Senate draft bill requires companies extract, decrypt data for law enforcement
Two high-ranking U.S. senators on Wednesday released to the public a proposed bill that would grant courts the authority to order tech companies dealing in hardware, software or services help law enforcement agencies gain access to encrypted communications.
The draft bill, dubbed "Compliance with Court Orders Act of 2016," was penned by Senate Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA) in a bid to streamline government requests for encrypted data. In its current form, the legislation would require companies like Apple to bypass their own security measures, access target data and present it to law enforcement agencies in an "intelligible" — decrypted — format.
As applied to Apple's recent kerfuffle with the FBI over a passcode locked iPhone connected to last year's San Bernardino massacre, the company would have been forced to "provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data" after having received a court order demanding as much.
Importantly, the bill requires data be handed over in an "intelligible" format, defined as information or data that has either never been encrypted, or has been encrypted and subsequently decrypted for authorities. Since the legislation does not refer to a specific data gathering methodologies, or limitation thereof, the onus of thwarting built-in security measures, extracting data and decrypting it falls solely on the company.
As compared to previously leaked versions, today's draft has been narrowed and now only applies to cases involving crimes resulting in death or serious bodily harm, foreign intelligence and espionage, terrorism, federal crimes against minors, serious felonies and federal drug cases.
The controversial bill has been the topic of much debate since it was learned that Burr and Feinstein were mulling its creation in February. An early version recently leaked online and was promptly thrashed by security experts who called the proposal "ludicrous" and "dangerous."
According to Reuters, the groups who leaked the bill last week say no substantial changes were made in the interim. The publication notes Burr and Feinstein released the draft version to gather feedback from lawmakers and their constituents.
"I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law," Burr said in a statement. "Based on initial feedback, I am confident that the discussion has begun."