The fight for security and privacy, now embodied in the encryption of devices and services, has long taken a political flavor when the US government publicly advocated installing backdoors on such systems for the sake of criminal investigation. Now the story takes an interesting turn when two lawmakers cross the political divide to propose a bill that will preempt such proposals. Rep. Ted Lieu, a Democrat from California, and Rep. Blake Farenthold, a Republican from New York, have proposed a House bill that will prevent any state or local government from forcing OEMs to create such backdoors.
It is not just coincidence that the bill comes from these two states' representatives. Both New York and California have proposed state legislation, in almost similar words, that would legally force device manufacturers and service providers to give law enforcers access to encrypted systems when needed. The problem is that if these bills come into law in these two states only, it would effectively apply to all devices and services in the country, as it would be a practical waste to design systems specific to one or two states.
Lieu, who holds a degree in Computer Science, calls those proposals as technologically stupid. It is just technically impossible to allow such an access that would not, by nature, weaken and endanger the security of the system in its entirety. It's a much repeated argument by many in the tech industry that had seemed to fall on deaf ears in Congress, that is until now.
Lieu makes another argument in light of recent hackings of government sites and databases. Recently both the Office of Personnel Management and the Department of Justice itself, under which the FBI operates, have been hacked, giving hackers access to millions of private records. Lieu says if the government cannot even protect itself, how can it expect to protect extremely sensitive keys from hackers as well.
Naturally, the bill, which is amusingly named "Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016" or ENCRYPT, has been lauded by privacy advocates, giving hope that there are at least some in government listening to their argments. However, some do say that Lieu's and Farenthold's wordings aren't strong enough to actually prevent New York's and California's proposed laws from getting enacted. It only sets limits on what they may impose on companies.
And, of course, ENCRYPT needs to first pass both House and Senate and be signed into law by the President before it takes effect. It will definitely be a long, and probably turbulent, journey.
VIA: Ars Technica