in

US Republican Senators develop Bill to end use of 'warrant-proof' encryption

Three Republican Senators — Judiciary Committee Chairman Lindsey Graham of South Carolina, Tom Cotton from Arkansas, and Marsha Blackburn of Tennessee — said today they have introduced a Bill to end the use of “warrant-proof encryption”.

Dubbed the Lawful Access to Encrypted Data Act, the Bill would see service providers and device manufacturers be compelled to assist law enforcement with accessing encrypted data after a court has issued a warrant.

The trio said tech companies that are deliberately designing products so that only users can access content has added “little to the security of the communications of the ordinary user” and is a “serious benefit” to criminals. The Senators also hit the usual tropes for promoting encryption-busting technology.

“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities,” Senator Graham said.

“In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations.

“My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans. It also puts the terrorists and criminals on notice that they will no longer be able to hide behind technology to cover their tracks.”

Senator Cotton said in the trio’s statement that tech companies have created “a new, lawless playground of criminal activity” and would end the “Wild West of crime on the Internet”.

The actual text of the Bill is yet to be posted.

For a number of years, governments of the Five Eyes — the United States, the United Kingdom, Canada, Australia, and New Zealand — have eyed legislation that force tech companies to help law enforcement agencies access encrypted communications and data.

In January, it was revealed that in the first seven months of Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 coming into force, police used its voluntary assistance powers used seven times. The Act also has the ability to compel tech companies and telcos in Australia to help law enforcement, but they were not used in the period covered by the report.

Critics of the Act have called for the Australian laws to have independent judicial oversight — something the US proposal would have — but the Department of Home Affairs pushed back against that idea in February.

The department also rejected the idea that employees could be dragooned in secret to create backdoors without their boss’ knowledge.

“It is not now and it has never been intended that individual employees would be asked or required to provide assistance without informing or consulting their employer,” departmental officials said at the time.

This did not prevent the UK-domiciled, US-listed, somewhat-Australian company Atlassian from raising concerns on the “perception” that employees could be dragooned, and suggested an amendment be made to “remove all doubt”.

“In the context of the Australian technology sector and its reputation globally, the Act’s reception has made it clear that perception matters,” it said.

Atlassian also raised concerns the Australian laws only allow a limited defence to companies and could breach foreign laws.

Home Affairs in February rejected the assertion that the Assistance and Access Act was incompatible with the US Cloud Act.

The Australian Parliament is currently considering a Bill that would allow for Australian and US law enforcement agencies to more quickly gain access to evidence in the other country under lawful orders.

Related Coverage


Source: Information Technologies - zdnet.com

Safari 14 removes Flash, gets support for breach alerts, HTTP/3, and WebP

ACMA EME tests find LTE small cells putting out less than 0.8% of exposure safety levels