New Bipartisan Bill Gets Encryption Right, Privacy Advocates Argue

The bipartisan Secure Data Act could put an end to privacy advocates and civil libertarians’ worst nightmare: backdoors.

Last week, the Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in San Francisco, California, assembled a panel of cyber security experts to explain why government-mandated backdoors are not good for anyone. Rather, the panel explained why backdoors weaken computer security for absolutely everyone. There is no such a thing as a secure backdoor, privacy advocates have been arguing for years.

According to Stanford University, a backdoor in computing is “a method of bypassing the normal method of authentication. Backdoors are usually inserted into a program or algorithm before it is distributed widely. They are often hidden in part of the design of the program or algorithm. In cryptography specifically, a backdoor would allow an intruder to access the encrypted information without having the correct credentials.”

In a report published today, the EFF praised a new bipartisan bill called the Secure Data Act. This bill, they claim, “gets encryption right.”

Introduced by Representatives Thomas Massie, Jerry Nadler, Ted Lieu, Ted Poe, Matt Gaetz, and Zoe Lofgren, the bill says the following.

“No agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.”

Companies that make encrypted devices would be protected by this bill. Software developers, too, would not have to alter their products, weaken their security, and leave backdoors at the insistence of governments. Mobile apps, like WhatsApp and Signal, would be allowed to send end-to-end encrypted messages.

The same bill forbids the government, which would not be able to mandate software or hardware alterations, from seeking court orders.

As Reuters reported in January, FBI Director Christopher Wray considers encryption to be “an urgent public safety issue.” Encryption is an important issue because it disables law enforcement from accessing electronic devices, Wray said at a cyber security conference in New York.

Wray is not alone in his crusade against encryption. In 2016, the former Director of National Intelligence, James Clapper, blamed NSA whistleblower Edward Snowden for advancing commercially available encryption. According to the Intercept, Clapper said the Snowden leaks have had a profound impact on the intelligence community’s ability to gather information, and sped up the spread of encryption by seven years.

According to the EFF, the Secure Data Act is the polar opposite of the Burr-Feinstein proposal, which was introduced in the San Bernardino case, the FBI-Apple encryption dispute. The Burr-Feinstein proposal would have allowed court orders to require technical assistance from tech companies like Apple. The Secure Data Act would do the exact opposite and, unlike the Burr-Feinstein proposal, it would not “violate the First Amendment,” EFF concluded.