On Thursday, thanks to The Hill national security reporter Cory Bennett, the public got a look at how some of their elected officials plan to treat the encryption debate. Spoiler alert: it’s not good.
The bill, sponsored by Republican Sen. Richard Burr and Democrat Sen. Dianne Feinstein, appears to be merely a draft. There is no word as to who leaked it or how it came into Bennett’s possession. Regardless, it’s a nasty bellwether for the storm of debate that’s a-rollin’ in on this subject. Is encryption a right? Is privacy a right when we’re talking about 2016 technology? What happens with this bill may help us answer those questions.
Feinstein& Burr: “We’re still working on finalizing a discussion draft & as a result can’t comment on language in specific vsns of the bill”— Spencer Ackerman (@attackerman) April 8, 2016
The Apple-FBI scuffle over the San Bernardino terrorist’s iPhone ended anti-climactically when law enforcement cracked the device without the company’s help. However, the issue of encryption and what law enforcement calls “going dark” isn’t going away, and indeed may just be getting started.
Sen. Burr confirms, FBI has only briefed him and Sen. Feinstein on how it hacked San Bernardino iPhone.— Cory Bennett (@Cory_Bennett) April 7, 2016
The backlash to Apple looks like Feinstein and Burr’s potential “Compliance With Court Orders Act of 2016.” This says that, given “an authorized judicial order,” a software company (or whomever) will have to cough up any data that is demanded of it, in an “intelligible format.” Furthermore–and here’s the real stickler–they will also have to provide “appropriate technical assistance” if need be. A lot of privacy advocates and analysts read that as meaning a software engineer could be forced to write a new code or program to undermine their own program or device. The bill even includes a mention of payment for such (compelled) services, making that interpretation more credible.
There’s a decent case Feinstein-Burr violates the 13th Amendment. Compulsory “assistance” applies to individual coders who wrote legal apps.— Julian Sanchez (@normative) April 8, 2016
In short, exactly what Apple argued the FBI was trying to make them do with the San Bernardino phone. Which, Apple claimed, would have undermined the security of countless other phones if it had obliged. The bill claims it is not referencing anything about how a device can be made, or outlawing it. However, Apple’s whole point–and its whole argument–in resisting the FBI over the San Bernardino phone is that the company cannot unlock the phone because it does not have some magic decryption key somewhere. Nor does it have the means of decrypting Apple iChats, which use end-to-end encryption.
This is what law enforcement calls going dark. And the solution appears to be not to control how devices are designed by companies but to legalize compelling their help when it comes time to decrypt. It’s difficult to know which option is the more disturbing for privacy advocates.
If this bill passed, it seems logical to assume that in order to prevent having to spend all day helping the government break their own software or devices, companies would do exactly what the bill says it isn’t forcing, and they would change the way they build their devices. And, if you value privacy, that’s not good. As an article over at VICE Motherboard says, “Simply put, this bill would flat-tire end-to-end encryption within America. Every service, person, human rights worker, protester, reporter, company—the list goes on—will be easier to spy on. It jams a crowbar into the gut of Americans’ privacy and security.”
This tweet is arguably illegal under Feinstein-Burr. pic.twitter.com/9XlmIn0jEo— Julian Sanchez (@normative) April 8, 2016
Feinstein and Burr are not alone. With a few exceptions, politicians are staggeringly bad on the issue of privacy, especially in the tech realm. No major party candidate for president has come out in favor of companies having unequivocal choice in designing their own devices, systems and software. And reputation sometimes to the contrary, the Dems are really no better than the right.
When asked about the encryption debate, both Hillary Clinton and Bernie Sanders have vaguely expressed support for a fanciful middle ground between security and safety. They have never clarified what that might resemble or whether it would include compelling companies to include a backdoor for law enforcement access in their products or software.
The draft of this bill is provoking such a backlash that it may be rethought or rephrased in some way. However, its very existence proves that government officials are clueless of and terrified by encryption and are going to stop it however they can.