Cryptography experts critical of Senate encryption bill
Encryption legislation proposed by leaders of the Senate Select Committee on Intelligence is being met with fierce criticism from experts, and some reports suggest the White House will not back the measure.
Encryption legislation proposed by leaders of the Senate's intelligence committee is being met with fierce criticism from industry experts, and some reports suggest the White House will not back the measure.
Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) released the draft discussion text for an encryption bill designed to ensure that law enforcement agencies have access to encrypted communications with a warrant.
The Compliance with Court Orders Act of 2016 asks providers of communication services and software to protect the privacy of their users but also follow any legal requirements such as court orders. It states that "covered entities must provide responsive, intelligible information or data, or appropriate technical assistance to a government pursuant to a court order."
The bill provides for companies to be reimbursed for any costs associated with providing that technical assistance.
"I can say without exaggeration that this draft bill is the most ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century so far," said Kevin Bankston, director of New America's Open Technology Institute, on April 8. He argued that the bill would be a threat to domestic cybersecurity efforts and impossible to follow given all the details.
"Of course, just as the bill fails to explain how security engineers are supposed to keep our data secure while also making it completely available to the government on request, it also offers no clue as to how online providers are supposed to comprehensively audit and censor every app on the Internet," he said.
Jonathan Zdziarski, a forensics expert, argued that secure encryption and third-party access are mutually exclusive. "Burr, while trying to make this legislation sound like a 'middle ground,' is in reality choosing...weaker encryption that isn't really encryption at all," Zdziarski added.
Some reports suggest that White House officials are not planning to support the bill, but when pressed on the matter, they said only that the president continues to take the issue seriously.
"I don't know the precise granularity of our exchanges with those offices, but I can tell you that this remains a priority for the president," White House Deputy Press Secretary Eric Schultz said on April 7. "We'll absolutely be in touch with those offices. But the idea that we're going to withhold support for a bill that's not introduced yet isn't accurate."
He added that officials are "always willing to work with members of Congress on issues like this."
Just last month, Matt Grote, a senior professional staffer for the Senate Homeland Security and Governmental Affairs Committee and a former Government Accountability Office analyst, discussed the legislative outlook for encryption-related bills with the government's Information Security and Privacy Advisory Board.
"I think it's going to be a really heavy lift this year," Grote told the board when asked about the Burr-Feinstein measure. He speculated that the senators might use a closed markup to move the bill closer to a floor vote and noted that, regardless of where it ends up, the bill "does give them the benefit of starting a discussion."
The encryption debate has heated up in Congress recently, but it remains to be seen if any legislation will get a floor vote before Congress is in recess.
"Congress, however, remains far from a consensus, and this discussion draft will surely trigger an intensified discussion and debate about the important interests at stake, as well as the technical questions raised," Rep. Adam Schiff (D-Calif.) said. The ranking member of the House Permanent Select Committee on Intelligence plans to continue the conversation with his colleagues, the technology industry and the intelligence community to see if "there is a way forward that optimizes the very legitimate and competing equities."
Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, and Sen. Mark Warner (D-Va.), a member of the Senate Select Committee on Intelligence, have been calling for the creation of a commission of experts in technology, cryptography, law enforcement, intelligence, privacy, global commerce and national security.
Additionally, a bipartisan coalition of eight House members is forming a working group to focus on legislative issues related to encryption.
NEXT STORY: Senate Dem queries OMB over cyber acquisition