Industry groups call Burr-Feinstein encryption bill 'ultimately unworkable'
A coalition of industry groups representing some of the largest tech companies in Silicon Valley penned an open letter to Sen. Richard Burr (R-NC) and Sen. Dianne Feinstein (D-Calif.).
A coalition of industry groups representing some of the largest tech companies in Silicon Valley penned an open letter to Sen. Richard Burr (R-N.C.) and Sen. Dianne Feinstein (D-Calif.), Senate Intelligence Committee co-chairs and co-authors of a Senate encryption bill that would require technology companies to decrypt data on demand for law enforcement agencies.
The Reform Government Surveillance group is made up of three industry associations representing tech companies including Apple, Facebook, Google, Microsoft, Amazon, eBay, AOL, and Twitter.
The coalition said the proposed legislation contains “well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm,” in the letter, signed by the Computer & Communications Industry Association, Internet Infrastructure Coalition (i2C), and the Entertainment Software Association. “We believe it is critical to the safety of the nation's, and the world's, information technology infrastructure for us all to avoid actions that will create government-mandated security vulnerabilities in our encryption systems.”
The letter also stated, “Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences. The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security. As a result, when designing products or services, technology companies could be forced to make decisions that would create opportunities for exploitation by bad actors seeking to harm our customers and whom we all want to stop.”
The Burr-Feinstein bill has been heavily criticized by both privacy groups and industry professionals.
“Not only does this bill undermine our security, it is also a massive Internet censorship bill, demanding that online platforms like Apple's App Store and the Google Play Store police their platforms to stop the distribution of secure apps,” Kevin Bankston, director of New America's Open Technology Institute, told SCMagazine.com in emailed comments. “Of course, just as the bill fails to explain how security engineers are supposed to keep our data secure while also making it completely available to the government on request, it also offers no clue as to how online providers are supposed to comprehensively audit and censor every app on the Internet.”
The American Civil Liberties Union (ACLU) said the bill would create a government backdoor. “Instead of heeding the warnings of experts, the senators have written a bill that ignores economic, security, and technical reality,” wrote ACLU legislative counsel Neema Singh Guliani. “It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on.”
“The draft shows how out of touch Senate Intelligence Committee leaders Sens. Burr and Feinstein are with the needs of the American people,” wrote Cindy Cohn, the Electronic Frontier Foundation's executive director, in a blog post earlier this month. “Millions of Americans suffer the loss, theft, or compromise of intimate communications, trade secrets, and identities each year. We desperately need more security, not less. Yet this bill would strongly discourage companies from providing it.”