Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Leaked Senate encryption bill called 'ludicrous, dangerous' by security experts

Last updated

A proposed U.S. Senate draft bill that would give courts the authority to compel tech company compliance in law enforcement requests to encrypted data leaked online Thursday night, and by Friday security experts and civil rights advocates were dismantling the policy, calling it ill-informed and potentially dangerous.

The proposed bill, authored by U.S. Senate Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA), has been circulating amongst key members of Congress for the past two weeks in a bid to build support prior to vote. According to people familiar with the matter, the version that leaked online is current, Reuters reports.

As described by Open Technology Institute Director Kevin Bankston, the draft bill is the "most ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century."

While not in its final form, the legislation's language appears to offer judges authority to force tech companies like Apple to hand encrypted data over to law enforcement agencies, even if that means breaking into their own devices.

In particular, tech companies furnished with data request warrants would have to deliver said data in "an intelligible format" or provide "technical assistance" to agencies seeking access to passcode protected information. As reported in March, the bill does not stipulate specific penalties for noncompliance, nor does it suggest methods or means by which compelled companies must provide access.

Following last night's leak, Burr and Feinstein issued a joint statement attempting to explain their bill and why it is necessary.

"The underlying goal is simple: when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out," the statement reads. "No individual or company is above the law."

Reuters cites source as saying President Obama is scheduled to be briefed on the bill by White House chief of staff Denis McDonough next Monday. However, a report on Thursday said the administration is split on the issue, suggesting the White House is unlikely to support the proposal, at least not publicly.

The bill is being floated in direct response to growing concern that law enforcement agencies, unable to break increasingly sophisticated consumer level encryption protocols, lack judicial instruments to force compliance in evidence gathering operations. Speaking to issue was the recent court kerfuffle between the FBI and Apple.

Apple in February was ordered by a federal court to assist the FBI in gaining access to an iPhone tied to San Bernardino terror suspect Syed Rizwan Farook. A day before federal prosecutors were scheduled to meet Apple lawyers in the case's first evidentiary hearing, the government withdrew its motion to compel citing an outside party who demonstrated an eleventh hour passcode workaround. With a working exploit, the FBI's case was rendered moot.

Since then, the FBI has promised to assist in multiple ongoing investigations involving locked iPhones, though whether or not the agency plans to apply its new data access technique is unknown. As it stands, the vulnerability can only be leveraged on older handsets. FBI Director James Comey this week confirmed the exploit does not work on hardware above an iPhone 5c, and the agency is already running into problems newer devices.

Earlier today, the U.S. Justice Department said it plans to continue a long-running Brooklyn court case compelling Apple's assistance in accessing a target iPhone 5s running iOS 7. As in San Bernardino, the company is resisting the All Writs Act order.



29 Comments

🎅
muppetry 13 Years · 3319 comments

It surprises me that the implications of proposals of this kind have still not, apparently, been understood by those drafting such bills. Legitimate court orders to hand over data or other material evidence have precedent and make sense, but it is not reasonable to propose that court orders can compel either people or companies to help LE decrypt such data, or provide any non-material assistance or expertise.

🍪
radarthekat 12 Years · 3904 comments

muppetry said:
It surprises me that the implications of proposals of this kind have still not, apparently, been understood by those drafting such bills. Legitimate court orders to hand over data or other material evidence have precedent and make sense, but it is not reasonable to propose that court orders can compel either people or companies to help LE decrypt such data, or provide any non-material assistance or expertise.

Or be forced to become a forensics tool provider.  Imagine you're an engineer working at Apple.  The company, under this new law, is forced to develop a weakened version of iOS to install onto an iPhone that law enforcement wants access to.  The iPhone is unlocked and law enforcement gets evidence crucial to their case.  Eventually there's a court trial, and the defense attorney demands to have its expert inspect the forensic tool to ensure that it didn't alter the evidence it allowed access to.  Now the engineer gets called into court to testify.  Not once and done, but again and again in every case in which the tool was used.  He'd quit his job and move out of the country!  And if the government thinks there should be no concern that the tool gets out into the wild, just wait until all those defense experts are pouring over Apple's iOS source code.  Yeah, this whole thing goes bad real quick.

🎅
cali 10 Years · 3494 comments

You're living in a fantasy world if you think police are saints(some morons do).

You know how they plant evidence on you?
This is 10x worse. Anyone they wanna lock up, they can with ease. Either for political reasons or just for laughs.

🎅
eideard 16 Years · 427 comments

Wouldn't expect anything more from the scumbags inhabiting Congress.

🕯️
boltsfan17 12 Years · 2294 comments

I don't understand how these morons in Congress fail to see the big picture in what they are proposing. This bill will force tech companies to release products with back doors, otherwise they will fail to comply with the law. This is a disaster waiting to happen.