Senate anti-encryption bill is itself a threat to national security

The proposed Burr-Feinstein anti-encryption bill would put every American at risk of being spied on by foreign nations, hackers, or even the next US president.
Written by Zack Whittaker, Contributor

(Image: file photo via CBSNews.com)

It's the bill that has everyone up in arms. In the wake of the dispute between Apple and the FBI over encryption, Congress has weighed in with its long-awaited response, and it was the definition of what people didn't want.

The bill, released last week by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), two leading senators on the Senate Intelligence Committee, would require tech companies and phone makers to decrypt customer data at a court's request.

Or in the words of one opposing senator, Ron Wyden (D-OR), who also sits on the intelligence committee: "This is requiring American companies to build a backdoor."

That poses a big problem for tech companies, who in recent years pushed back against the prying eyes of the US government's secretive surveillance state.

With encryption becoming more ubiquitous in devices and apps than ever, the number of unencrypted services are falling into the minority. Apple encrypts storage on iPhones, Google encrypts the connection between email servers, and Facebook-owned WhatsApp encrypts messages end-to-end.

With a hack a minute and the looming threat of nation-state attackers, encryption keeps vital information scrambled and unreadable to the outside eye. In the event of a hack, that encrypted data is all but useless. The byproduct of scrambling user data is that it makes it impossible for these companies to turn over data on its users and customers to law enforcement for legitimate investigative purposes.

The Burr-Feinstein bill aims to put the needs of law enforcement over the risk of hackers, by punching a hole in Silicon Valley's encryption effort. The bill would force companies to install a backdoor, or use weak encryption, making the data readable and useful to law enforcement who seek access to it.

The unwavering view of the security and cryptography community is that if there's a backdoor for law enforcement, hackers will find it and would take everything they can, leading to incalculable damage.

By mandating a backdoor in almost every tech product and service, the bill would fundamentally and needlessly undermine one of the sectors with the strongest security. Recent data shows that of all industries, government is the lowest ranked in cybersecurity standing, with information services and technology ranking at the top. Given that the government can't keep its own systems safe, mandating tech companies to poke holes in their own strong security would be nothing short of an act of corporate sabotage.

Because the bill doesn't discriminate between the business and personal devices, the bill will not only put ordinary Americans' data at risk, but also corporate America's data at risk -- leaving its strongest industrial sectors open to foreign hackers and espionage.

But the threat could also come from within. In the wake of the Snowden revelations, can the government -- let alone the incoming government of a new president -- be trusted not to abuse their powers to conduct mass surveillance or intelligence gathering on hundreds of millions, or even billions of devices?

America's cybersecurity and economic security would suffer if the Burr-Feinstein bill becomes law, and that means its national security is at risk.

Editorial standards