U.S. lawmakers seek to bar states from mandating encryption weaknesses

WASHINGTON U.S. House of Representatives lawmakers will introduce bipartisan legislation on Wednesday that would prohibit states from requiring tech companies to build encryption weaknesses into their products.

The move marks the latest foray into an ongoing debate over encryption between Silicon Valley and Washington. While tech companies generally oppose weakened security standards, federal authorities have warned about a “going dark” phenomenon in which criminal suspects use powerful encryption in their communications so that investigators cannot access a phone’s content, even with a warrant.

The ENCRYPT Act, sponsored by Democratic Representative Ted Lieu and Republican Blake Farenthold, would prevent any state or locality from mandating that a “manufacturer, developer, seller, or provider” design or alter the security of a product so it can be decrypted or surveilled by authorities, according to bill text viewed by Reuters.

The legislation is in response to proposals in recent months in New York and California that would require companies to be able to decrypt their smartphones manufactured after 2017, Lieu said.

“It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products,” Lieu told Reuters in an interview. “Apple can’t make a different smartphone for California and New York and the rest of the country.”

It is unclear how much momentum the bill will have in the House, though the chamber has staked out positions sympathetic to digital privacy in recent years.

Encryption has been an area of disagreement between tech companies and law enforcement authorities for decades, but it gained renewed scrutiny after Apple and Google began offering strong encryption by default on their products in 2014.

FBI Director James Comey told a Senate panel on Tuesday that federal investigators have still been unable to access the contents of a cellphone belonging to one of the killers in the Dec. 2 shootings in San Bernardino, California, because of encryption.

But technology companies, privacy advocates and cryptographers say any mandated vulnerability would expose data to hackers and jeopardize the overall integrity of the Internet.

A study from the Berkman Center for Internet and Society at Harvard University released last month, citing some current and former intelligence officials, concluded that fears about encryption are overstated in part because new technologies have given investigators unprecedented means to track suspects.

(Editing by Richard Cowan and Matthew Lewis)

comments powered by Disqus