US lawmakers have reintroduced a bill designed to create a uniform, national standard for encryption and prevent states from creating their own rules about encryption. The bill, named “Ensuring National Constitutional Rights for Your Private Telecommunications” or the “ENCRYPT Act”, was introduced in Congress by a group of bipartisan lawmakers to regulate data encryption rules across the country.
If passed, it would supersede any existing data encryption standards created on the state or local levels. It would bar any state or local governments from passing any laws that undermine encryption and prevent states from prohibiting the sale or use of products that use encryption or similar security technologies. It would also prohibit any requirements that products must include built-in backdoors or alternative means of decryption.
The bill was sponsored representatives Ted W. Lieu of California, Mike Bishop of Michigan,, Suzan DelBene of Washington and Jim Jordan of Ohio.
Reintroducing the bill
Lieu initially introduced the bill earlier in 2016 along with a group of bipartisan co-sponsors. However, it never reached the floor for a vote. The earlier version of the bill came shortly after the FBI tried to compel Apple to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook.
“As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement,” Lieu said.
Representative Bishop further added: “The ENCRYPT Act is a critical first step in adopting a national approach – instead of the patchwork of encryption standards that our tech industry and law enforcement face today. The concept of having a central repository is a key to defending nations against cyber attacks."
The big encryption debate
Encryption has been a hotly debated issue between the tech sector and law enforcement officials. The FBI and Justice Department have repeatedly stated that there are a large number of encrypted devices they have been unable to access during ongoing criminal investigations despite having warrants.
The FBI has long claimed that end-to-end encryption technology, which protects user communications from anyone except the sender and recipient, damages national security and allows terrorists and criminals to remain undetected.
“The current patchwork system for encryption makes it easier for further abuses of the system and increases the problem by creating potential opportunities for abuse by third-party actors,” Rep. Jordan said. “By creating a unified approach to encryption, we can protect security and privacy while allowing law enforcement to continue keeping us safe.”
EFF voices support
The Electronic Frontier Foundation has voiced its support for the ENCRYPT Act saying it “gets encryption policy right”, adding that “your zip code shouldn’t determine your digital security.” It also reiterated its support for the recently introduced Secure Data Act, saying it would act as the “perfect complement” to the ENCRYPT Act.
“The ENCRYPT Act would prevent U.S. states and local governments from compelling companies to weaken their encrypted products or store decryption keys for use on demand by law enforcement,” the EFF said in a statement. “It would also prevent states from prohibiting the sale and offering of certain devices and services based solely on their encryption capabilities. That means everyone across the United States, no matter what state they live in, could have equal access to strong encryption.”
Although it is unclear how far the bill will make it through Congress and the Senate, the steady stream of news regarding privacy breaches, the recent Facebook-Cambridge Analytica row and increased attention to data privacy protections such as the EU’s recently implemented GDPR could help catalyze its traction as compared to 2016.