Lawmakers seek standardized national encryption policy

A push on Capitol Hill looks to preempt a possible patchwork of data encryption policies varying from state to state.

 

A bipartisan group of lawmakers are looking to codify a national encryption policy.

The ENCRYPT Act (an acronym for Ensuring National Constitutional Rights for Your Private Telecommunications) would preempt state and local government efforts to implement disparate policies.

The bill, introduced June 7 by Reps. Ted Lieu (D-Calif.), Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio), would instead create a single, standardized national policy.

"Any discussion of encryption and law enforcement access to data needs to happen at the federal level," Lieu said in a statement. "Encryption exists to protect us from bad actors, and can't be weakened without also putting every American in harm's way."

Jordan called the bill "an important step in the right direction."

"We know federal agencies have abused warrantless surveillance in the past," Jordan said. "The current patchwork system for encryption makes it easier for further abuses of the system and increases the problem by creating potential opportunities for abuse by third party actors."

The bill is supported by a range of technological organizations and think tanks, such as the App Association, the Information Technology Industry Council, the Developers Alliance, the Internet Association, New America’s Open Technology Institute, Engine, i2Coalition and the Niskanen Center.

Lieu first introduced the bill in the wake of the encryption controversy after the deadly San Bernardino massacre in 2015. At the time, the FBI and Apple were battling in court for access to the shooter's locked phone.

FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein have stated that law enforcement agencies have been unable to access thousands of locked devices relevant to ongoing investigations, although it was recently revealed that those figures were overstated by Wray and Justice Department officials in speeches and reports to Congress. Authorities claimed it was thwarted from accessing 7,800 encrypted devices, when the true number was closer to 1,200.

A group of 20 civil society, privacy and activist groups from across the political spectrum are seeking an investigation by the DOJ's inspector general into the flawed statistics.

When first introduced, Lieu's bill attracted five Democratic and two Republican cosponsors, but never received a vote.