Granted, it has zero chance of passing as is, but the current bill before the US Senate, The Compliance with Court Orders Act of 2016, would actually make encryption a legal impossibility.
The bill, Hall and Bankston point out, doesn’t specifically suggest any sort of backdoored encryption or other means to even attempt to balance privacy and encryption, and actually claims to not require any particular design limitations on products. Instead, it states only that communications firms must provide unencrypted data to law enforcement or the means for law enforcement to grab that data themselves. “To uphold the rule of law and protect the security and interests of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive and intelligible information or data, or appropriate technical assistance to obtain such information or data.”
In a nutshell, if you run Apple, an email provider, a communications network, a cloud storage service, etc. and a court orders you to turn over or tap a user’s information, you have to turn it over, in an intelligible form. (i.e. not encrypted)
In order to do that, of course, the service would have to prevent the user from encrypting it in the first place, or at least have access to any encrypted data. As a user, you can’t use encryption of your own, of course, because these providers need to be able to get to the data in order to comply with a court order.
Yes, this is horrible, for privacy, for businesses with data protection issues, for anyone who wants to communicate or store information without making it completely insecure.
So yeah, this one won’t pass but as Kevin Bankston, the director of the New America Foundation’s Open Technology Institute is quoted:
“We have to take this seriously,” he says. “If this is the level of nuance and understanding with which our policymakers are viewing technical issues we’re in a profoundly worrisome place.”
This is true, these people have no clue what they are demanding, and what sort of impact it will have on data protection at every level. We should keep this in mind when it comes time to vote for people who have the power to enact this sort of junk.
Follow these topics: Tech