Three Republican Senators today introduced the Lawful Access to Encrypted Data Act, in their latest attack on the security and privacy of everyday citizens. The press release for the bill describes it as a way to “bolster national security interests” by “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” At a high level, the bill will require tech companies and device manufacturers to assist law enforcement with accessing encrypted data and develop prizes and grants for companies who can “create a lawful access solution in an encrypted environment.”
This isn’t the first-time lawmakers have used terrorism and cyber criminals as a boogeymen in an attempt to hamstring encryption technology. Earlier this year, the US Senate introduced the EARN-IT act, which isn’t explicitly an anti-encryption bill, but could enable the government to require internet services to backdoor their encryption or risk losing Section 230 protections.
There is no such thing as a “secure” backdoor for encryption. More accurately, backdoored encryption is fake encryption. By forcing companies to intentionally build weaknesses in their products, they are opening up ALL users to the threat of cyber adversaries and abuse by law enforcement. This bill would do little to catch actual terrorists and cyber criminals since, should it pass, they would just switch to using products and services that are manufactured and developed outside the judicial reach of the United States. The sponsors of the bill and similar bills have proven they either don’t understand or don’t care about how encryption protects American citizens.
Simply put, this bill makes us all less safe, not more.
Jonathan Sparks says
Sounds like they are being influenced by parties who would benefit from it.
Marc Laliberte says
I agree
Larry B says
Imagine the catastrophic situation when a Zero-day is detected and cyber criminals gain access to many credit cards or other information through the backdoors they already use
These back-door to encryption will become a coveted target and may lead up to some serious backpedaling.
Especially when Credit Cards leak through the back door (crashing economy), kidnapping, or what ever encrypted data a cyber criminal can find to help their cause.
Sure sounds like a great plan guys!
Marc Laliberte says
It just isn’t possible to design a backdoor that is 100% safe from cyber criminals. All it takes is a source code leak or law enforcement losing a key and poof, the encryption is completely broken.