US senators push forward on encryption bill. Cue warnings we'll all be hacked

Lawmakers say it will help prevent terror attacks and other crimes. But cybersecurity experts warn it will make us all more vulnerable to hacking.

Laura Hautala
Laura Hautala
Laura Hautala
Laura Hautala Senior Writer

Laura writes about e-commerce and Amazon, and she occasionally covers cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Wash. and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials 2022 Eddie award for a single article in consumer technology
2 min read
Republican Sen. Richard Burr

Republican Sen. Richard Burr, pictured above, released a draft of the Compliance and Court Orders Act in the US Senate on Wednesday, along with Democratic Sen. Dianne Feinstein.

Ron Sachs/CNP/AdMedia/Corbis

You've heard of giving up some of your privacy for the sake of national security. How about opening yourself up to more hacks while you're at it?

That's what opponents say will result if an encryption bill released Wednesday by US Sens. Dianne Feinstein and Richard Burr becomes law. The bill, opponents say, furthers a fight that pits national security against cybersecurity.

Feinstein and Burr are pushing forward with the bill as a means of giving law enforcement and government investigators access to encrypted devices and communications. Opponents like Chris Doggett, senior vice president of cybersecurity company Carbonite, argue the trade-offs in the bill are too high a price to pay.

"If the bill is passed as written," Doggett said, "we make it all too easy for a wide variety of actors out there in the world to access people's data."

The bill is similar to a draft leaked Friday, which was also panned by privacy advocates and cybersecurity experts. The version officially released Wednesday is still a draft that the senators will seek input on before formally introducing. The legislation is called the Compliance and Court Orders Act.

The crimes the bill seeks to address are serious: terrorist attacks, child pornography, human trafficking and more. For years, lawmakers have expressed a fear of losing access to communications as they try to bring criminals to justice.

"I have long believed that data is too insecure and feel strongly that consumers have a right to seek solutions that protect their information -- which involves strong encryption," Senate Intelligence Committee Chairman Burr said in a statement. "I do not believe, however, that those solutions should be above the law." Burr is a Republican senator from North Carolina, and Feinstein is a Democratic senator from California.

A similar bill died in committee Tuesday in the California state legislature. The bill's sponsor, Assemblymember Jim Cooper, argued that it was vital for local law enforcement to be able to access the phones of suspects.

Since encrypted phones became the norm, around 2014, "Law enforcement has been severely impacted in their ability to prosecute in cases of human trafficking [and] child abuse," said Cooper's director of communications, Skyler Wonnacott.

But Doggett said the setbacks to cybersecurity are too much to stomach.

"This is exactly what we've been fighting against for so long," he said. "To prevent data breaches, to prevent intellectual property from being stolen from companies."