Introduced by Rep. Ted Leiu (D-CA) and cosponsored by Rep. Blake Farenthold (R-TX), Rep. Suzan Delbene (D-WA), Rep. Rob Bishop (R-MI) and Rep. Zoe Lofgren (D-CA), the ENCRYPT Act of 2016, short for “Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016”, aims “to preempt State data security vulnerability mandates and decryption requirements.”
The bill itself is very clear and simple, the main part is as follows:
(a) In general.—A State or political subdivision of a State may not—
(1) mandate or request that a manufacturer, developer, seller, or provider of covered products or services—
(A) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or
(B) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service; or
(2) prohibit the manufacture, sale or lease, offering for sale or lease, or provision to the general public of a covered product or service because such product or service uses encryption or a similar security function.
So far it’s only been introduced, it needs to pass the House and Senate and then get signed by the President for it to finally become law.
The way it’s worded would have one think that this bill was inspired by other bills that want to do the exact opposite and impose state mandated backdoors in encryption. In fact, it was.
“When the New York state legislator introduced the bill, I was somewhat concerned—but he was a Republican in a Democratic legislature, But when a Democratic state legislator introduced a similar bill then I got very concerned. I’m very aware that it’s controlled by Democrats, and he could very easily get his bill passed.”
Referencing the recent embarrassing government hacks, Leiu pointed out the idiocy of putting backdoors in encryption and expecting security.
“It’s very clear to me that the people who are asking for a backdoor encryption key do not understand the technology, You cannot have a backdoor key for the FBI. Either hackers will find that key or the FBI will let it get stolen. As you saw, it the Department of Justice just got hacked. The Office of Personnel Management got hacked multiple times. If our federal government cannot keep 20 million extremely sensitive security records, I don’t see how our government can keep encryption keys safe.”
One of the issues Leiu has with government backdoors is “You cannot design a technological backdoor only for the good guys, because hackers will eventually find that backdoor, or what’s more likely is the federal government will get hacked through that backdoor”.
This is what privacy advocates have been saying for the longest time.
He also attacked the idea that backdoors would protect citizens from terrorist attacks, “There’s not a single shred of evidence that an encryption backdoor would have prevented any terrorist attack”