Bill seeks to prevent patchwork of state encryption rules

Bill seeks to prevent patchwork of state encryption rules

To address law enforcement’s "going dark" problem -- or its inability to access encrypted communications -- many state and local jurisdictions are considering legislation that gives law enforcement new authority.

Two members of Congress, however, are hoping to avoid a potentially messy patchwork of state regulations with a new bill that would preempt states from making their own laws regarding access to encrypted communications. The Encrypt Act of 2016 (short for Ensuring National Constitutional Rights for Your Private Telecommunications) would prevent states from requiring device manufacturers and communications service providers to alter their products and services to create backdoors for law enforcement searches. The bill is backed by Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas).

"We are deeply concerned that a patchwork system with different encryption requirements in every state would not only undermine national security, it would also threaten the competiveness of American companies and dampen innovation," Lieu and Farenthold wrote in a letter to members of Congress seeking support for the draft bill.

Lieu, who has a degree in computer science from Stanford University, is strongly opposed to government efforts to require device manufacturers and service providers to retain encryption keys to their customers' accounts. However, he is making the case to colleagues that even those who want some regulatory action on commercial encryption should support the bill to avoid the chaos of 50 separate rulebooks governing encryption.

The bill has already attracted support from the IT industry, including the Information Technology Industry Council, the Internet Association and other groups representing hardware and software companies as well as mobile application developers.

Most encryption experts and computer scientists present the issue as a logical problem rather than one that can be "solved" by technology. They argue that the existence of master encryption keys held by third parties -- whether manufacturers, service providers or government -- makes communications less secure because those keys can be discovered and exploited by adversaries and used in ways not intended by policymakers.

U.S. CIO Tony Scott has been among those raising doubts about the value of mandating such access. "At the end of the day, I think the better policy is probably not to require these backdoors," he said in an interview late last year with FCW, a sister site to GCN.

A longer version of this article originally appeared on FCW, a sister site to GCN.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group