Yesterday, US Senators Richard Burr and Dianne Feinstein released a draft of what they’re calling the “Compliance with Court Orders Act of 2016.” The so-called “encryption bill” manages to be both breathtakingly ignorant and condescending at the same time.
Let’s start with the way the bill’s language grandstands to an offensive degree. Or the way it is technologically incompetent. (Yes, Congress doesn’t understand technology. Colour us all surprised.) The bill itself is only nine pages long, but it is a disaster on every one of those pages.
The draft begins with this:
It is the sense of Congress that —
- no person or entity is above the law;
No kidding! Though it doesn’t name Apple, it’s clear the senators are obliquely referencing the company. They’re upset at Apple for refusing to comply with court orders to unlock phones — orders that it doesn’t have the technical capacity to comply with, and may well be illegal. Which isn’t so much thinking it is “above the law” as it is “knowing what the laws actually are”. Of course, the point of this bill is to make sure orders like the ones Apple is fighting become legal ones.
The proposed law requires basically everyone involved with any kind of technology to respond to legal orders demanding access to data stored on anything they make. The language the bill uses is incredibly broad as to who that includes: “device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data.”
Upon receipt of a court order for information, these entities would be forced to “provide such information or data to such government in an intelligible format” or “provide such technical assistance as is necessary” to obtain the information. The words “intelligible format” mean that a tech company can’t just open the phone and hand over a bunch of gobbledygook — the data has to be decrypted.
Which doesn’t sound like it’s explicitly an attack on encryption, but it is. The bill can have as much language as it wants claiming that it’s not forcing companies to design certain features, but the end result will be that companies have to make their security crackable via some kind of backdoor. This is obvious to everyone. It’s why Neema Singh Guliani, legislative counsel with the ACLU said that “Burr and Feinstein should abandon their efforts to create a government backdoor”.
If companies like Apple don’t put a backdoor into all their technologies, they might not be able to comply with the requirements of this bill. Everything sold would either need to be pre-cracked, backdoored or capable of being decrypted. Aside from the eternal creepiness of the government being able to pry around in your private business, these vulnerabilities will leave everyone vulnerable to hackers, stalkers, and the like. It forces companies to either undermine security or risk running afoul of the law.
Moreover, Jonathan Zdziarski points out that the language about making data “intelligible” doesn’t distinguish between encrypted and deleted data. Technically, both are data that have been hidden, so now companies are on the hook for retrieving deleted information, too. Nothing on your devices will be safe. Can you imagine not being able to delete stuff any more?
What the senators are proposing here is preposterous. As Wired reports it’s a perfect encapsulation of why technical illiteracy, combined with reactionary politics, is so dangerous in Congress. In nine pages, Senators Burr and Feinstein have managed to get every possible thing wrong about encryption. And they are not alone in government on that front.
The language we’ve seen is supposedly the language being kicked around by Senators Burr and Feinstein. It could die there. If they’re actually serious, which we have no reason to think they’re not, it will end up in committee, which will debate and hold hearings on the matter. It could also die there. If it even gets out of committee and gets voted on, we can hope the final version looks different to this trainwreck. Let’s hope this doesn’t go too far.