Draft US senate encryption bill leaked

A draft of the US senate encryption bill has been leaked, and it makes for unpleasant reading. It's called the Compliance with Court Orders Act of 2016.

The draft mandates that a company, when presented with a court order, must provide technical assistance to decrypt data that its products have encrypted. Even a software distributor is subject to these requirements.

This is a ludicrous bill that is difficult to take seriously. It essentially bans end-to-end encryption, including the feature just released by WhatsApp. Since decryption keys are private to users and are not stored by WhatsApp, they cannot decrypt user communications. The only way to comply with such a law would be to build a back door into the product, which renders the encryption utterly pointless. Apple's iPhone is similar - some kind of back door would be required.

The encryption debate has moved on from such draconian legislation. The encryption genie has been long released, and there is no going back. If US products have encryption disabled, it will only harm US interests, and consumers and corporations will eventually migrate to other secure products that can protect their privacy. These are widely available. Unfortunately, some lawmakers seem unaware of the consequences of the laws they are proposing.

Hopefully, this leaked bill was simply to test the waters. Word seems to be that it does not have the support of the White House, and it might be that the legislation will be killed off. Let's hope so.

Posted by John Faulds in