Senators Richard Burr and Dianne Feinstein (D-Calif.) have introduced draft legislation that would give federal judges a sweeping authority to require access to encrypted data from technology companies.
Spurred to act by the Apple-FBI showdown (the Feds have since postponed their case), over a federal magistrate judge’s order that the Cupertino giant unlock an iPhone connected to the mass shooting in San Bernardino, the Senators have crafted a bill that’s specific in intent, but vague on the details.
The proposal from Sens. Burr and Feinstein, who are the top Republican and Democrat on the Senate Intelligence Committee, seeks to disallow criminals, terrorists and spies from “going dark” and dropping off the comms grid by using encrypted communications. It specifies that law enforcement can compel tech companies like Apple to open the kimono when asked.
“The going-dark issue has been gathering momentum (in Congress) like a train coming down the tracks, but it still seemed for a while like it was going to be a long time before it got to the station,” Representative Adam Schiff, the top Democrat on the House Intelligence Committee, told Reuters in an interview. “But it arrived with a fury with this lawsuit.”
But, worryingly for even those that may be open to the Feds’ point in the Apple case, the proposal does not spell out a lot of things, according to Reuters, like under which circumstances the FBI would be able to enact an order. It also doesn’t talk about back-doors or any specific technology that would be used, and it doesn't create specific penalties for noncompliance—that part would be left up to a judge.
The White House reportedly offered suggested edits to the bill, which must also pass the House in order to go to President Obama’s desk.
“We have previously been quite skeptical of legislative handling of this particular matter,” White House press secretary Josh Earnest told reporters last month, regarding the Apple case. “I don’t know at this point whether or not (conversations with lawmakers) will result in a piece of legislation that we will embrace.”
Yorgen Edholm, privacy advocate and CEO of Accellion, said that he doesn't expect the bill to have an easy path.
“Six months ago the perils of encryption backdoors weren’t on the radar of most consumers or even most legislators,” he told Infosecurity. “Therefore, a bill like this probably would have passed with very little scrutiny. However, in light of the very passionate public debate stemming from Apple’s refusal to unlock its technology for the FBI, as well as the support Apple is receiving from other technology leaders, including Accellion, I believe it’s safe to say that this bill has a long road ahead.”
He added that he didn't think the Brussels attacks and other terror strikes would influence lawmaker sentiment.
“Despite such emotionally charged drivers as the terrorist attacks in Paris and San Bernardino, there is no rebuttal for the fact that granting access to peoples' phones and data can’t be confined to the government. A backdoor to one is a backdoor to all," he said.