Legislators Reintroduce Pro-Encryption Bills After FBI Destroys Its Own 'Going Dark' Narrative
from the [mugato-voice]-irons-so-hot-right-now dept
The FBI may have overplayed its hand in the encryption game, but that doesn’t mean someone further down the legislative food chain won’t suffer from a sudden burst of enthusiasm for destroying encryption in the wake of a local tragedy. The same DC legislators looking to prevent federal legislation mandating encryption backdoors is taking the fight to the state level. Or, rather, looking to disqualify legislative contestants before they even enter the ring.
A bipartisan group of lawmakers is renewing a push for legislation to block states from mandating that technology companies build “backdoors” into devices they produce in order to allow law enforcement access to them.
The measure is designed to preempt state and local governments from moving forward with their own laws governing encryption before the federal government acts on the issue.
The bill would prevent backdoor mandates, as well as encryption-subverting technical assistance demands or encryption bans.
A State or political subdivision of a State may not—
(1) mandate or request that a manufacturer, developer, seller, or provider of covered products or services—
(A) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or
(B) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service; or
(2) prohibit the manufacture, sale or lease, offering for sale or lease, or provision to the general public of a covered product or service because such product or service uses encryption or a similar security function.
This bill was originally introduced in 2016, back when the FBI was just getting its anti-encryption electioneering underway, but this time around appears to have a larger list of bipartisan sponsors.
Since then, things have changed considerably. The FBI’s claimed number of locked devices swelled dramatically, from a little under 800 to nearly 8,000 in less than two years. Its “going dark” rhetoric increased pace along with the increase in number of inaccessible phones.
But the biggest change in the last couple of years — a time period during which this legislation hasn’t moved forward — is the FBI’s self-own. Forced to account for its growing number of locked devices given the multiple options available to crack the phones or obtain evidence located in the cloud, the agency finally decided to take a look at all the phones it had amassed. And it found it didn’t have nearly as many as it had claimed. The 8,000 phones turned out to be somewhere between 1,000-2,000 (likely around 1,200 devices). The FBI blamed it on faulty software and has begun issuing corrections to the many, many public statements it published about the “going dark” problem.
Given the FBI’s disastrous discovery, the time would seem to be perfect to push forward with pro-encryption legislation. A new bill is on the way — likely a carbon copy the 2016 proposal. It should pair nicely with another bill introduced in May, which would prevent federal agencies or courts from demanding companies create backdoors or otherwise weaken their encryption. The only exception would be for mandates or court orders stemming from CALEA, which would limit assistance demands to the interception of communications (with wiretap warrants), not the contents of locked devices.
If both move forward, phone users will be protected on both ends from both levels of government. No backdoors, and no demands phone manufacturers kick down the front door so law enforcement can carry out their search warrants.