Saturday, April 16, 2016

New Bill, New Restrictions

A week after it was first reported that Senators Dianne Feinstein and Richard Burr were prepping a bill that would force tech companies to build their devices and software with weakened encryption or built-in backdoors for law enforcement, the actual bill has been introduced. Here’s what you need to know about why consumer and privacy advocates are concerned.
The Compliance with Court Orders Act of 2016 states that “to uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data.”

1. It’s An Attempt To Update & Strengthen A 227-Year-Old Law

Way back in 1789, Congress passed the All Writs Act, which allows a judge to force a person or group to assist in the enforcement of a court order — but only if that assistance is both necessary and “agreeable to the usages and principles of law.”
Law enforcement has long used the All Writs Act to nudge private businesses to aid in an investigation. In fact, the government has used this law more than 60 times in recent years to compel Apple and Google to help with unlocking smartphones and other tasks.
And since the companies had easy ways to comply with these court orders, they did.
But in 2014, both Apple and Google updated their mobile device operating systems so that not even the makers of the software had a way around the encryption. Thus, when a newer iPhone or Android device is locked, only the user can unlock it without having to reset it and lose the stored data.
This is what caused the recent very public fight between Apple and the FBI, which was trying to unlock an iPhone that had belonged to one of the terrorists of Bernardino, CA's bombing.
Apple has no built-in work-around for its own encryption, but the FBI used the All Writs Act to try to compel them to figure out a way to do so. Apple argued that the relatively ancient law doesn’t require companies to go to such lengths and that this would just be the thin edge of the wedge, setting a precedent whereby Apple would — as additional court-ordered demands for assistance pile up — either need to permanently weaken its encryption or constantly be trying to poke holes in the walls its own employees built.
The new bill would leave Apple no choice but to comply with the court order in a timely manner or violate the law.

2. Unbreakable Encryption Could Be Against The Law

The language of the proposed makes it clear that if the company’s encryption is the reason that the sought-after data is unintelligible, then it’s the company’s responsibility to make it intelligible.
Thus, if a company were to make an unbreakable form of encryption — or one that it lacks the ability to break — they would not be able to comply with the law.

3. Tech Companies Would Be Forced To Release Poorly Secured Products

While the proposed legislation says that it is not forcing companies to adopt “any specific design or operating system,” it ultimately has the effect of requiring that tech companies include a backdoor to their encryption so it can be decrypted whenever a court order pops up.
Sens. Burr and Feinstein say the believe that data encryption is important, but critics of the bill point out that encryption with a backdoor is like a submarine with a leaky window.
“Data is either encrypted or it is not, and the technical assistance that this legislation mandates is not feasible nor is it in the country’s best interest,” says Jake Ward, CEO of the Application Developers Alliance. Thus, I am against the idea of introducing a backdoor, as the government might as well be asking us to leave the back door of our houses unlocked to "protect us".

-668 words

No comments:

Post a Comment