Cybersecurity, Encryption and Congress

cybersecurityWhat would you do if the government said that the contractor who built your home must have a spare set of keys to the home, and there must be a door built on your home that only the contractor could access? Would you feel safe? How would you feel knowing that law enforcement could secretly enter your home any time it wanted simply by serving a warrant on the contractor who built your home?

When you put security in general terms such as the ones above, it sounds silly to mandate that contractors have a key to every home they have built. But in the wake of the iPhone debacle between the F.B.I. and Apple, a new bill in being introduced in Congress is trying to force technology manufacturers to make sure that your data is available to law enforcement, and anyone else who can get a copy of the key to your smartphone’s front door.

This Did Not Start In San Bernardino, California

san_bernardino_shootingThe terrorist attacks in late 2015 in San Bernardino, California brought the issue of encryption to the forefront because of the very public battle between Apple and the F.B.I. According to the New York Times, government law authorities made 4,000 requests to access information on 16,000 phones in the second half of 2015. The reason the San Bernardino case became so popular is because the government deemed the incident an act of terrorism, and fighting terrorism is a prime concern in the United States.

Under normal circumstances, federal law mandates that technology companies provide information for investigations unless the company feels that providing that information would be harmful in some way. Apple argued that being asked to bypass its own encryption would weaken the security it offers its customers, and that sparked a battle that is still raging.

The Secure Data Act Versus The Compliance With Court Orders Act Of 2016

In 2015, long before any battles over encryption in the media, Senator Ron Wyden and Representative Zoe Lofgren introduced the Secure Data Act to Congress. In a nutshell, the Secure Data Act says that manufacturers cannot be told by any government agency to weaken the security of their products to allow investigators to access encrypted data. The bill is still in draft form in both houses, but it has gained a great deal of support since the battle between Apple and the F.B.I. over San Bernardino.

After the San Bernardino encryption battle was made public, Senators Dianne Feinstein and Richard Burr introduced the Compliance With Court Orders Act of 2016. This act basically says that manufacturers must create ways to bypass their own encryption, or have a method for storing user data so that it can be turned over to investigators. This is the legal version of the contractor with a key to your house example we started with. This bill is also in draft form, and it is causing a lot of controversy, but having problems gaining real traction.

The Core Of The Debate

privacy_lawsWhat this debate boils down to is that some factions in the government want to force manufacturers to make user data accessible, and other factions want to preserve privacy. If the Compliance With Court Orders Act is passed, companies like Google would have to redesign products such as Gmail to make user data accessible. Right now, Google cannot read user emails at all unless Google has access to a user’s computer. If this bill becomes law, Google and anyone else who can get past the weakened Gmail encryption could read any user’s email.

If the new compliance bill becomes law, then user data could be exposed at levels that the lawmakers may not realize. A disgruntled Google employee could wind up selling data from millions of Gmail address, or a terrorist could access an iPhone to get all of the personal data that phone contains. As it stands right now, it is almost impossible for tech companies to access encrypted data, and that is what makes the data so safe. If things start to change, then there could be major issues with privacy that users may not realize until it is too late.