Posted on 06-30-2020.
Last week, Republican U.S. Senators introduced the Lawful Access to Encrypted Data Act “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” Experts and privacy advocates think it can effectively outlaw strong encryption. As the name may suggest, the Lawful Access to Encrypted Data Act (LAED Act, also referred to as LAEDA) is about requiring device manufacturers and service providers to allow law enforcement to access encrypted data, whether it is stored on a device or transmitted through the internet.
“The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary,” the official announcement reads, “but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.”The Senators behind the proposal argued that terrorists, drug traffickers, and other unsavory individuals exploit consumer-level encrypted communications to run their operations, while law enforcement officials can’t access information potentially important to the investigation.
“In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations,” said Senate Judiciary Committee Chairman Lindsey Graham.The bill would require companies like Apple and Facebook to “assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.” If a company is unable to comply, it will have to implement the required capabilities or appeal in federal court. The U.S. government will compensate the affected companies “for reasonable costs incurred in complying with the directive.” This basically means that U.S. companies will have to have an encryption backdoor available for all data stored or transmitted. Those who don’t have one will have to redesign their systems so there is a backdoor. Experts perceive the bill as an outright ban on end-to-end encryption in the U.S. The bill would also direct the Attorney General to organize a competition with awards for those who “create a lawful access solution in an encrypted environment while maximizing privacy and security.” On top of that, LAEDA proposes to fund a grant program to “increase digital evidence training for law enforcement” and create a call center that would provide advice and assistance to investigators. In her initial analysis of the bill, Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, warned about the potential impact of the proposal on encryption and users’ privacy.
“The bill is an actual, overt, make-no-mistake, crystal-clear ban on providers from offering end-to-end encryption in online services, from offering encrypted devices that cannot be unlocked for law enforcement, and indeed from offering any encryption that does not build in a means of decrypting data for law enforcement,” she wrote, “This bill is the encryption backdoor mandate we’ve been dreading was coming, but that nobody, during the past six years of the renewed Crypto Wars, had previously dared to introduce.”Riana Pfefferkorn also warned about the sweeping scope of the proposal:
“It isn’t just aimed at Apple, Google, Facebook, Signal, and the like, though it certainly applies to them; it goes well beyond, to include everyone from Box and Dropbox to the full range of Microsoft’s products, to OEM handset manufacturers.”Given the broad wording of the bill, Riana suggested that it might apply even to individual contributors in open-source projects. If the LAED Act passes, U.S. tech companies will be unable to provide users with end-to-end encryption.
“Say goodbye to WhatsApp and Signal: they’ll be wiped from the Google and Apple app stores. iMessage will no longer be E2EE, either. And as for Zoom’s big plans to end-to-end encrypt video calls? If this passes, Zoom can put their pencils down on that one,” Riana Pfefferkorn wrote.Importantly, the LAED Act doesn’t even have to pass in order to harm encryption. As pointed out by Slate’s Jillian Foley, companies that had plans to introduce strong encryption may now reconsider the decision”
“Even if this bill doesn’t end up succeeding, any uncertainty in the meantime might make companies like Zoom unwilling to push ahead with ambitious plans for encryption, which could hold back privacy timelines months or possibly years.”Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.