A group of Senate Republicans is looking to force tech companies to comply with “lawful access” to encrypted information, potentially jeopardizing the technology’s security features.
On Tuesday, Republican lawmakers introduced the Lawful Access to Encrypted Data Act, which calls for an end to “warrant-proof” encryption that’s disrupted criminal investigations. The bill was proposed by Sen. Lindsey Graham, chairman of the Senate Judiciary committee, along with Sens. Tom Cotton and Marsha Blackburn. If passed, the act would require tech companies to help investigators access encrypted data if that assistance would help carry out a warrant.
Lawmakers and the US Justice Department have long battled with tech companies over encryption, which is used to encode data. The Justice Department argues that encryption prevents investigators from getting necessary evidence from suspects’ devices and has requested that tech giants provide “lawful access.”
That could come in many ways, such as providing a key to unlock encryption that’s only available for police requests. The FBI made a similar request to Apple in 2016 when it wanted to get data from a dead terrorist’s iPhone in a San Bernardino, California, shooting case.
Giving access specifically to government agencies when requested is often referred to as an “encryption backdoor,” something tech experts and privacy advocates have long argued endangers more people than it helps.
End-to-end encryption protects billions of people from hackers, oppressive governments and abusive romantic partners by providing security measures that even the companies themselves aren’t able to crack. Creating a way for investigators to access that data raises concerns that the method could also open the door for hackers and criminals to abuse that exposure.
The proposed legislation stops short of requiring tech companies to create a backdoor, noting that the attorney general is prohibited from giving specific steps on how tech companies need to comply with lawful access orders.
The proposed legislation also allows for tech companies that receive a request to appeal to federal court to change or set aside the orders.
“My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations,” Graham said in a statement. “Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks.”
The bill also allows the attorney general to create a competition with a prize for anyone who can come up with a way to access encrypted data while protecting privacy and security. Security experts have long noted that this is an impossible request.
Facebook responded to the proposal by saying that weakening encryption in apps would make consumers more vulnerable.
“End-to-end encryption is a necessity in modern life — it protects billions of messages sent every day on many apps and services, especially in times like these when we can’t be together,” Facebook said in a statement. “Rolling back this vital protection will make us all less safe, not more. We are committed to continuing to work with law enforcement and fighting abuse while preserving the ability for all Americans to communicate privately and securely.”
The legislation introduced on Tuesday isn’t Congress’ first attempt at weakening encryption policies in the US. In March, Graham and a bipartisan group of senators introduced the EARN IT Act, which could take away tech companies’ Section 230 legal shield if they continued to help protect child predators through tools like encryption.
The Justice Department has criticized tech companies like Apple and Facebook for embracing encryption, arguing the technology is protecting terrorists and. In May, the FBI said it had an “Apple problem,” alleging that the company refused to help unlock a terrorists’ iPhone from a 2019 attack on a naval base in Florida.
Apple didn’t respond to a request for comment for this story, but said in May that it had helped the FBI’s investigation in every way possible.
Lawmakers also pointed to how drug dealers used WhatsApp, a Facebook-owned encrypted-messaging service, and how law enforcement has been unable to gather evidence from it. Facebook didn’t respond to a request for comment.
The legislation would also allow the attorney general to require tech companies to report on their ability to comply with these warrants.
“The bill announced today balances the privacy interests of consumers with the public safety interests of the community by requiring the makers of consumer devices to provide law enforcement with access to encrypted data when authorized by a judge,” Attorney General Bill Barr said in a statement. “I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access.”