The big picture: A group of Republican senators is making a new attempt to push legislation that would weaken the lawful use of encryption in devices and communication services, with the purported aim of giving law enforcement the upper hand against criminals and terrorists. As always, the proposal ignores the technical issues and is seen by pundits as a political posturing exercise that isn’t likely to achieve anything.
Republican senators Marsha Blackburn (Tennessee), Tom Cotton (Arkansas), and Lindsey Graham (South Carolina) are proposing a new bill that seeks to deter companies from using so-called “warrant-proof” encryption. The bill is called the Lawful Access to Encrypted Data Act, and would give law enforcement the ability to ask for access to encrypted data on a device based on “probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.”
That’s exactly how the current legislation works, but the new bill would go further and outright strip companies like Apple of their ability to build and provide encryption systems to consumers where they don’t hold the keys themselves. The Attorney General would be allowed to ask companies about “their ability to comply with court orders, including timelines for implementation.”
The new bill would also add incentives for tech companies to find creative ways of providing “lawful access” to encrypted devices and services, along with a grant program at the DOJ to train law enforcement on how to gather digital evidence.
In other words, the three Republican senators are once again asking for a backdoor to encryption, with the minor tweak that the Attorney General wouldn’t be able to dictate how the backdoor should work. That would render services like WhatsApp, Telegram, Signal, and Apple Messages illegal, and represents a poor understanding of how end-to-end encryption works and its purpose — just like that time when the US Attorney General argued for a backdoor to it in the middle of a cybersecurity conference.
Senator Graham noted that “terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations.”
The problem with that statement is that companies like Microsoft, Google, Apple, and Facebook routinely release reports about their compliance with law enforcement requests, and they typically assist authorities where technically possible. The only way the new bill could work is known as the “Ghost Proposal,” which means that companies would have to deceive their customers by creating the illusion of encryption and using “virtual” devices linked to your account to redirect unencrypted data to them.
Attorney General William Barr stated he remains “confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access.”
In the end, the chances of this bill to be passed are slim, but it shows that the push and pull between governments and tech companies over the way encryption works is far from over.