U.S. Senators Banning the Use of Strong Encryption
Last week, Republican U.S. Senators introduced the Lawful Access to Encrypted Data Act “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” Experts and privacy advocates think it can effectively outlaw strong encryption.
As the name may suggest, the Lawful Access to Encrypted Data Act (LAED Act, also referred to as LAEDA) is about requiring device manufacturers and service providers to allow law enforcement to access encrypted data, whether it is stored on a device or transmitted through the internet.
“The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary,” the official announcement reads, “but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.”
The Senators behind the proposal argued that terrorists, drug traffickers, and other unsavory individuals exploit consumer-level encrypted communications to run their operations, while law enforcement officials can’t access information potentially important to the investigation.
“In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations,” said Senate Judiciary Committee Chairman Lindsey Graham.
The bill would require companies like Apple and Facebook to “assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.” If a company is unable to comply, it will have to implement the required capabilities or appeal in federal court. The U.S. government will compensate the affected companies “for reasonable costs incurred in complying with the directive.”
This basically means that U.S. companies will have to have an encryption backdoor available for all data stored or transmitted. Those who don’t have one will have to redesign their systems so there is a backdoor. Experts perceive the bill as an outright ban on end-to-end encryption in the U.S.
The bill would also direct the Attorney General to organize a competition with awards for those who “create a lawful access solution in an encrypted environment while maximizing privacy and security.” On top of that, LAEDA proposes to fund a grant program to “increase digital evidence training for law enforcement” and create a call center that would provide advice and assistance to investigators.
In her initial analysis of the bill, Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, warned about the potential impact of the proposal on encryption and users’ privacy.
“The bill is an actual, overt, make-no-mistake, crystal-clear ban on providers from offering end-to-end encryption in online services, from offering encrypted devices that cannot be unlocked for law enforcement, and indeed from offering any encryption that does not build in a means of decrypting data for law enforcement,” she wrote, “This bill is the encryption backdoor mandate we’ve been dreading was coming, but that nobody, during the past six years of the renewed Crypto Wars, had previously dared to introduce.”
Riana Pfefferkorn also warned about the sweeping scope of the proposal:
“It isn’t just aimed at Apple, Google, Facebook, Signal, and the like, though it certainly applies to them; it goes well beyond, to include everyone from Box and Dropbox to the full range of Microsoft’s products, to OEM handset manufacturers.”
Given the broad wording of the bill, Riana suggested that it might apply even to individual contributors in open-source projects.
If the LAED Act passes, U.S. tech companies will be unable to provide users with end-to-end encryption.
“Say goodbye to WhatsApp and Signal: they’ll be wiped from the Google and Apple app stores. iMessage will no longer be E2EE, either. And as for Zoom’s big plans to end-to-end encrypt video calls? If this passes, Zoom can put their pencils down on that one,” Riana Pfefferkorn wrote.
Importantly, the LAED Act doesn’t even have to pass in order to harm encryption. As pointed out by Slate’s Jillian Foley, companies that had plans to introduce strong encryption may now reconsider the decision”
“Even if this bill doesn’t end up succeeding, any uncertainty in the meantime might make companies like Zoom unwilling to push ahead with ambitious plans for encryption, which could hold back privacy timelines months or possibly years.”
Get In Touch
Share On Social Media
Other Recent Blog Articles
Cybersecurity Nightmare: Cisco Data Breach and the Implications for Businesses
A threat actor known as IntelBroker has claimed to have breached Cisco’s systems on October 6th, 2024, stealing a vast amount of sensitive data. The stolen data allegedly includes source…
Read MoreHow PDX IT Services Can Protect Your Business from Data Breaches
Given the recent data breach at Globe Life and the increasing threat of cyberattacks, businesses must prioritize robust cybersecurity measures. PDX IT Services can offer a comprehensive suite of solutions…
Read MoreData Breach at Globe Life: A Growing Threat
Insurance Giant Faces Extortion and Data Exposure In a significant cybersecurity breach, Globe Life, a major life and health insurance provider, has confirmed that it is being extorted by a…
Read More