A new bill will force companies to place a backdoor in their devices to undermine their own encryption

compliance with court orders act of 2016 news dianne feinstein
David Lee/Flickr
The government wants to access information from digital devices in emergencies and legal investigations. It can’t do that right now because some services (like WhatsApp) and some devices (like iPhones) are encrypted.

While terrorists may still be using burner phones, law enforcement officials are in possession of an overwhelming number of devices involved in criminal investigations that they can’t access due to encryption. Naturally, investigators turned to the device and software manufacturers for help, and they’ve been petitioning for help breaking into these devices for quite a while.

But after the 2013 NSA surveillance leaks by Edward Snowden, people’s trust in the government shattered. Companies like Apple and Google began to include device encryption by default in their smartphones. App makers like the folks behind WhatsApp also added encryption to their products. Although the government wasn’t thrilled with the companies’ decision, the encryption debate largely remained hidden from the public eye. That is, until one particular case broke the debate wide open.

In December of 2015, a shooter by the name of Syed Farook, along with his wife, opened fire on San Bernardino county employees at a holiday event, killing 14 people. The pair, who died in a shootout with the police, are believed to have ties to the Islamic State, but all they left behind was an encrypted iPhone 5C that belonged to San Bernardino County.

Apple initially assisted the FBI in the investigation, but then the bureau slapped a court order on the Cupertino company, ordering it to create specialized code that would offer a backdoor into the iPhone. Apple, afraid the code would get into the wrong hands, refused to comply. The company argued that giving law enforcement an encryption key would threaten the security of its customers’ data — and their privacy. After a month-long legal battle, the FBI dropped the case, after it managed to access the iPhone with the help of paid, professional “gray hat” hackers.

If Apple had complied, the FBI would potentially be able to use the “GovtOS” code to unlock any iPhone it had in its possession. If Apple was forced to hand over its source code — that would mean the government could push an update to all iPhones and still claim it was coming from Apple. The government could then have accessed every aspect of your phone, from the camera to the microphone.

“There are all kinds of things we want to hide from other people.”

In the wrong hands, an encryption key would make it dead simple for cybercriminals to take over anyone’s iPhone, accessing pictures, texts, emails, and whatever else you have stored on your phone. People may say they have nothing to hide, because they are not doing anything wrong — but someone can always find data sitting in your smartphone to exploit.

But to some, it’s equally worrisome for the government to have the capability to snoop on everything you do. As Glenn Greenwald said, “there are all kinds of things we want to hide from other people — that we tell our psychiatrist, our lawyer, our doctor, our spouse or a stranger on the Internet — that have nothing to do with criminality.”

There have been numerous calls for Congress to take a stand and begin a conversation to resolve the encryption problem, and finally the draft of the anti-encryption bill, dubbed the “Compliance with Court Orders Act of 2016,” has officially been released. It’s almost the same as the one that was leaked a week ago.

The bill, introduced by Senator Richard Burr, R-N.C., and Senator Dianne Feinstein, D-CA, would force companies to comply with court orders requesting access into their devices or services.

Another bill backed by House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Sen. Mark Warner, D-VA, wants to create a “national commission” that would delve into the subject of encryption within criminal investigations.

But the Feinstein-Burr bill aims to take action. Here’s everything you need to know about it.

What is the Compliance with Court Orders Act of 2016?

The bill, officially titled the Compliance with Court Orders Act of 2016, was introduced on April 13 as a discussion draft — meaning that its language is subject to change. The first step is to open discussions to get feedback, Tom Mentzer, Feinstein’s press secretary, told Digital Trends.

Its language is simple — no one is above the law. While the bill says companies that offer communications services and products should protect their customers’ privacy, it also says companies have to comply with court orders, as the law dictates. In other words, you can offer encryption, but you must also have a key readily available to break that encryption when law enforcement needs access to a suspect’s device.

“To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data,” the discussion draft states.

When you break down the legal language, you’re left with this: Companies that have been ordered to provide information or data must do as the courts and law enforcement command. If your service or product is encrypted, decrypt it and provide the data legibly. But the government also wants to make sure future products will allow easy access to user data.

“A provider or remote computing service or electronic communication service to the public that distributes licenses for products, services, applications, or software of or by a covered entity shall ensure that any such products, services, or applications, or software distributed by such person be capable of complying with subsection (a),” the draft continues.

The government wants software and hardware license distributors to make sure new services and products can easily offer access to encrypted data in an “intelligible” format.

