Is the U.S. Senate is trying to steal your privacy while no one is looking?
(Yes, that is what's happening.)
During a global pandemic and a nation furious over police brutality, Congress is still finding time to challenge end-to-end encryption. A new effort called the Lawful Access to Encrypted Data Act -- or LAED Act -- could radically alter the way private messaging is used in America.
Brought before the Senate by South Carolina Republican Lindsey Graham, Arkansas Republican Tom Cotton, and Tennesse Republican Marsha Blackburn, the trio have positioned the bill as putting a stop to what they call “warrant-proof technology.”
Wide-ranging in its focus, an analysis from Riana Pfefferkorn of Stanford’s Center for Internet and Society shows that it “isn’t just aimed at Apple, Google, Facebook, Signal, and the like, though it certainly applies to them; it goes well beyond, to include everyone from Box and Dropbox, to the full range of Microsoft’s products, to OEM handset manufacturers.”
For the bill’s sponsors, the specter of criminal activity covered up through encryption looms large. Cotton has spoken out in extreme tones over the summer, as Civil Rights marches reached historic levels. He's calling for ten-year jail sentences for defacing military statues and at one point suggested, the American military be brought in quell protests.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said Cotton in a press statement.
But the bill’s opponents say it makes the recent EARN IT Act, itself a controversial piece of legislation, look tame.
Pfefferkorn tells Inverse that the LAED Act is a “full-frontal nuclear assault on encryption in the United States. No bill has gone as far as this bill does in terms of being an outright assault or ban on being able to offer end-to-end encryption on messaging, or being able to offer device encryption, or even being able to offer encryption for remotely stored data.
"This is the backdoor mandate that we’ve been talking about...for years, but nobody has gone so far as to introduce it before.”
The EARN IT Act also threatens end-to-end encryption but allows companies a chance to “earn” the right to the technology by establishing standards set up by a future commission. The EARN IT Act has been condemned widely by civil liberties groups, and the private messaging app Signal has threatened to shut down within the United States if it becomes law.
"My position on this is, you don’t have to pick either one.”
The LAED Act offers no such chance or commission, as the Electronic Freedom Foundation notes in a blog post. Rather, it “would give the Justice Department the ability to require that manufacturers of encrypted devices and operating systems, communications providers, and many others must have the ability to decrypt data upon request. In other words, a backdoor.”
The timing of the bill, introduced with debate on the EARN IT Act ongoing, leads advocates like Pfefferkorn to believe that it is no coincidence that comparisons between the two would suddenly arise. After all, Graham is a co-sponsor of both.
“Between the timing of the bill, and the extremity of the bill, this is intended to make the EARN IT Act look reasonable and moderate by comparison.
"My position on this is, you don’t have to pick either one," Pfefferkorn says.
While the LAED Act could affect larger apps, like Apple’s iMessage or Facebook Messenger, Pfefferkorn notes that serious damage could be inflicted on smaller companies without the funds to build backends needed to operate. Even companies with less than a million active monthly users could be forced to completely rework their products to add a back-end if directed to do so by the Attorney General.
“It basically means, get ready,” Pfefferkorn says.
With concurrent efforts to upend end-to-end encryption as it currently stands, advocates worry that one could pass. After all, high-ranking members of the Trump Administration have targeted encryption, and Democratic candidate Joe Biden once put forth a bill that showed similarities with the Trump Administration’s approach. What happens if LAED, EARN IT, or any similar legislation gets a presidential signature?
“I think people would need to think very seriously about updating their phones,” Pfefferkorn says. “Because the next update could be the one that kills the security features that you rely on...The irony of that is that...it will incentivize people not to update because there’s always gonna be bugs, in any version of an app or a mobile operating system, iOS or Android.”
Being forced to choose between an older version of an app, which could contain security flaws of its own, and an update that allows for a government back door into encrypted messages, it’s anyone’s idea of a good choice. But as the bills against encryption pile up, it’s a hypothetical that Americans concerned with privacy will have to consider.