After a long wait, a draft of a Senate bill effectively mandating backdoors in encryption in the United States leaked to the public late Thursday night.
The bill, co-authored by Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), directs companies to provide “information or data” to the government “in an intelligible format” when a court orders them to do so. If a company cannot do it—because of encryption—they must offer technical assistance to obtain the data.
Encryption has been at the center of a political storm for several years now, one that’s flared in intensity in the last year as American tech companies like Apple, Facebook, and Google continue to push for mainstream adoption of encryption.
“The first thing that’s going to happen is that any backdoor legislation is going to be tied up in the courts for years.”
In the event the Burr bill passes Congress and is signed into law, the legal challenges will be considerable.
“The first thing that’s going to happen is that any backdoor legislation is going to be tied up in the courts for years,” Nate Cardozo, staff attorney at the Electronic Frontier Foundation, told the Daily Dot. “The EFF is going to lead that effort. So nothing will happen at the beginning.”
A wide consensus of technologists agree that backdoors into encryption—even if they are originally meant specifically for one agency or purpose—create a larger vulnerability that weakens cybersecurity overall.
Burr holds the opposing stance, arguing that legally mandated backdoors do nothing to weaken encryption.
“There is nothing in the draft language of the bill that calls for weaker encryption,” Burr told the Daily Dot in a previous email interview. “I support encryption. I believe it is a priority to keep Americans' information safe and I also believe that private entities are also subject to U.S. law. When a judge issues an order, we are all required to follow the law.”
While the encryption debate continues to rage in the U.S., other countries have taken steps to settle it. The Dutch government, for example, issued a strong statement against weakening encryption for the purposes of law enforcement.
Simon Crosby, the chief technology officer of the security firm Bromium, told the Daily Dot why he thinks the Dutch model ought to be held up highly around the world.
“The Dutch government’s decision is laudable in light of the fact that back-doored, or weakened encryption has been repeatedly shown to render both organizations and individuals vulnerable to surveillance–whether by government or malicious actors,” Crosby said. “Ultimately, if we make strong encryption illegal then only criminals will have access to strong encryption–which is precisely the opposite of the desired outcome. The encryption genie is out of the bottle, and there’s no putting it back.”
Burr and Feinstein say they are still working on finalizing the language of the legislation. “However, the underlying goal is simple,” the two senators said in a joint statement. “When there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. ”