Backdoor to encrypted data required in proposed bill

by Steve Blum • , , ,

California’s senior U.S. senator wants software, hardware and telecoms companies, and pretty much everyone else in the high tech universe to keep a master key to their encrypted products and services. And turn the key anytime a court tells them to do so. The draft of a bill by senators Diane Feinstein (D – California) and Richard Burr (R – North Carolina) says…

A covered entity that receives a court order from a government for information or data shall— (A) provide such information or data to such government in an intelligible format; or (B) provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order.

Covered entity

…means a device manufacturer, a software manufacturer, an electronic communication service, a remote computing service, a provider of wire or electronic communication service, a provider of a remote computing service, or any person who provides a product or method to facilitate a communication or the processing or storage of data.

On the face of it, the bill would effectively outlaw products with unbreakable encryption or the sale of services that include it. What it would really do is create two classes of criminals: those who have the smarts and motivation to layer in their own encryption and those who don’t. And the former would be handed a golden opportunity to hack, phish or subvert their way into government-mandated backdoors.

The conventional wisdom in the tech press is that the bill isn’t going anywhere, with political opposition ranging from libertarian-leaning republicans to the Obama administration, and with Silicon Valley mobilising battalions of lobbyists. Maybe so. But it’s an election year and a particularly odd one at that. Take nothing for granted.