Washington D.C. — Late last night, a “discussion draft” of the Compliance with Court Orders Act, from U.S. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), was published online by The Hill. The bill would require that any “covered entity” that sells a product or method to “facilitate communication” is able to provide third-party access to the contents of those communications.
“This draft bill contains so many problems and errors it is difficult to imagine that it would be able to achieve support in the U.S. Senate or anywhere else,” said Nathan White, Senior Legislative Manager at Access Now. “One can only hope that the reaction to this draft will spur the bill’s sponsors to learn how digital security actually works.”
Encryption of the type that is undercut by this bill is largely not implemented to evade law enforcement. It is developed as a critical means to protect information and communications. However, this draft bill would make it impossible for any covered entity — broadly written to include any person who offers a communications service or stores data — to provide the strongest forms of encryption currently available. This prohibition will not only impair security for users, but it will frustrate cybersecurity efforts across all sectors by making it easier for bad actors to access sensitive data. Notably, the bill will also preempt protections for encryption that are currently written into U.S. law.
Most importantly, this draft bill harms human rights. Encryption is a critical piece of the puzzle for the protection of human rights including rights of speech, expression, and privacy. It protects the users who are most at risk. It does not stop criminals or terrorists from using tools and technologies outside of the bill’s purview to continue to evade law enforcement.
Access Now’s U.S. Policy Manager Amie Stepanovich said, “People who rely on secure systems to allow them to communicate freely will suffer from the provisions of this bill. It will force companies that have implemented the strongest security measures to backtrack in order to poke holes in their own systems, and will prevent others from developing those systems in the first place. At the end of the day, it is the ordinary internet user that loses big in this. We should be encouraging the development of encryption — not stigmatizing it.”
More than 100,000 people have asked U.S. President Obama to defend strong encryption at SaveCrypto.org. Despite promises to reply swiftly, the White House has ignored the petition.
“The president’s lack of leadership has allowed unsafe bills that would undermine our security to be promulgated in capitals around the world — including in Washington D.C. This draft bill, which jeopardizes the security of health records, private correspondence, banking information, and sensitive business information, is yet another bad precedent,” added White.
Access Now recently organized more than 200 international organizations, technologists, and companies to stand together in support of encryption. The letter, hosted at SecureTheInternet.org, will be sent to Senators Burr and Feinstein.
The draft bill was not officially released by sponsors and its content might change.