The Department of Justice under the Obama administration, may be trying like hell to force tech companies like Apple to violate their own security to help them fight crime, but the White House appears reluctant to push through legislation authorizing what is currently a legal gray area.
So let's celebrate, warily: Really bad, really irresponsible anti-encryption legislation introduced by Senate Intelligence Committee leaders Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) is going absolutely nowhere. So sources tell Reuters:
Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said.
Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers.
"They've dropped anchor and taken down the sail," former NSA and CIA director Michael Hayden said.
This bill, titled the Compliance with Court Orders Act of 2016, would have required that tech and communications companies provide information or data produced with their devices, software or apps upon court demand, in an "intelligible" format. It means tech companies would have to be able to bypass their own encryption when ordered to do so by authorities.
The bill has been roundly criticized by anybody with even a passing understanding of cybersecurity. There is no such thing as an encryption bypass that can only be used by the "good guys" (scare quotes due to the history of the feds abusing surveillance authorities). The bill weakened everybody's personal security, and its proponents seem very unconcerned about the possible consequences.
I say to celebrate warily, because legislation that grants government more power doesn't just crawl away and die. There was a tremendous amount of activism and criticism about the Cybersecurity Information Sharing Act (CISA), which pushed private businesses to share private customer data with the government in the guise of helping fight cybercrime. Efforts to pass the law on its own failed, but then a version of it was quietly added to last December's "must pass" omnibus spending bill, and it became law with almost no discussion or public awareness.
That there's little open support for Burr and Feinstein's legislation doesn't mean that there aren't behind-the-scenes machinations to get some sort of authorities approved to help federal investigators attempt to draft companies to help them. My own pet theory is, as with CISA, the feds will attempt to get tech companies on board by giving them immunity to legal liability for any bad outcomes that result from them providing encryption bypasses or "back doors" to the government.
It does seem likely that nothing is going to happen under Obama given the short time remaining for his administration (though if there's another terrorist attack on U.S. soil between now and 2017, we're going to see this come up again). That leaves us with looking toward the next administration. We have Donald Trump, who has open contempt for the idea that the government should be restrained by the right to privacy and called for a boycott of Apple for resisting orders to weaken its tech security, and Hillary Clinton, who says she doesn't want an encryption "back door" mandate, but when she talks about finding ways for authorities to bypass encryption to access private data, sounds like she actually does want back doors. She seems to believe in the possibility of creating some sort of key to access that only the "right" people can use.
But hey, everybody's paying attention to the Libertarian Party's convention this weekend (to the extent that media coverage is regularly showing in Google News among the top stories), and the top candidates are all showing predictable support for strong encryption and privacy. Respect for your right to protect your data from hackers and thieves: a libertarian selling point.