A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. (REUTERS/Kacper Pempel/Files)
If you sided with the FBI in its recent encryption fight with Apple, you'll likely support a new bill from Sens. Dianne Feinstein and Richard Burr.
Their legislation, a draft of which was released on Wednesday, would force companies like Apple to comply with court orders that demand access to their products and services. The move, they say, is intended "to protect Americans from criminals and terrorists," but detractors argue that it's nothing more than legalizing a backdoor into our private data.
"No entity or individual is above the law," said Feinstein, a California Democrat who serves as vice chair of the Intelligence Committee. "The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so.
"Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order," she continued. "We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans."
The issue is a complex one and comes after Apple tangled with the FBI over access to the iPhone 5c owned by one of the San Bernardino shooters. Since Apple's operating system has been encrypted since iOS 8, it has no easy way of opening iPhones running its updated OS. To do so would require Apple to create an alternative operating system that would hack its own encryption, something Apple CEO Tim Cook said would put other iPhone owners at risk and be the software equivalent of cancer.
Ultimately, the FBI was able to crack the iPhone without any assistance from Apple, reportedly by hiring hackers to do the job. And a new report finds that officials have yet to find anything of use on the iPhone 5c in question.
Those who side with the FBI, however, say this might not always be the case, and are calling for some legal clarity in regards to the government's power to demand access to products and services. In the Apple case, the government relied on the All Writs Act, a 1789 statute that basically lets the feds enforce the law. Those who crafted that measure, though, likely could not have envisioned a future with smartphones, encryption, and global terrorism facilitated by the Internet.
So what does the Feinstein-Burr bill do? At its core, it requires "providers of communications services and products [to] protect United States persons' privacy with strong data security while still complying with court orders and other legal requirements."
It covers device and software manufacturers, those who provide electronic communication, remote communication, wire or electronic communication, and remote communication services, "or any person who provides a product or method to facilitate a communication or to process or store data," according to a fact sheet.
Those who get a court order must turn over the requested info "in an intelligible format" or tell the agency requesting it how to get it.
According to the draft, the feds will pay for any costs associated with retrieving the data, while the government can't force or ban "any specific design or operating system for any covered entity to use in complying with a court order."
Finally, the bill authors insist this is not creating new collection authorities. "The bill simply requires covered entities to ensure that the government's lawfully-obtained evidence is readable—so that law enforcement can solve crimes and protect our communities from criminal and terrorist activities."
The Electronic Frontier Foundation begs to differ.
"The Burr-Feinstein proposal creates the wrong incentives for companies. Instead of working to improve security for everyone, tech companies would be forced to spend resources thwarting their own security features or creating backdoors in response to government requests," the organization says. "Any court in the country could force a tech company to defeat its own security or build a backdoor that could affect millions of people."
The EFF is calling on people to email their members of Congress and demand that they reject the bill.
In response to a leaked version of the bill, the Internet Association earlier this week argued that "mandating the weakening of encryption will put the United States' national security and global competitiveness at risk without corresponding benefits." The group's members are a who's-who of Silicon Valley, from Amazon and Facebook to Google and Twitter.
At this point, Feinstein and Burr are requesting feedback on their bill before formally introducing it. One person who's not a fan? Sen. Ron Wyden, an Oregon Democrat.
"This flawed bill would leave Americans more vulnerable to stalkers, identity thieves, foreign hackers and criminals. And yet it will not make us safer from terrorists or other threats," he said in a statement. "Bad actors will continue to have access to encryption, from hundreds of sources overseas."
If the bill makes it to the Senate floor, "I will filibuster it," Wyden promised.
In the House, California Republican Darrell Issa said the bill is "about as flawed and technically naive as a piece of legislation can get."
In February, meanwhile, Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Tex.) introduced a bill that would stop states from mandating that a company intentionally weaken its smartphone encryption to facilitate law enforcement action. That came weeks after lawmakers in New York and Feinstein's home state of California introduced bills that would ban the sale of encrypted smartphones.
This article originally appeared on PCMag.com.
Get a daily look at what’s developing in science and technology throughout the world.