Originally introduced in 2016, the ENCRYPT Act aims to create a national policy for encryption
Last week Congressman Ted W. Lieu (D-CA) re-introduced the “Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act.” The act aims to create a national encryption policy that supsersedes any local and state laws that may seek to undermine encryption strength.
Yes, this is yet another entry in the debate between law enforcement and the cryptographic community about “responsible encryption.”
The ENCRYPT Act was originally introduced in 2016. This was following the initial row between the FBI and Apple over the San Bernardino shooter’s iPhone and who, if anyone, could/should unlock it. At the time, a piece of state legislation, Assembly Bill 1681, sought to require all smart phones sold in-state to be unlockable by its manufacturer or OS maker. Obviously, this was a bad piece of legislation so Lieu decided to introduce the ENCRYPT Act at the federal level with the aim of mitigating AB 1681 and any other state legislation of the same nature.
Unfortunately, after being introduced in 2016, the bill was referred to the Subcommittee on Crime, Terrorism, Homeland Security, and investigations where it was lost in the shuffle.
Now, two years later Lieu has re-introduced the legislation:
“Any discussion of encryption and law enforcement access to data needs to happen at the federal level,” wrote Lieu in a press release. “As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement. Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way. I am proud to lead this bipartisan group of Members who understand this is an issue of interstate commerce and economic security as well as cybersecurity. The ENCRYPT Act ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”
The legislation is broadly supported by various tech organizations and activisits, including the App Association, ITI, Developer’s Alliance and Electronic Frontier Foundation, the latter who heaped praise on the legislation in a heavy-handed, hyperbolic blog post made on Monday.
“It’s not just the Department of Justice and the FBI that want to undermine your right to private communications and secure devices—some state lawmakers want to weaken encryption, too.”
Understand that the EFF has a political agenda that it is quite overtly pushing, but this kind of rhetoric is unhelpful.
Saying that “encryption is under threat” mischaracterizes a very real debate being had right now between law enforcement and the tech community about access rights and how best to preserve those without compromising the strength of our encryption.
While this is a debate being had around the world, we are an American company so we will limit our commentary to what we know: the American version of this conversation.
Unfortunately, as with almost everything in American politics right now, things are polarized to the point where everything is viewed as being a zero-sum game. There’s a right side and a wrong side. There is no nuance. And unfortunately applying that kind of reading to this issue isn’t productive.
Law enforcement isn’t out of line in requesting access when it’s warranted. We’re not talking about extra-judicial surveillance – that’s a totally different debate – we’re discussing the ability to access an encrypted device for which a warrant to search has been granted. And despite our tendency to characterize law enforcement’s demands as being tone deaf, they’re just looking for a way to do their job.
The EFF’s rhetoric that this is an attack on encryption is unhelpful because in some ways it’s not about encryption at all. It’s about access. Don’t get us wrong, we agree with the EFF that the ENCRYPT Act is a good safeguard against legal attempts to compel manfucaturers and vendors to undermine their encryption platforms. What we don’t necessarily see eye to eye with is the rhetoric.
We’re also going to withhold praise of some of the congressmen sponsoring both the ENCRYPT Act and the accompanying Secure Data Act. While these bills are useful, and advance a mutual agenda, not all of these congressmen are our allies. A couple of them are outright insane.
At the end of the day, support both of these bills. They’re good safeguards. But let’s not get carried away with the rhetoric. And remember, one man’s attempt to safeguard our encryption may just be another man’s chance to thumb their nose at the FBI.