Bipartisan Group Re-Introduces the ENCRYPT Act
Originally introduced in 2016, the ENCRYPT Act aims to create a national policy for encryption
Last week Congressman Ted W. Lieu (D-CA) re-introduced the “Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act.” The act aims to create a national encryption policy that supsersedes any local and state laws that may seek to undermine encryption strength.
Yes, this is yet another entry in the debate between law enforcement and the cryptographic community about “responsible encryption.”
The ENCRYPT Act was originally introduced in 2016. This was following the initial row between the FBI and Apple over the San Bernardino shooter’s iPhone and who, if anyone, could/should unlock it. At the time, a piece of state legislation, Assembly Bill 1681, sought to require all smart phones sold in-state to be unlockable by its manufacturer or OS maker. Obviously, this was a bad piece of legislation so Lieu decided to introduce the ENCRYPT Act at the federal level with the aim of mitigating AB 1681 and any other state legislation of the same nature.
Unfortunately, after being introduced in 2016, the bill was referred to the Subcommittee on Crime, Terrorism, Homeland Security, and investigations where it was lost in the shuffle.
Now, two years later Lieu has re-introduced the legislation:
“Any discussion of encryption and law enforcement access to data needs to happen at the federal level,” wrote Lieu in a press release. “As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement. Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way. I am proud to lead this bipartisan group of Members who understand this is an issue of interstate commerce and economic security as well as cybersecurity. The ENCRYPT Act ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”
The legislation is broadly supported by various tech organizations and activisits, including the App Association, ITI, Developer’s Alliance and Electronic Frontier Foundation, the latter who heaped praise on the legislation in a heavy-handed, hyperbolic blog post made on Monday.
“It’s not just the Department of Justice and the FBI that want to undermine your right to private communications and secure devices—some state lawmakers want to weaken encryption, too.”
Understand that the EFF has a political agenda that it is quite overtly pushing, but this kind of rhetoric is unhelpful.
Saying that “encryption is under threat” mischaracterizes a very real debate being had right now between law enforcement and the tech community about access rights and how best to preserve those without compromising the strength of our encryption.
While this is a debate being had around the world, we are an American company so we will limit our commentary to what we know: the American version of this conversation.
Unfortunately, as with almost everything in American politics right now, things are polarized to the point where everything is viewed as being a zero-sum game. There’s a right side and a wrong side. There is no nuance. And unfortunately applying that kind of reading to this issue isn’t productive.
Law enforcement isn’t out of line in requesting access when it’s warranted. We’re not talking about extra-judicial surveillance – that’s a totally different debate – we’re discussing the ability to access an encrypted device for which a warrant to search has been granted. And despite our tendency to characterize law enforcement’s demands as being tone deaf, they’re just looking for a way to do their job.
The EFF’s rhetoric that this is an attack on encryption is unhelpful because in some ways it’s not about encryption at all. It’s about access. Don’t get us wrong, we agree with the EFF that the ENCRYPT Act is a good safeguard against legal attempts to compel manfucaturers and vendors to undermine their encryption platforms. What we don’t necessarily see eye to eye with is the rhetoric.
We’re also going to withhold praise of some of the congressmen sponsoring both the ENCRYPT Act and the accompanying Secure Data Act. While these bills are useful, and advance a mutual agenda, not all of these congressmen are our allies. A couple of them are outright insane.
At the end of the day, support both of these bills. They’re good safeguards. But let’s not get carried away with the rhetoric. And remember, one man’s attempt to safeguard our encryption may just be another man’s chance to thumb their nose at the FBI.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown