Long-Awaited Senate Plan Would Require Companies Be Able to Decrypt On Demand

With Washington and Silicon Valley at loggerheads over giving the government access to encrypted data, the leaders of the Senate Intelligence Committee have offered a solution that technologists argue is a radical move: requiring tech companies to be able to unscramble encrypted data and provide it to law enforcement when presented with a court order.

Now, a discussion draft of that bill has leaked. Written by Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the legislation would force technology companies to provide data in an “intelligible format” when ordered to by a court.

The bill does not specify how companies are to unscramble encrypted communications — just that providers must be able to backdoor their own systems.

The legislation comes amid a dispute between the Justice Department and Apple over accessing data stored on iPhones. In recent years, Apple has stepped up security measures and encrypted data on the phones in such a way that the company is unable to access it without the user password.

This was a key sticking point in the case of an iPhone 5c belonging to one of the gunmen in last December’s shooting rampage in San Bernardino. The government ordered Apple to undermine the security features of the phone so that the FBI could pull its data. Apple, however, vigorously resisted, arguing that doing so would undermine the security and privacy of millions of Apple customers.

The case became the flashpoint in a national debate over the limits of individual privacy and the government’s ability to access phones that now store highly sensitive, personal data. Burr and Feinstein, respectively the Senate committee’s Republican chairman and top Democrat, have sided with the FBI in that dispute and accused Apple of undermining national security with technology that prevents it from complying with court orders.

The new legislation argues that “to uphold both the rule of law and protect the interests and security of the United States,” encryption providers must be able to provide data in clear text.

Security experts are outraged. “The Feinstein-Burr bill is pretty much as clueless and unworkable as I expected it would be,” Johns Hopkins University cryptologist Matthew Green wrote Friday on Twitter. “They took a complex issue, arrived at the most naive solution.”

“This bill is a clear threat to everyone’s privacy and security. Instead of heeding the warnings of experts, the senators have written a bill that ignores economic, security, and technical reality,” Neema Singh Guliani, legislative counsel with the American Civil Liberties Union, said in a statement. “It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on.”

The bill has not yet been introduced in Congress. It is all but certain it will not pass amid the overheated politics of a presidential election cycle. While arguing that law enforcement needs a way to access encrypted communications, the White House has declined to publicly support the Burr-Feinstein measure.

Photo credit: GABRIELLA DEMCZUK/Getty Images