WASHINGTON -- “This smartphone is today’s go-to, must-have security tool," Sen. Ron Wyden (D-Ore.) said, pulling his iPhone out of his pocket. "It’s got your whole life in it.”
Wyden, a vocal privacy advocate in the Senate, is readying for a fight over legislation two of his colleagues are drafting that could open up technology companies to civil penalties if they refuse to comply with court orders to hand over encrypted data.
Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) -- chairman and vice chairman, respectively, of the Senate Intelligence Committee -- are planning to introduce their bill, which has been in the works since the Paris terrorist attacks, as early as this week. While the bill doesn’t mandate the adoption of a particular technology or a penalty for noncompliance (leaving the latter point up to the courts), it does requires that companies “must comply” with any order to turn over decrypted data that was previously encrypted by the company’s device, according to a Feinstein aide.
That effectively leaves tech companies like Apple exposed to penalties like contempt of court. Apple is currently embroiled in a battle with the federal government over a judge’s order that it unlock an iPhone used by one of the shooters who killed 14 people in San Bernardino, California, last year.
“I will do anything necessary to block a bill that weakens strong encryption,” Wyden told The Huffington Post, hinting at a filibuster. “I will use every procedural tool in the Senate to block a bill that weakens strong encryption because I believe that weakening strong encryption will leave millions of Americans less safe and less secure.”
Wyden has not seen the final bill, but he said that from what he’s heard about it, it would leave tech companies with few options.
“If that’s the case," he said, "the American people will be less safe and less secure in their homes and neighborhoods."
If companies are penalized with hefty new fines, Wyden is concerned that they'll begin redesigning their products to have weaker encryption -- likely getting rid of “end-to-end encryption” altogether.
End-to-end encryption is the newest operating system available on nearly every smartphone. It only allows one key to open the device, and it’s controlled by the consumer, not the company. Older systems had two keys: one for the user, and one for the company. Wyden argued that a measure like Burr and Feinstein's would essentially amount to giving the government a master key of sorts, creating a sizable target for hackers, foreign governments and the like.
The controversy surrounding the pending bill isn’t lost on Burr and Feinstein, who told The Hill that they are waiting on feedback from the White House before moving forward. “I have a basic fundamental belief this is very important and that no American company should be above the law,” Feinstein said.
A growing fear among law enforcement and intelligence communities is the phenomenon known as “going dark” -- essentially, the increasing use of default encryption on mobile devices by tech companies while terrorists simultaneously try to use encryption to evade surveillance.
Mike McConnell, who has served as the U.S. director of national intelligence and director of the National Security Agency, is on the other side of the “going dark” debate, arguing in a recent Washington Post op-ed that opening up encryption is not worth it, as it could expose the U.S. to an array of national security risks.
“Millions of Americans have an iPhone and their whole life is in it,” Wyden said. “And [when] you weaken encryption, you make it easier for foreign actors, non-state bad actors, to get access to people’s information.”
