Burr-Feinstein Anti-Encryption Draft Officially Released, Wyden Promises Filibuster

The “discussion draft” for the Compliance with Court Orders Act of 2016 was officially released on Senator Feinstein’s Senate page, without many changes, other than some more specific language about the types of Court orders that can demand decryption. Senator Ron Wyden promised to filibuster the bill soon after the draft was published.

No Significant Change

When the leaked draft came out last week, many security and cryptography experts responded negatively to it. They warned that the bill would force anyone, including open source developers, to either stop using encryption completely, or make it so weak that malicious hackers could threaten the security of all services and products.

The main change from the previously leaked draft is that now not just any court order can decrypt the data, but a court order in cases involving “serious crimes,” such as those involving serious bodily harm, child exploitation, terrorism, espionage (which could likely be used against whistleblowers, too), violent felonies, or other “serious drug crimes.”

From the perspective of how this affects the state of encryption in services, this change is insignificant. Once the law exists as currently described, then companies would still have to either be able to decrypt everything their services or products encrypt, or if the burden to do that is too great, they might just stop using encryption altogether. Companies can’t just use “encryption for serious crimes” and “encryption for less serious crimes,” because there’s no clearly defined way to make that distinction.

“Above The Law”

The two Senators made the argument that the bill must pass because “nobody is above the law,” an argument similar to one the FBI has been making about “warrant-proof” devices. However, they neglected to mention that there are already things that are warrant-proof, and therefore “above the law,” as the Senators call it.

Jonathan Zdziarsky, famed mobile forensics expert, noted in a recent post that there are already other things that are protected against judicial warrants, such as journalist sources and documents, physician-patient records, attorney records, and diplomatic pouches, just to name a few examples. At some point in the past, the U.S. government determined that these things should be “above the law,” because the net benefit to keep them protected at all costs is much greater than allowing government access to them.

If journalists can’t have their documents and sources’ names taken away from them even with a judge’s order, then people can have a freer society protected against government as well as judicial abuse.

In the same way, one could make the argument that strong encryption is a net benefit to society, and should also be warrant-proof, if the entities dealing with sensitive data decide that such encryption would best protect that data against cybercriminals.

More Security Or Less Security?

Senator Ron Wyden, also a member of the Senate Intelligence Committee, promised to filibuster the bill.

“The encryption debate is about having more security or having less security. This legislation would effectively outlaw Americans from protecting themselves. It would ban the strongest types of encryption and undermine the foundation of cybersecurity for millions of Americans,” Wyden noted on his Senate page.“This flawed bill would leave Americans more vulnerable to stalkers, identity thieves, foreign hackers and criminals. And yet it will not make us safer from terrorists or other threats. Bad actors will continue to have access to encryption, from hundreds of sources overseas. Furthermore, this bill will empower repressive regimes to enact similar laws and crack down on persecuted minorities around the world,” Wyden added.

He also asked the American public to organize and protest against this bill while at the same time he would try to stop it in Committee, or filibuster it on the Senate floor.

Wyden also reminded everyone that his Secure Data Act would ban any government backdoors or mandates to weaken encryption, implying that people should call their representatives and urge them to support it in Congress.

California’s Smartphone Decryption Bill Fails To Pass

While Senator Feinstein was working on this federal decryption bill, her own state was also trying to pass a similar bill that would have forced smartphone makers to add backdoors to their phones to be able to decrypt them on demand.

However, the bill didn’t even get a vote, as the members of the Assembly Committee on Privacy and Consumer Protection worried that the bill “would undermine data security and impose a logistically untenable requirement on California companies.”

It seems the California legislature realized that such anti-encryption bills would not only make security worse, but could also hurt companies economically due to the burden imposed on them.

California wasn't the only state to try and pass such a bill. New York is still discussing an almost identical bill, so it's now up to New York's legislature and its citizens to decide if this bill should pass.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • teknic111
    Is this woman serious??? Why do Californians keep electing her???
  • clonazepam
    Is this woman serious??? Why do Californians keep electing her???

    That's easy. Look up her opponents.
  • gggplaya
    Is this woman serious??? Why do Californians keep electing her???

    She likes to make a name for herself and propose bills for hot button issues. She's a party favorite and california 70% democrat, so she has no trouble getting re-elected year after year since 1992.
  • Quixit
    Filibusters as a concept make a mockery of democracy. They essentially hand the power of veto to any senator.
  • sykozis
    17817236 said:
    Filibusters as a concept make a mockery of democracy. They essentially hand the power of veto to any senator.

    A filibuster is a better alternative than having our private data made available to the world, un-encrypted, just because some Senators are braindead when it comes to technology of any type....
  • Onus
    Anything to do with Feinstein is a cluster of GRAPES. All this bill will do is cost American jobs, as strong encryption will be available from off-shore sources only (some of which may have back doors of their own).
    Until the American People impose dire consequences on their elected parasites for oath-breaking, this abuse will continue and worsen.
  • firefoxx04
    Good luck. You cant get rid of open source. you can force Microsoft to stop allowing encryption. You can force apple. You wont stop Linux.
  • jeremy2020
    At least we have Wyden...
  • Banqu0
    Good luck. You cant get rid of open source. you can force Microsoft to stop allowing encryption. You can force apple. You wont stop Linux.

    In what way would the bill achieve this? Can Microsoft or Apple actual patch the OS to not run any kind of encryption software? Is that even feasible? I agree, 3rd party software - particularly open source software, is the big hole in the bill. I wonder if the authors of this bill realize that you can only force companies to do so much. No company can change the math or the reality of the situation.
  • gferrin2012
    Onus hit the nail on the head, I believe as well, every foreign country will dodge the United States as a plague nation when it comes to data storage. Of course this will have an impact on jobs. While this "Bill" seems to focus on encryption, it is just a smoke and mirror ploy to get unlimited access at any time by the government. Maybe Hillary Clinton should have used encryption with her latest e-mail fiasco. Oh wait, as soon as "most" encryption will be accessible, the American people can find out about all the little hidden games the politicians play anyway. Do they think they are above the law? The "Bill" they are proposing will expose them as well. In my opinion, and my opinion only, Data should be treated just like any other property. In must go through a "due process" and have a court order just like any other search warrant. If Feinstein thinks these "holes" in encryption will not be exploited, she really needs to sit down with a knowledgeable person in I.T. Securities. Please have her quit the sensationalism B.S. that gets her name in the papers. She appears to be clearly over her head here. Now we have politicians meddling with advanced mathematical algorithms. Lord have mercy.