The leaders of the Senate Intelligence Committee, seeking to empower police nationwide, have unveiled a draft bill that would force companies like Apple to unlock iPhones anytime a judge says so.
The draft bill, released publicly Wednesday, would radically change privacy laws in the United States.
It would force American companies to keep back door keys that guarantee government access to all smartphones, computers and software.
To keep devices and apps safe from hackers, tech companies have adopted modern security features that lock out everyone but the gadget’s owner. Personal information is encrypted into indecipherable numbers and letters — and the passcode is the only key.
This bill would roll that back. It’s an order to decrypt on demand.
“Consumers have a right to seek solutions that protect their information,” Committee Chairman Richard Burr said in a statement. “I do not believe, however, that those solutions should be above the law.”
The Compliance with Court Orders Act is an attempt to give law enforcement extra powers. It would force companies presented with a court order to always give up information “in an intelligible format.” And it requires device manufacturers to keep a spare key.
It’s unclear when the bill would be formally introduced to the Senate floor — or if it has a chance of becoming law. But the senators behind the law say they intend to start “a meaningful and inclusive debate on the role of encryption and its place within the rule of law.”
It was put forward by the top two politicians in the Senate Intelligence Committee: Burr, a Republican from North Carolina, and Vice Chairman Dianne Feinstein, a Democrat from California. Both have a reputation for their conservative stances on national security matters.
The initial response from tech experts was harsh.
“It’s obvious that nobody in the tech field was consulted during the drafting of this bill. It’s a work of complete ignorance,” said Eric Rand, a computer security consultant in Southern California.
The Application Developers Alliance, an industry group representing the computer professionals who create software, said the measures in the bill “would compel companies and developers to create a specific design or operating system with inherent security flaws.”
Cybersecurity expert Robert Graham said regulating encryption this way is akin to regulating document shredders. It shows senators “fear what they don’t understand,” he said.
The back story
This legislation is a direct response to the current fight between Apple and the FBI. Right now, law enforcement is hitting a brick wall during investigations.
Until recently, police were able to employ Apple’s help to unlock iPhones when investigating crimes. But the latest versions of the iPhone are far more secure and more difficult — if not impossible — for law enforcement to unlock without a suspect’s passcode.
The FBI faced this problem when trying to enter the iPhone 5C belonging to Syed Farook, one of the two dead San Bernardino shooters. In that instance, the FBI tried to force Apple to design a newer, weaker version of its software to unlock that specific phone. When Apple fought back, the FBI teamed up with an “outside party” and successfully hacked the phone.
But the fight isn’t over. Law enforcement still lacks a law that would give it power to force companies to unlock devices and software. The Compliance with Court Orders Act would provide that power.
“Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order,” Feinstein said in a prepared statement. “We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
But other politicians have warned that mandating back doors only puts people at risk of criminal hackers, identity thieves and high-tech spies in China and Russia.
“This is a great way to tell the rest of the world: ‘Don’t trust U.S. products and services,'” said Martijn Grooten, a Dutch security researcher.