The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Preventing a Ban on Encryption

by Dennis Fisher on Tuesday July 17, 2018

Contact Us
Free Demo
Chat

A bipartisan bill, the ENCRYPT Act, has resurfaced in the House of Representatives this week. The legislation would block states and governments from compelling companies to weaken encryption with a backdoor.

There is a small group of legislators in Washington working to protect the private communications and data of Americans with a new bill that would prevent individual states from passing laws that weaken encryption.

The bill is known as the ENCRYPT (Ensuring National Constitutional Rights for Your Private Telecommunications) Act and it’s the work of several lawmakers, including Reps. Ted Lieu, Mike Bishop, Susan DelBene, and Jim Jordan. The group introduced the bill last week and it’s a direct response to efforts in some states to pass measures that would require device manufacturers to include mechanisms that enable decryption of users’ data. Lawmakers in both New York and California have introduced such bills in recent years, and while they haven’t succeeded, the sponsors of the ENCRYPT Act want to ensure that other state legislatures don’t go down the same path.

The language in the new House of Representatives bill clearly prohibits states from passing laws that weaken or ban encryption. Here’s the relevant text:

“In General.—A State or political subdivision of a State may not—mandate or request that a manufacturer, developer, seller, or provider of covered products or services—
(A) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or
(B) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service; or
(2) prohibit the manufacture, sale or lease, offering for sale or lease, or provision to the general public of a covered product or service because such product or service uses encryption or a similar security function.”

Blog Post

Weakened Encryption Solves Nothing

There’s not much in the way of ambiguity there. The introduction of the bill will come as welcome news to many constituencies, including privacy conscious users, civil liberties groups, and the device manufacturers themselves. Apple has been the most visible and vocal corporate opponent of any kind of mandated backdoor or other weakening of device encryption, but other companies, including Microsoft and Google, have been fighting behind the scenes, as well. The ENCRYPT Act would remove the possibility of states putting together their own legislation, something that would remove quite a bit of complexity and uncertainty from the equation.

“If state legislatures individually meddle with encryption policy, we could see a landscape where Illinois residents can buy the latest iPhone and download messaging apps like Signal and WhatsApp, but Californians can’t. But the California and New York state bills, intended to help law enforcement catch criminals, ignored the reality that people could still cross into states where the technology is unrestricted to purchase encrypted devices. What’s more, it would be trivially easy for anyone to download encrypted messaging apps online, regardless of state laws,” David Ruiz of the EFF wrote.

The encryption debate that’s been going in Washington for the last few years wouldn’t end if the ENCRYPT Act becomes law. Law enforcement agencies will continue to lobby for exceptional access and device manufacturers will continue to resist. Encryption is complicated and difficult to understand and people tend to fear what they don’t understand. That won’t change if this bill happens to pass, but the legislation could go a long way toward bringing some sanity and uniformity to encryption policy.

House of Representatives image via Ron Cogswell's Flickr photostream, Creative Commons 2.0

Tags: Government, Encryption

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.