Feinstein encryption bill sets off alarm bells


Feinstein encryption bill sets off alarm bells

A draft version of a long-awaited encryption bill from Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., was leaked online last week, and the technology industry is already calling foul.

The bill requires any company that receives a court order for information or data to “provide such information or data to such government in an intelligible format” or to “provide such technical assistance as is necessary to obtain such information or data in an intelligible format.” It doesn’t specify the terms under which a company would be forced to help, or what the parameters of “intelligible” are.

The lack of these boundaries is one of the reasons why the backlash to the bill — which isn’t even finished — has been so fast and overwhelming. Kevin Bankston, director of the Open Technology Institute, called it “easily the most ludicrous, dangerous, technically illiterate proposal I’ve ever seen.”

It’s disheartening that the senators intend to continue pressing on with this bill, especially in light of the FBI’s recent bullying of Apple. After the FBI bungled its handling of the San Bernardino shooter’s phone, it tried and failed to force Apple into creating a new program that would let it hack into not just the shooter’s phone but probably many other phones as well. When Apple resisted, the FBI mysteriously came up with a workaround. Small wonder other technology companies are reacting poorly to this Senate bill.

Feinstein’s staffers said that the issue is larger than one phone. That’s true — and it’s exactly why such a broad proposal should make everyone who uses a smartphone uneasy. Giving law enforcement such a broad mandate would inevitably lead to questionable decisions, and it would weaken Internet security for everyone.

Feinstein’s staff also said that the reason for the bill’s vagueness is that the goal is simply to clarify law, not to set a strict method for companies or to tell the court what the penalties should be should companies choose not to follow orders. That sounds good in theory. In practice, Feinstein and Burr would be well-advised to go back to the table with technology interests — and really listen to their concerns.