The Lawful Access to Encrypted Data Act or Just Another Backdoor Mandate?
7 Jul 2020
What’s the biggest and most valuable lesson of 2020?
If you think today is bad, wait for tomorrow. This rule applies to a lot of things, and one of them is encryption.
It can never catch a break, being targeted month after month with differently named acts created for the same purpose - create a controlled environment, where online services and platforms that offer end-to-end encryption can no longer operate as usual.
The latest bill was introduced on June 23rd by senators Graham, Cotton, and Blackburn. It is called the “Lawful Access to Encrypted Data Act of 2020”.
The act will create the means to bypass encryption for law enforcement, or as the document says, “to improve the ability of law enforcement agencies to access encrypted data, and for other purposes.”
When One Act Gets Shut Down, Another One Emerges
Not that long ago, we have discussed the EARN IT act, but the LAED act is even worse.
EARN IT puts platform providers in a position where they should either compromise their security or bear responsibility for any misconduct carried out by the users of that platform. EARN IT suggested the creation of a state commission that would determine the “best practices” online.
LAED doesn’t have to dance around the terms ‘encryption’ or ‘best practices’. If the bill passes, it would bluntly give the Justice Department a possibility to require data decryption upon request from encrypted devices, apps, operation systems, social media, email, cloud storage, etc. LAED goes straight to the point, not even bothering with commissions. The bill requires companies to comply on their own.
Bill’s sponsors can’t understand that building “lawful access,” or a backdoor only for “the good guys” is technically impossible. Legislators don’t agree and call for a redesign of systems.
Most providers bear all the costs of the redesign, of course.
Governments Are The Main Reason People Want Encryption
Many users are rightfully infuriated and frustrated that just when they thought they had beaten one enemy, a new threat spawned back on the horizon.
It is a calculated move. The Senate expects people to lose concentration just once, for one bill to pass and change communications forever, just like the Patriot Act did. Not to say that LAED is all about domestic law enforcement - it will also apply to electronic surveillance under FISA (under the Foreign Intelligence Surveillance Act).
It is a national security bill too.
The bill would allow the government to demand a need in a backdoor through secret evidence that can’t be presented in the public court for national security reasons. It applies to providers with more than a million U.S. users (1M monthly active users for providers of data-in-motion solutions, 1M sold devices for providers of stored data products).
For example, Facebook wouldn’t be able to say they can’t decrypt WhatsApp messages, or Apple wouldn’t be able to say they can’t unlock an iPhone. They will have to redesign products, so there would be a way to decrypt them.
Law enforcement refrains from regulating end-to-end encryption or settling on regulating devices while leaving data in transit alone. They want total access to everyone’s communications and devices. Secure encryption for stored data on devices will be illegal to offer in America.
Decryption will be possible without a warrant too. You can’t create a “golden encryption key” only for “the good guys”, so by weakening the security standards, users will be more vulnerable to criminals the government fights so valiantly.To protect the security and secrecy of online communications, consider taking action and telling Congress to reject the bill and help Electronic Frontier Foundation in other campaigns.