Three Republican Senators today introduced the Lawful Access to Encrypted Data Act, in their latest attack on the security and privacy of everyday citizens. The press release for the bill describes it as a way to “bolster national security interests” by “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” At a high level, the bill will require tech companies and device manufacturers to assist law enforcement with accessing encrypted data and develop prizes and grants for companies who can “create a lawful access solution in an encrypted environment.”
This isn’t the first-time lawmakers have used terrorism and cyber criminals as a boogeymen in an attempt to hamstring encryption technology. Earlier this year, the US Senate introduced the EARN-IT act, which isn’t explicitly an anti-encryption bill, but could enable the government to require internet services to backdoor their encryption or risk losing Section 230 protections.
There is no such thing as a “secure” backdoor for encryption. More accurately, backdoored encryption is fake encryption. By forcing companies to intentionally build weaknesses in their products, they are opening up ALL users to the threat of cyber adversaries and abuse by law enforcement. This bill would do little to catch actual terrorists and cyber criminals since, should it pass, they would just switch to using products and services that are manufactured and developed outside the judicial reach of the United States. The sponsors of the bill and similar bills have proven they either don’t understand or don’t care about how encryption protects American citizens.
Simply put, this bill makes us all less safe, not more.