application developers.
The widespread use of commercial encryption has sparked a controversy among policymakers. Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, and Sen. Mark Warner (D-Va.) are backing legislation to create a national commission to study the issue and make recommendations to Congress about how to balance law enforcement access with privacy concerns.
Most encryption experts and computer scientists present the issue as a logical problem rather than one that can be "solved" by technology. They argue that the existence of master encryption keys held by third parties -- whether manufacturers, service providers or government -- makes communications less secure because those keys can be discovered and exploited by adversaries and used in ways not intended by policymakers.
U.S. CIO Tony Scott has been among those raising doubts about the value of mandating such access. "At the end of the day, I think the better policy is probably not to require these backdoors," he told FCW in an interview late last year.