Farewell to privacy: Lindsay Graham unveils a bill that would make encryption useless
"Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities," Senate Judiciary Committee Chairman Lindsey Graham of South Carolina said in a statement while introducing the legislation with his Republican colleagues, Sens. Marsha Blackburn of Tennessee and Tom Cotton of Arkansas. After claiming that there have been terrorism cases and other incidents involving "serious criminal activity" in which law enforcement was hindered by not being able to access encrypted information, Graham accused technology companies of not honoring court orders.
"My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations," Graham said in his statement. "Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks."
"What this legislation would do is essentially require companies to ensure access to encrypted content right there, by decrypting it or through some other mechanisms."
Salon spoke with cybersecurity experts, all of whom agreed that the proposed legislation threatens civil liberties and could have unintended consequences.
"The problem with that is that it fundamentally doesn't understand how encryption works. You can't create a backdoor just for 'good guys,'" Neema Singh Guliani, Senior Legislative Counsel of the American Civil Liberties Union, told Salon. "Anytime you weaken encryption, you weaken it in terms of the cybersecurity of the system itself and the product itself. The proposal is similar to what we've seen in the past and similar to those past protocols that were also rejected as fundamentally flawed. This similarly doesn't reflect a clear understanding of not only the value of encryption, but how companies would even do what the bill purports to require."
Brian Krebs, a former Washington Post journalist who specializes in covering profit-seeking cybercriminals and runs the website krebsonsecurity.com, had a similar observation.
"I think the factions of government that did want this capability really need to be careful what they wish for," Krebs told Salon. "They want this magical ability with a court order to peer inside of any locked digital box and see what's there. But these kinds of ambitions — which are not new by the way, certain parts of the government have been pushing for this for decades — it's just misguided, because any effort along these lines is invariably going to introduce a fair amount of uncertainty and unintended consequences."
He added, "I think you could think of it as asking for the authority to look inside any digitally locked box. In all likelihood, we'll open Pandora's box. That is to say, the same ability, if granted to the authorities, will essentially be used or abused against us by our adversaries, whether they be nation-states, organized crime or others."
Guliani argued that ordinary Americans should be frightened of this potential government overreach, especially those who travel abroad or engage in protest activity at home.
"They should be scared as everybody relies on strong encryption, especially when we're home these days," Guliani said. "If people are relying on the internet and digital communications, you rely on strong encryption to protect you from hackers, especially if you're protesting or are abroad to protect your yourself from the government. Even in the protest we've seen in the U S we've seen activists encourage the use of strong encryption to make sure that people have their privacy."
Andi Wilson Thompson, Senior Policy Analyst at New America's Open Technology Institute, also argued that the proposed legislation is ominous.
"I think it's really dangerous," Thompson explained. "I think that the fact that it's a more comprehensive assault on encryption is really concerning, given the wide variety of statutes that it is trying to amend. And I think that is much more concerning than a lot of things we've seen recently, because of both the time and the way that they're attempting to address this."
Like Krebs, she noted that the government has sought this kind of power for a while.
"The government, especially the Justice Department, have been pushing for this for decades, but especially for the past five years, to have backdoor corruption for law enforcement access," Thompson pointed out. "Every time there was any sort of terrorist attack or public criminal situation where they can say that encryption has prevented access to information because of the encrypted phone or communications or something, every time that happens, they come up with an excuse."