Sen. Ron Wyden’s Secure Data Act aims to close NSA backdoors to consumer data

The U.S. Senate may be hopelessly mired in gridlock, but one Democratic senator is shouting into the fray about consumer data privacy anyway.

Senator Ron Wyden (D-Ore.) introduced a bill on Thursday that would close the so-called “back doors” to private data in American hardware and software. The Secure Data Act is intended to strengthen the security of American products, be they virtual or physical, to guard against attacks by foreign adversaries and exploitation by law enforcement.

Since at least 2003, when the National Security Agency (NSA) installed illegal monitoring equipment in a secret room at AT&T’s San Francisco hub, the U.S. government has exploited weak security to open backdoors into consumer data. This end-run around the more traditional methods of obtaining access to targeted records is both legally suspect and technologically concerning. After it emerged that the NSA had helped create an encryption standard only to secretly weaken it for its own purposes, independent security experts savaged the government for the damage that its short-sightedness could produce.

“By weakening encryption,” the Electronic Frontier Foundation said in an Oct. 2013 blog post, “the NSA allows others to more easily break it.”

Senator Wyden, a longtime NSA critic and privacy watchdog, echoed the EFF’s concerns in announcing the Secure Data Act (SDA).

“Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats,” Wyden said.

The SDA, Wyden promised, would be a step toward “rebuild[ing] consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans.”

Wyden’s press release touted a trio of major advantages to closing backdoors and improving consumer data protections: the foreign policy benefits of improved cybersecurity, the economic benefits of innovation based on genuinely secure encryption, and the hybrid economic-diplomatic benefits of improved global trust in American companies.

Google, Yahoo, Microsoft, and their colleagues in the tech industry would echo Wyden on that third point. In Sept. 2013, Google announced a plan to bolster the encryption within and between its many data centers in response to NSA snooping. The next month, the Washington Post reported in more detail on the NSA’s exploitation of vulnerabilities at Google and other technology firms.

“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks,” said David Drummond, Google’s chief legal officer, “and it underscores the need for urgent reform.”

With the Secure Data Act, Wyden is hoping to take those concerns to the Senate floor—and eventually to President Obama‘s desk.

“This bill,” Wyden said in his announcement, “sends a message to leaders of those agencies to stop recklessly pushing for new ways to vacuum up Americans’ private information, and instead put that effort into rebuilding public trust.”

Photo via Kevin Krejci/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III

Eric Geller

Eric Geller

Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.