Today, U.S. Senator Ron Wyden introduced a bill to prohibit the government from mandating backdoors in hardware and software technologies. The legislation prohibits any federal agency from intentionally weakening consumer encryption standards. As we’ve previously said, strong encryption standards and device security are critical to the privacy of individual users. Access commends Senator Wyden and urges the Senate to quickly pass the Secure Data Act.
The bill comes in response to revelations demonstrating government efforts to undermine digital security to facilitate surveillance. In one instance, the National Security Agency paid security firm RSA $10 million to place a backdoor into two encryption tools, weakening the encryption and enabling greater government spying. The government has also intercepted shipments of routers and servers to place backdoors before the products are shipped to consumers abroad. U.S. law enforcement, lead by FBI chief James Comey, has recently criticized the adoption of strong security practices by technology companies.
Strong digital security protects users’ most sensitive information from unlawful access by unauthorized users, such as malicious hackers and repressive governments. As technologist Matt Blaze recently explained, it is virtually impossible to introduce a vulnerability into technology that cannot be exploited by unintended parties.
Earlier this year, the House of Representatives passed a similar provision. Representatives Alan Grayson, Zoe Lofgren, and Rush Holt introduced an amendment to the Department of Defense Appropriations Act to prohibit the use of funds to mandate backdoors into technology products or services. The text would also have closed the so-called 702 loophole. These protections were removed from a replacement compromise measure to fund the government currently under consideration in both chambers of Congress.
Access supports legislation that increases the security of users and prevents any undermining of encryption standards. Senator Wyden’s bill is a necessary step to preserving human rights and protecting users globally.