Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote.
But opponents of the bill, who argued Assembly Bill 1681 would undermine data security and impose a logistically untenable requirement on California companies, aren’t about to rest on their laurels.
“While we pause to celebrate a win here in California, we need to be cognizant that some members of the government are still trying extremely hard to push for new access to limit encrypted communications,” said Rainey Reitman, activism director, for Electronic Frontier Foundation in an interview with Threatpost.
Assembly Bill 1681 is one of many similar bills being considered nationwide that center on the debate over the balance of privacy and public safety when it comes to the government’s ability to force a company to decrypt a phone. “There is no doubt that all of these cases are related to the FBI’s demand that Apple unlock the phone of San Bernardino shooter Syed Farook,” Reitman said.
One decryption bill, sponsored by Senate Intelligence Committee Chairman Richard Burr (R., N.C.) and Sen. Dianne Feinstein (D., Calif.), would require smartphone OS developers and other tech vendors to assist law enforcement agencies when it comes to breaking into their own encrypted devices. The official draft version bill, titled the Compliance with Court Orders Act of 2016, was released Thursday.
The Burr/Feinstein bill has received overwhelming condemnation from civil liberties and privacy advocates along with a long list of the who’s who within the tech industry. Add to that 43,000 people that have signed a petition against proposed U.S. legislation.
Encryption advocates such as the EFF have argued that: “Full disk encryption ensures that technology users can trust that their data is secure. It can help safeguard against identity thieves, malicious hackers, and others. It is particularly important when smartphones are lost or stolen, so that the sensitive data they store won’t be compromised,” Reitman wrote in a news bulletin regarding AB 1681’s defeat.
Since Apple’s showdown with the FBI, other encryption battles across the US include New York and Louisiana have flared up. In New York, a state assemblyman reintroduced a bill (Assembly Bill A8093) in January that would require any phone sold in the New York to be able to be decrypted by its manufacturer or operating system provider. In Louisiana, a near identical bill (House Bill 1040) would do essentially the same.
“I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information – which involves strong encryption,” said Sen. Burr in a prepared statement regarding the Compliance with Court Orders Act. “I do not believe, however, that those solutions should be above the law.”
Sen. Feinstein added in a statement regarding Compliance with Court Orders Act on Thursday, “We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
Opponents of the Burr/Feinstein bill, such as EFF’s Reitman, say the draft bill is so ill-conceived they wonder if it might exist merely to make the next anti-encryption bill seem more reasonable. “The text on this bill is worse than anything we would have imagined,” Reitman said. “But, if you take a step back, this bill is so terrible that it’s possible it was just designed to make the next bill not so bad. And that worries me, because any anti-encryption bill is unacceptable.”
Strong encryption supporters argue today’s privacy-vs-security debate was fought back in the 1980s during the so-called Crypto Wars. That’s when encryption advocates and U.S. companies faced off with the U.S. government over attempts by the government to limit public and foreign nations’ access to encryption that couldn’t be decrypted. That battle resulted in changes in the export laws making it legal to use and export strong encryption that didn’t include backdoors.
For encryption advocates, vigilance also includes watching bills that would bolster encryption. One such bill is the Secure Data Act, proposed by Sen. Ron Wyden, (D-Ore). The bill would ban any government backdoors or mandates to weaken security. Another bill, the Encryption Act of 2016, sponsored by Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas), would “prevent any state or locality from mandating that a ‘manufacturer, developer, seller, or provider’ design or alter the security of a product so it can be decrypted or surveilled by authorities.”
“Despite some of the challenges we see, there are some forward looking bills out there that are good and that protect encryption,” Reitman said.