But if the data is encrypted, how can companies make it easily accessible?

A lot of the time, the data is encrypted and can’t be accessed at all — which is why Apple called it a “burden” to have a team of engineers dedicate time to create specialized software that would offer a backdoor for the FBI in the San Bernardino case. All iPhone data is encrypted, and Apple can’t access it without the special tool the FBI wants it to create. The problem is, that tool doesn’t yet exist.

Creating code to break your own encryption defeats the purpose of providing an encrypted service.

If a company can’t access the requested information due to encryption, the government will still expect “technical assistance,” meaning a company like Apple would be expected to build special code to get around its own encryption.

The end goal is for the company to “achieve the purpose of the court order,” regardless of the manpower and resources it takes. That can be quite difficult for small businesses that need to divert those resources elsewhere. But perhaps more important, creating new code to break your own encryption defeats the purpose of providing an encrypted service in the first place, because it gives the government easy access to your data.

The bill says companies don’t have to change their products

According to the bill, the government may ask a company do whatever it takes to break its encryption and provide requested data, but the government isn’t asking the company to change its product or service.

“Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity,” the draft reads.

But that’s quite a confounding clause, because the entire point of this bill is to force tech companies to change their encrypted services by providing a key or backdoor — that in itself is forcing a company to change the design of its product or service.

If a company’s sole product is selling encrypted services, like encrypted email for example, its entire business model is moot with the introduction of this bill, because it can’t guarantee that no one is snooping on your emails.

The government will pay companies to decrypt services and devices

Apple argued that creating special software for the FBI to unlock the iPhone that was locked in the San Bernardino case would place a “burden” on its engineers. Smaller companies have also stated that they don’t have the money or resources to comply with government requests. The Feinstein-Burr bill wants to cover the costs incurred in aiding investigators by providing compensation for a company’s assistance.

“A covered entity that receives a court order … and furnishes technical assistance … shall be compensated for such costs as are reasonably necessary and which have been directly incurred in providing such technical assistance or such data in an intelligible format,” according to the draft.

The bill doesn’t specify an amount or set up guidelines as to how much compensation companies would receive. While monetary compensation can be enticing for some smaller businesses, companies risk losing the trust of their customers by handing over user data to the government.

What if a company refuses to comply?

The discussion draft is also missing any mention of penalties for what would happen should a company, like Apple in the San Bernardino case, refuse to assist law enforcement in accessing encrypted data. The language in the draft is different from the California anti-encryption bill, which was just struck down, and the New York bill, which would have placed $2,500 fines on companies that refused to cooperate.

“Penalties would be up to the courts. Judges have wide discretion on contempt penalties.”

Mentzer says that courts will determine the penalties.

“Penalties would be up to the courts,” he said. “Judges have wide discretion on contempt penalties.”

As such, the penalty for what a company would face, should they refuse to help the government, would be decided on a case-by-case basis.

Strong backlash

During the Apple vs. FBI case, tech companies, private citizens, and legal experts alike banded together to fight the government on its demands that Apple create a backdoor and undermine its own encryption. It’s likely we’ll see that kind of backlash again, if the Feinstein-Burr encryption bill advances further. Ever since the leak last week, legal and tech experts have come out strongly against it.

“A good parallel to this would be holding a vehicle manufacturer responsible for a customer that drives into a crowd,” forensics expert Jonathan Zdziarski said last week in response to the leaked draft. “Only it’s much worse: The proposed legislation would allow the tire manufacturer, as well as the scientists who invented the tires, to be held liable as well.”

Ladar Levison, founder of secure-email service Lavabit, thinks Sen. Feinstein and the bill’s authors should know better than to try and ban encryption. Levison shut down his email service after he complied with the FBI’s court order, and provided private SSL keys to his email network. The FBI wanted access to spy on NSA whistleblower Edward Snowden, who was using the encrypted email service at the time.

“It’s been a while since Google turned their homepage black [in protest],” Levison told Digital Trends. “Perhaps Feinstein missed the color scheme and the bill she introduced is really just her secret plan designed to solicit its return.”

His comment refers to when Google staged a blackout, along with several major tech companies, and turned its logo black in protest of the Stop Online Privacy Act, and the Protect IP Act. Many believed SOPA and PIPA would have detrimental effects to freedom of speech and internet-related entrepreneurship.

