The Consumer Technology Association (CTA) are supporting the proposed Ensuring National Constitutional Rights for Private Telecommunications Act (ENCRYPT) which has been sponsored by Representative Ted Lieu.
This has been a hot-button issue as everyone is demanding privacy, especially when it comes to our mobile devices. But on the opposite side, the FBI and others have been bashing those companies who dare to deliver the enhanced security their customers want, because it hampers law enforcement from getting the evidence they supposedly need. One way in which law enforcement and governments have gotten around this is by making crony and unethical deals to force a backdoor into the hardware or software, and then gagging the manufacturers, such as Microsoft, from being able to disclose or patch it. We at Being Libertarian have documented how the FBI has called Apple “jerks” and “evil geniuses” for enhancing their security, how the NSA was given a workaround Intel Management Engine exploits that the public doesn’t have easy access to, how the epidemic of Wannacrypt and ransomware stemmed from NSA backdoors and exploits, or even how America has eroded digital freedoms abroad.
We’ve seen how these spectacles of law enforcement throwing a tantrum can become national news, especially in recent memory with Apple versus the FBI regarding to a mass shooter’s phone. This is because there is no information for law enforcement to analyze for evidence when the phone/tablet/PC in question is encrypted with a good algorithm and the private key can only be generated if the user enters the password. For example, a password on the default disk encryption with Android or iOS, even the absurd level of encryption many Linux distributions come with out of the box such as Qubes OS.
Some countries, such as Australia, have made it illegal to use what they consider “military-strength” encryption without a proper license to do so, which can be confusing as many open source and commercially-available systems can go beyond what the military requires. However, it seems many law enforcement officials have the same backward and archaic mentality, that by weakening security for everyone, even to be at the mercy of private individuals with malicious intent, somehow is a greater good for all of society. So now the FBI and other law enforcement are demanding software and hardware backdoors into devices, and this is nothing new since this has been attempted as far back as the Clinton administration’s “Clipper Chip” proposal based on the flawed NIST FIPS-185 “escrowed key” encryption standard. This would allow encrypted communication, but the private key would be escrowed for law enforcement to be able to request from the manufacturer. In response to these misguided attempts at weakening security, a team of legislators have proposed the ENCRYPT Act, encouraging tech firms to stop providing backdoors for national law enforcement agencies and standardizing the encryption policy.
“Having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation and ultimately law enforcement,” Rep. Lieu explained in a statement about the bill. “Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way.”
It would be great to see the ENCRYPT Act pass so we can ensure all people in the United States, as well as any individuals using software or hardware from US companies, can ensure they are not using an intentionally weakened device because some law enforcement agency thinks everyone should have weaker security. It is currently listed as HR 6044: ENCRYPT Act of 2018, and can be followed online here. Don’t forget to call, email, tweet, and Facebook message/post your senators and representatives about this bill.