Secure Data Act: A bi-partisan effort to make requesting encryption backdoors illegal
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Secure Data Act: A bi-partisan effort to make requesting encryption backdoors illegal

The Secure Data Act is supported by the Electronic Frontier Foundation

A new bill, the Secure Data Act, seeks to make requesting an encryption backdoor illegal. The legislation was introduced by Representatives Zoe Lofgren (D-CA), Thomas Massie (R-KY), Ted Poe (R-TX), Jerry Nadler (D-NY), Ted Lieu (D-CA), and Matt Gaetz (R-FL).

The bill is just two pages, which increases the likelihood that one of these representatives actually wrote it themselves, which doesn’t happen as often as you would think. The premise is simple, government agencies and courts can’t compel the tech sector to build backdoors.

SEC. 2. PROHIBITION ON DATA SECURITY VULNERABILITY MANDATES.
(a) AGENCY ACTIONS—Except as provided in sub-section (c), no agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.
(b) COURT ORDERS—Except as provided in sub-section (c), no court may issue an order to compel a manufacturer, developer, or seller of covered products to design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by an agency.
The one exception cited is any “mandates, requests, or court orders authorized under the Communications Assistance for Law Enforcement Act.” That is a 1994 law that relates to wiretapping.
The legislation would cover any computer hardware, software or electronic device that is made available to the public.
The Electronic Frontier Foundation, in a post on its website, lauded the legislation, thanking the legislators and writing:
The two-page bill has sweeping safeguards that uphold security both for developers and users.
I get that the EFF is excited, but the bill is two pages, composing of just 23 lines – two of which are pre-amble, three are headers and two simply provide the name of the bill – so characterizing its as having “sweeping protections” definitely smacks of hyperbole. Still, this is a step in the right direction. Albeit probably a symbolic one only.

You can read the full bill here.

 

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.