Dueling state, federal bills would fundamentally shift encryption debate
As the debate over cell phone encryption ratchets up nationwide, state and federal lawmakers are racing to pass bills on the issue that could completely reshape the technical landscape for law enforcement officials and tech companies alike.
Since the start of the new year, legislators in New York and California have introduced nearly identical bills that would require that any cell phone manufacturer hoping to sell cell phones in those states be able to decrypt or unlock their phones upon request, a stipulation that directly contradicts the stance of tech giants like Apple and Google that have designed their devices to be impervious to decryption by default.
But earlier this month, a pair of congressmen responded with a bill of their own. Rep. Ted Lieu, D-Calif., and Rep. Blake Farenthold, R-Texas, introduced the ENCRYPT Act of 2016 in an effort to pre-empt states from passing those sorts of bills, or mandating that companies provide any other sort of “backdoor” in their devices.
“We need to stop the bills in California and New York,” Lieu told StateScoop. “We can’t have individual states decide how to encrypt products just in their own state.”
With Apple squaring off with the Department of Justice over this issue in the legal battle over access to the iPhone used by one of the shooters in the mass killing in San Bernardino, California, last year, these dueling legislative efforts now loom especially large.
The sponsors of the New York and California bills, Assembly Members Matthew Titone and Jim Cooper respectively, didn’t respond to repeated requests for comment from StateScoop on the legislation. Yet, Rod Norgaard, assistant chief deputy district attorney in the Sacramento County, California, prosecutor’s office, defended the effort in his state as an essential one.
Norgaard handles the prosecution of crimes like homicides and gang-related offenses in his county, and he said Cooper’s bill could eliminate the sort of the technological roadblocks that his office so frequently runs into in these investigations.
“We have a lot of investigations that have stalled and a lot of people that are getting away with crime because we can’t get into their phones,” Norgaard said. “It’s now becoming rarer and rarer that we get to a case where we can get into a phone.”
He noted that the prosecutor who handles human trafficking cases in his office is similarly frustrated, and there are currently eight cases where investigators are locked out of phones they believe were used to facilitate prostitution.
But digital privacy advocates are unequivocal in the belief that these issues, no matter how daunting, don’t justify the weakening of encryption. Joe Hall, chief technologist for the nonprofit Center for Democracy and Technology, likened encryption to public infrastructure to illustrate its importance in protecting privacy.
“Bad guys walk on sidewalks, they drive on streets, but infrastructure is there to protect everyone,” Hall said. “It’s not OK to reduce the security of hundreds of millions of Americans to catch one or two criminals.”
Hall also warned that creating any key to enable decryption and giving it to the government is an exceedingly risky proposition. Lieu wholeheartedly agrees, pointing to the breaches at a variety of federal agencies as evidence of the government’s security deficiencies.
“If our government can’t protect security clearance forms, one of the most sensitive documents our government has, then there’s no way anyone can have any confidence that we can protect a secret backdoor encryption key,” Lieu said. “Until we upgrade cybersecurity systems across the public and private sectors, we should not even be having this debate.”
Norgaard is dismissive of those claims, since law enforcement has had access to phones long before encryption was standard.
“The sky didn’t fall when the government could get into your phone,” Norgaard said. “It’s only done by law enforcement with a warrant.”
But Norgaard worries that privacy advocates in the state Legislature will block this effort, and he thinks federal legislation is ultimately the only way to address the issue.
“We shouldn’t lock Apple out of California, we should lock Apple out of the United States until they unlock their phones,” Norgaard said.
Indeed, Matt Mayer, a visiting homeland security fellow with the right-leaning American Enterprise Institute, worries about the potential for a “patchwork” of legislation from states on the issue should either bill pass. Hall predicts tech companies responding harshly to any state-by-state effort.
“The first thing you’d see if that happens is them closing down the Manhattan Apple stores and they’ll be in Hoboken, or Jersey City,” Hall said.
That’s partly why Lieu is working so fervently to pass his bill, currently circulating a “Dear Colleague” letter around Congress to drum up support.
Yet Mayer is concerned that even Lieu’s effort may not be enough, as Congress’ continued inaction on the overall legality of weakened encryption leaves the door open for another terror attack to change the political landscape.
“Either Congress is going to act, or it’s going to be forced to act by another terrorist attack that has us rush legislation through,” Mayer said.
Contact the reporter at alex.koma@statescoop.com, and follow him on Twitter @AlexKomaSNG.