Encryption bill would force companies to surrender user data
A peek at draft legislation shows senators want no pushback from tech companies when law enforcement needs technical assistance or decrypted data.
- 2022 Eddie Award for a single article in consumer technology
If two US senators get their way, Apple will be legally required to help law enforcement agencies break into its customers' encrypted iPhones, no arguments allowed.
That's according to an unofficial draft of a new bill that would force companies to hand over unencrypted data to government investigators. If they can't do that, the companies will have to provide "technical assistance" to retrieve the information. That's exactly what the US Department of Justice is trying to get Apple to do in a legal battle over an encrypted iPhone in New York.
Complying with the law would not be easy for companies like WhatsApp. On Tuesday, it rolled out end-to-end encryption on all its communications services that ensures it never has access to unencrypted messages that it could surrender. These services are among many that allow people to send messages that are scrambled unless the recipient has the appropriate key, which poses a significant challenge for government investigators under existing laws.
"No person or entity is above the law," says the draft bill, authored by Richard Burr, a Republican from North Carolina, and Dianne Feinstein, a Democrat from California.
The bill, though, doesn't expressly forbid companies from building technology like that offered by WhatsApp.
The unofficial draft was revealed late Thursday by Washington, DC-based news organization The Hill. It wasn't released through an official announcement and hasn't been introduced as legislation before any Senate committees.
"We're still working on finalizing a discussion draft and as a result can't comment on language in specific versions of the bill," Feinstein and Burr said in a joint statement. "However, the underlying goal is simple: When there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out."
Defiance of a court order was at the center of the very public battle between Apple and the FBI over access to an iPhone tied to one of the terrorists in the San Bernardino, California, massacre. The legal issues there were left unresolved when a third party stepped forward to help the FBI gain access to the phone's data.
The senators' statement went on to echo the language in the unofficial draft: "No individual or company is above the law."
California Republican Congressman Darrell Issa, who is on a House working committee studying the encryption question, slammed the unofficial draft in a statement Friday, calling it "flawed," and "technically naive."
"This legislation would effectively prohibit any company who wants to improve the security of its products from doing so," Issa said.
An Apple attorney, speaking with reporters Friday, declined to comment on the draft of the encryption bill. A WhatsApp spokesman also declined to comment.
Privacy advocates and cybersecurity experts condemned the draft legislation.
"This bill is a clear threat to everyone's privacy and security," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union. "It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on."