House bill would stop states from banning phone encryption

library
crime | hacking | security

New York wants crypto backdoors in mobile phones.

California wants crypto backdoors in mobile phones.

At least some lawmakers in Washington want states to knock it off.

Rep. Ted Lieu (D-Calif.) and Rep. Blake Farenthold (R-Tex.) on Wednesday introduced a bipartisan bill in Congress that tries to halt states’ attempts to force phone makers to weaken encryption by putting in crypto backdoors.

The bill is called the Ensuring National Constitutional Rights of Your Private Telecommunications Act.

Its less cumbersome title: The ENCRYPT Act of 2016.

The proposed law seeks to prevent any state or locality from mandating that a “manufacturer, developer, seller, or provider” design or alter the security of a product so it can be decrypted or surveilled by authorities.

This won’t be the only encryption bill that Congress will mull this year. On the other side of the encryption debate, Sen. Dianne Feinstein (D-CA), along with Sen. Richard Burr (R-NC), have plans to bring a bill to the Senate that would require companies to pierce encryption under court order.

The crypto wars have been fueled by recent terror attacks in Paris and San Bernardino, California, with district attorneys and other law enforcement officials urging lawmakers to force companies like Apple and Google to hand over encrypted data on demand.

FBI Director James Comey brought up a case in point on Tuesday, when he said that encryption has prevented federal investigators from unlocking a mobile phone belonging to one of the San Bernardino killers.

Still other lawmakers – Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) – are working to establish a national commission to figure out how police can get at encrypted data without endangering Americans’ privacy.

Lieu told Ars Technica that The ENCRYPT Act of 2016 was inspired by the anti-encryption attempts by New York and his home state, California.

When the New York state legislator introduced the bill, I was somewhat concerned – but he was a Republican in a Democratic legislature. But when a Democratic state legislator introduced a similar bill, then I got very concerned. I’m very aware that it’s controlled by Democrats, and he could very easily get his bill passed.

It’s not that Lieu doesn’t respect the need for law enforcement to solve crimes, he said. But he does question whether the people who would undo encryption know what harm it would cause:

It’s very clear to me that the people who are asking for a backdoor encryption key do not understand the technology. You cannot have a backdoor key for the FBI. Either hackers will find that key or the FBI will let it get stolen. As you saw, it the [Department of Justice] just got hacked. The [Office of Personnel Management] got hacked multiple times. If our federal government cannot keep 20 million extremely sensitive security records, I don’t see how our government can keep encryption keys safe.

A recent study published by the Berkman Center for Internet and Society questioned assertions from law enforcement that encryption is making surveillance “go dark.”

Rather, the authors suggested, the increasing number of IoT devices present ever-more opportunities for surveillance.

Lieu told Ars that he doesn’t fault law enforcement from seeking to poke holes in encryption: they want “as many tools as they can to catch the bad guys.”

But as Lieu said during a congressional hearing last year, backdoors don’t constitute a smart tool:

It is clear to me that creating a pathway for decryption only for good guys is technologically stupid, you just can’t do that.