The last year's ISIS-linked terror attacks in Paris and California has sparked debate on Encryption, and the intelligent agencies started reviving their efforts to weaken encryption on various encrypted products and services.
But, there is some Good News!
California Congressman and Texas Republican are now challenging state-level proposals to restrict US citizens' ability to encrypt their smartphones.
On Wednesday, California Congressman Ted Lieu, one of four members of Congress, and Texas Republican Blake Farenthold, a member of the House Oversight and House Judiciary committees, introduced a new bill in Congress that…
…attempts to ban states efforts to implement their own anti-encryption policies at a state level while a national debate on Encryption is ongoing.
The bill, called "Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016" – in short, "ENCRYPT Act of 2016" – would stop states from individually trying to make major companies change their technology to fulfil law enforcement requirements.
The bill comes almost a month after two state bills in California and New York proposed to ban the sale of smartphones equipped with strong cryptography that cannot be unlocked and accessed by the manufacturer.
ENCRYPT ACT of 2016
Here's what the "ENCRYPT Act of 2016" reads [PDF]:
A State or political subdivision of a State may not order or request that a manufacturer, seller, developer, or provider of covered products or services:
- Design, alter or modify the security features in its product or service in an effort to allow the surveillance of its users, or to allow the physical search of such product or service by any federal agency or instrumentality of a State, a political subdivision of a State, or, of course, the United States.
- Have the ability to decrypt or otherwise provide intelligible information that is encrypted or otherwise rendered unintelligible using its product or service.
Although the privacy advocates have largely applauded the new bill, it would need to pass both the House of Representatives as well as the Senate, and signed by the President in order to take effect.
However, many federal officers, including FBI Director James Comey, would not be so happy with the proposed bill, as they forced major companies to provide backdoor access to their services.
As Comey previously stressed, "There're plenty of companies today that [offer] secure services to their customers and still comply with court orders. There are plenty of folks who make good phones [and can] unlock them in response to a court order."
But in my opinion, no backdoors can help law enforcement, and intelligence agencies tackle terrorism.
Would Handing Over a Backdoor to the Federal Agencies Help?
As I previously said, "Technically, there is no such backdoor that only the government can access. If surveillance tools can exploit the vulnerability by design, then an attacker who gained access to it would enjoy the same privilege."
Even if these backdoors are not creating vulnerabilities for hackers to attack, we do not trust the government asking for backdoor encryption keys.
Recently Department of Justice or DoJ got hacked by an unknown hacker who leaked personal data belonging to roughly 20,000 FBI agents and 9,000 DHS employees on Monday.
A similar thing happened last year when the US Office of Personnel Management (OPM) got hacked multiple times, exposing extremely sensitive security records of over 21.5 Million government employees.
These incidents prove that the government agencies fail to protect its most sensitive data, so can't be trusted to keep these backdoor encryption keys safe from hackers.