Regressive US Encryption Bill Harms Security
April 10, Washington: Senators Dianne Feinstein and Richard Burr, chair and ranking member of the Senate Intelligence Committee, seem to be taking a page out of China’s digital repression handbook.
Last night, a discussion draft of the senators’ long-awaited encryption bill was released by media sources, which would require many technology companies to provide access to encrypted information in an “intelligible format” (that is, unencrypted) if asked to by a court. The bill does not specify how companies would have to unscramble encrypted information, but it would effectively force companies build in a “back door” to bypass encryption and other security features in products.
No doubt the technologists and digital security experts will point out the many technical flaws of the bill, and how it would undoubtedly undermine cybersecurity for everyone, not just criminals and terrorists. But the proposed bill would also devastate the security of human rights defenders, journalists, and ordinary citizens around the world.
Companies like Apple and WhatsApp have already begun rolling out “end-to-end” encryption to block them from having to provide decrypted data at the request of any government, including authoritarian governments. This feature protects literally billions of users around the world, including activists struggling to protect their communications under repressive regimes. That’s no small thing: many human rights activists and journalists working in closed societies risk jail time if caught criticizing the government in a chat group. WhatsApp’s design helps protect their safety, both online and offline.
If this bill passes, it would roll back these protections. It is also clear that other governments would demand the same thing of United States companies.
The breadth and vagueness of the bill bear striking similarity to what China has just enacted in its counterterrorism law, which requires certain technology companies to “provide technical interfaces, decryption and other technical support assistance.” The released discussion draft of the Burr-Feinstein bill also requires companies to provide data in an “intelligible format” if encrypted and “provide such technical assistance as is necessary to obtain such information or data in an intelligible format.”
The Chinese government is in the process of implementing its law and has stated that it looks to US practice in formulating its policies in this area. If the Burr-Feinstein bill passes, it will implicitly encourage regressive application of China’s anti-encryption provisions.
The Obama administration should lead by example by unequivocally opposing this bill and endorsing strong encryption as crucial for security and human rights.
The Oslo Times