The draft by Burr (R-N.C.) and Feinstein (D-Calif.), which starts by stating that “no person or entity is above the law,” would require tech and communications companies to comply with court orders demanding the release of user data, encrypted or otherwise, in a readable format. The government would not begin storing such data on a regular basis, and the proposal would compensate tech companies that are asked to unlock encrypted data that the government wants.
The government and Apple had been headed to a likely protracted and costly court showdown over the encrypted data on the iPhone used by a San Bernardino terrorist. The main conflict was averted after the FBI paid professional hackers to crack the four-digit PIN on that iPhone, though it’s unclear whether the FBI will share its hacking technique with Apple. But the FBI still wants to force the tech giant to unlock the device because the amount of data it can access limited.
Encryption has become an increasingly central issue in the national security debate, with lawmakers concerned that the coding built into many tech companies’ products jeopardizes law enforcement’s ability to learn crucial information. But tech companies and privacy advocates worry that their encryption features will start to be seen as worthless if the government can demand access to any of their products.
The bill from Burr and Feinstein seeks to strike a balance between those concerns — though not everyone agrees it is the right one.
“Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order,” Feinstein said in a statement. “We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
Burr added that he hoped the draft bill “will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law.”
By any measure, that debate is already underway. Privacy advocates who were long wary of Congress began to express open outrage late last week, when a draft of the Intelligence Committee leaders’ initial legislation was leaked. Now that the draft has been released, they are no happier with what they see.
“This legislation would effectively prohibit Americans from protecting themselves as much as possible,” Sen. Ron Wyden (D-Ore.) said in a statement Wednesday.
Not only would the legislation leave people “vulnerable to stalkers, identity thieves, foreign hackers and criminals,” Wyden argued, it would also provide an incentive to would-be terrorists to use non-American encrypted products and apps to continue their conversations. That would put terrorists further out of the reach of American authorities, Wyden argued, and hurt U.S. companies in the process.
Burr and Feinstein’s bill isn’t the only encryption proposal out there. Sen. Mark R. Warner (D-Va.) and Rep. Michael McCaul (R-Tex.) also have legislation to set up a commission to study the issue for a year and recommend the best policies.
Burr said in his statement Wednesday that he and Feinstein hope to engage everyone who is “willing to engage constructively on this critically important and challenging issue” as the debate continues.