A bipartisan coalition of House members introduced the “Secure Data Act,” prohibiting surveillance and law enforcement agencies from forcing companies to install backdoors in their products and services, thus making them less secure.
The Secure Data Act includes co-sponsors such as Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Jerrold Nadler (D-N.Y), Ted Poe (R-Texas), Ted Lieu (D-Calif.), and Matt Gaetz (R-Fla.).
Backdoors Make Products (And Their Users) Less Safe
The politicians argued that having companies insert backdoors into products and services will make everyone less safe, even if the backdoor helps catch some criminals every now and then. After all, law enforcement has more access to data, either with warrants or without, than ever. The devices we use also share more data on us than ever, leading some security experts to conclude that we leave in a “Golden Age of Surveillance.”
We also know that even in the San Bernardino case, which started the new war against cryptography (after the U.S. government lost the one in the late 90’s), the FBI could use other means to unlock the device, without needing a backdoor or even Apple’s help to do it. That’s because getting security right is already incredibly difficult, and it’s virtually impossible to make a digital product “unhackable.”
To add a backdoor on top of that frailness of security would just mean even more opportunities for malicious actors to hack into devices and systems. Furthermore, there’s also the issue of government abuse.
Perhaps initially or most of the time, the government would seek out a warrant or a court order to access the backdoor. However, eventually the backdoor may either be misused in secret, or law enforcement could lobby for new legislation, as it did with the new FISA changes or the National Security Letters (NSLs), that would allow it to use the backdoor without any judicial review.
Congressman Massie also believes that making backdoors official for American products would make American products and services less desirable in other countries:
When the government forces companies to insert security backdoors in their products, they make Americans less safe. Backdoors in otherwise secure products make Americans’ data less safe, and they compromise the desirability of American goods overseas.
One of the reasons for the recent passing of the CLOUD Act was because multiple countries and important markets for American business were starting to require local data centers. That happened, in part, because those countries no longer trusted the American government not to abuse access to that data (which we already know it has).
Secure Data Act
According to the Secure Data Act, which the EFF supports, “no agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.”
The bill would protect both device makers that enable storage encryption as well as software developers that make end-to-end encrypted applications from being forced to alter their products in a way that weakens their encryption. The Secure Data Act also forbids the government from requesting a court order that would force the companies to comply with a backdoor.
The only exception would be for wiretapping standards required under the 1994 Communications for Law Enforcement Act (CALEA). However, even under CALEA, voice providers such as wireless carriers are still permitted to enable end-to-end encryption -- it’s just that none of them has, especially when they tend to have such cozy relationships with the NSA.
The EFF also said that the Secure Data Act would prevent another “crypto war,” and it would also lower the risks of other anti-encryption legislation, such as the one introduced by Senators Dianne Feinstein (Calif.) and Richard Burr (NC), gaining a foothold in Congress.