Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Leaked Senate encryption bill called 'ludicrous, dangerous' by security experts

Last updated

A proposed U.S. Senate draft bill that would give courts the authority to compel tech company compliance in law enforcement requests to encrypted data leaked online Thursday night, and by Friday security experts and civil rights advocates were dismantling the policy, calling it ill-informed and potentially dangerous.

The proposed bill, authored by U.S. Senate Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA), has been circulating amongst key members of Congress for the past two weeks in a bid to build support prior to vote. According to people familiar with the matter, the version that leaked online is current, Reuters reports.

As described by Open Technology Institute Director Kevin Bankston, the draft bill is the "most ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century."

While not in its final form, the legislation's language appears to offer judges authority to force tech companies like Apple to hand encrypted data over to law enforcement agencies, even if that means breaking into their own devices.

In particular, tech companies furnished with data request warrants would have to deliver said data in "an intelligible format" or provide "technical assistance" to agencies seeking access to passcode protected information. As reported in March, the bill does not stipulate specific penalties for noncompliance, nor does it suggest methods or means by which compelled companies must provide access.

Following last night's leak, Burr and Feinstein issued a joint statement attempting to explain their bill and why it is necessary.

"The underlying goal is simple: when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out," the statement reads. "No individual or company is above the law."

Reuters cites source as saying President Obama is scheduled to be briefed on the bill by White House chief of staff Denis McDonough next Monday. However, a report on Thursday said the administration is split on the issue, suggesting the White House is unlikely to support the proposal, at least not publicly.

The bill is being floated in direct response to growing concern that law enforcement agencies, unable to break increasingly sophisticated consumer level encryption protocols, lack judicial instruments to force compliance in evidence gathering operations. Speaking to issue was the recent court kerfuffle between the FBI and Apple.

Apple in February was ordered by a federal court to assist the FBI in gaining access to an iPhone tied to San Bernardino terror suspect Syed Rizwan Farook. A day before federal prosecutors were scheduled to meet Apple lawyers in the case's first evidentiary hearing, the government withdrew its motion to compel citing an outside party who demonstrated an eleventh hour passcode workaround. With a working exploit, the FBI's case was rendered moot.

Since then, the FBI has promised to assist in multiple ongoing investigations involving locked iPhones, though whether or not the agency plans to apply its new data access technique is unknown. As it stands, the vulnerability can only be leveraged on older handsets. FBI Director James Comey this week confirmed the exploit does not work on hardware above an iPhone 5c, and the agency is already running into problems newer devices.

Earlier today, the U.S. Justice Department said it plans to continue a long-running Brooklyn court case compelling Apple's assistance in accessing a target iPhone 5s running iOS 7. As in San Bernardino, the company is resisting the All Writs Act order.