Bipartisan lawmakers have introduced a bill forbidding the federal government from requiring that tech companies build so-called “backdoors” into their products designed to let authorities defeat encryption.
The Secure Data Act introduced in the House on Thursday by Rep. Zoe Lofgren, California Democrat, would prohibit government agencies and courts from demanding that “a manufacturer, developer or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product by any agency.”
The bill covers computer hardware, software and electronic devices made available to the general public, effectively encompassing products ranging from laptops and smartphones, to secure messaging apps like Signal and WhatsApp.
If passed, the bill could potentially complicate calls for companies to design their products with backdoors enabling authorities to eavesdrop on customers’ encrypted communications.
“Encryption backdoors put the privacy and security of everyone using these compromised products at risk,” Ms. Lofgren said in a statement, adding that experts widely agree that designing devices with intentional vulnerabilities will inevitably by exploited by individuals other than authorities.
“Congress must act to protect the products available to Americans that keep their personal information safe from warrantless surveillance and hackers intent on breaching their data,” she said.
The bill echoes similar legislation introduced previously in both the House and Senate, and already the proposal has garnered support from two more Democrats — Reps. Ted Lieu of California and Jerrold Nadler of New York — and three Republicans, including Reps. Matt Gaetz of Florida, Thomas Massie of Kentucky and Ted Poe of Texas.
“When the government forces companies to insert security backdoors in their products, they make Americans less safe,” Mr. Massie said. “Backdoors in otherwise secure products make Americans’ data less safe, and they compromise the desirability of American goods overseas.”
The Secure Data Act would exclude mandates, requests and court orders authorized under existing federal wiretapping law, the 1994 Communication Assistance for Law Enforcement Act, or CALEA, though that legislation already specifies that telecommunications providers aren’t responsible for either decrypting their customers data or guaranteeing the government’s ability to do so.
Existing legislation aside, however, lawmakers may soon consider restricting encryption, if Attorney General Jeff Sessions has his say. Addressing a law enforcement conference earlier this week week in Arizona, Mr. Sessions recalled that the FBI seized over 7,000 cellphones last year incapable of being accessed by authorities because of encryption, and he suggested that legislators could act in order to curb what he called a “critical” problem.
“That’s why we are working with stakeholders in the private sector, in law enforcement and in Congress to find a solution to this problem. Ultimately, we may need Congress to take action on this issue,” Mr. Sessions said
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.