The Feinstein-Burr anti-encryption bill would change the definition of an encrypted device to something that can be broken into when the government so desires. Companies would have no say in the matter, and they’d be faced with an impossible choice:  Either be fined by the government for refusing to comply, or lose consumer trust by breaking their promise of secure encryption.

More recently, an open letter penned by the Reform Government Surveillance, Computer & Communications Industry Association, Internet Infrastructure Coalition (I2C), and the Entertainment Software Association was published online. Apple Insider reports that these groups represent companies like Apple, Amazon, Microsoft, and Google. An excerpt from the letter reads, “We write to express our deep concerns about well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm.”

The group states that they design the encryption for protection from the government as well as criminal elements. If companies are forced to adhere to this law and allow government access, they may also create vulnerabilities that can be exploited by those seeking to do harm. The group acknowledges that vigilance must be maintained against crime and terrorism, but there must be a balance, and it is “ready and willing to engage in dialogue about how to strike that balance.”

Of course, we expect that tech companies will fight this bill aggressively in the coming months, and it’s important to note that the Obama administration has said it will likely not support any anti-encryption legislation. We’ll be following its progress closely.

Gaming

Call of Duty: Modern Warfare is an aggressively familiar reboot

Modern Warfare takes the Call of Duty franchise back to the glory days of Call of Duty 4 with a new campaign mode that bills itself as "realistic" and "morally complex." In truth, it's rather simple, but it could still be a great shooter.
Mobile

Israeli company claims it can unlock any iPhone up to iOS 12.3 for police

Israel-based forensics firm Cellebrite claimed that its UFED Premium service can unlock any iPhone. The device will be sold as an on-premises tool, which means that the police will be able to use it any way they want.
Movies & TV

Get your pulse racing with some of the best action movies currently on Netflix

In need of a movie that will really get your adrenaline pumping? Netflix offers a ton of films that fit the bill, along with a few you might want to avoid. Here, we rounded up the best action movies currently streaming on Netflix.
Computing

If you need your laptop to be large, these ones are most in charge

Whether you're in the market for a mobile workstation or a gaming behemoth, there's probably something in the 15-inch form factor that can fit the bill. Here, we've rounded up the best 15-inch laptops available.
Mobile

Huawei's folding phone held back for more tests, will be released in September

The Huawei Mate X is an exciting 5G folding smartphone with stunning looks. The Mate X has three screens, a clever hinge system, and a Leica camera. All the details you need to know are right here.
Android

You can pre-order the Galaxy S10 5G from Sprint starting today

Samsung announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show, as it's the first 5G-ready smartphone to hit the market.
Mobile

5 features I’d like to see in Google’s Pixel 4 smartphone

We’ve had a sneak peek at Google’s forthcoming Pixel 4 smartphone, and it offers few clues about what we’ll get. These are the 5 features I’d like to see Google include to take the Pixel line to the next level.
Mobile

These are the best Moto Z4 cases to boost your new phone’s longevity

The Moto Z4 is the newest way to experience Motorola's flagship range. But just because it's cheap, doesn't mean that it's expendable. Make sure your new and beautiful Moto Z4 survives for a long time with one of the best Moto Z4 cases.
Mobile

Pixel 4 gets spotted in real world, showing not even Google can stop the leaks

Rumors abound about the Google Pixel 4, Google's next Pixel phone following the Pixel 3 and Pixel 3a. Getting around the leaks, Google straight-up teased an image of the back of the phone. Here's what you need to know.
Home Theater

Diagnose and fix some common Apple AirPods problems with our handy guide

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.
Deals

Fitbit Versa and Samsung Gear fitness smartwatches get big Amazon price cuts

Some of the best options can get pretty pricey, but with smartwatch discounts on the Fitbit Versa and Samsung Gear Sport, they are really quite affordable right now. You can save up to $125 on a new fitness watch.
Mobile

Huawei’s lock screen ads were a mistake, but may be a sign of things to come

Ads were placed on the lock screen of Huawei device owners yesterday, causing outcry on forums and social media. Huawei initially said it wasn't responsible, but that's no longer the case. Here's what happened.
Mobile

These are the best Pixel 3a XL cases and covers to protect your Google phone

If you want to change up the look or feel of your new Google phone, you want some decent drop protection, or both, then we have you covered with this list of the best Google Pixel 3a XL cases and covers.
Deals

The best Amazon Prime Day 2019 deals: Leaked date and what you need to know

Amazon Prime Day 2019 is still a month away, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.