A US Senate Intelligence Committee Bill seeks to force communications and technology companies to help law enforcement unlock devices on command.
A discussion draft of the Compliance with Court Orders Act of 2016, drafted by Richard Burr, a Republican senator from North Carolina, and Dianne Feinstein, a Democrat senator from California, was published online late last week.
The proposed Act stipulates that "a covered entity that receives a court order from a government for information or data shall - a) provide such information or data to such government in an intelligible format; or b) provide such technical assistance as is necessary to obtain such information or data in an intelligible format".
An "intelligible format" refers to the data being unencrypted, and the Bill goes on to detail that "a covered entity that receives a court order... shall be responsible... for providing data in an intelligible format if such data has been made unintelligible [encrypted] by a feature, product, or service owned, controlled, created, or provided, by the covered entity or by a third party on behalf of the covered entity".
The Bill essentially stipulates that "covered entities" - including hardware and software manufacturers and all electronic communication service providers - must be able to supply law enforcement with their users' unencrypted data on demand.
It also imposes that licence distributors for software and communication services - for example, mobile app stores - must ensure these can be decrypted before distributing them.
The Compliance with Court Orders Act draft has attracted widespread criticism from technology and cyber-security experts.
"This basically outlaws end-to-end encryption," Wired quoted Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.
"This Bill is a clear threat to everyone's privacy and security," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union, in a statement. "It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on."
ICT security experts have long warned that guaranteeing law enforcement access to private digital data would significantly weaken ICT security at a societal level.
The Compliance with Court Orders Act draft marks US Congress' official step into the ongoing encryption fray between ICT companies and US law enforcement agencies, which was recently aggravated by the FBI's demands that Apple help it unlock an iPhone belonging to one of the San Bernardino shooters. Despite the FBI earlier claiming this was a once-off case, the US Justice Department is still vying for Apple to help unlock an iPhone used in a New York drug ring.
At present, the US legislation that comes closest to commanding ICT firms to help lawmakers unlock devices is the 227-year-old All Writs Act of 1789: a sweeping piece of legislature that gives courts the authority to issue compulsory orders, provided they are found legal and necessary.
Share