US senators take aim at encryption as draft bill is leaked

Draft bill by Feinstein and Burr would apparently make end-to-end encryption used by Apple and WhatsApp illegal

American senators Dianne Feinstein (Democrat, California, pictured) and Richard Burr (Republican, North Carolina), both members of the US Senate Intelligence Committee, have been working on an anti-encryption bill, a draft version of which was leaked last week. The draft bill, which has the working title Compliance with Court Orders Act of 2016, requires technology companies to provide data "in an intelligible format" on receipt of a court order "or warrant issued by any competent jurisdiction".

The document states that anyone receiving a judicial order for data "must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data".

This data includes "information stored remotely on a device proved, designed, licensed, or manufactured by a covered entity [tech company or service provider]".

The draft bill indicates that the US government will not enforce the introduction of backdoors into hardware and software, but while it does not mention end-to-end encryption (an architecture in which the vendor does not hold the encryption keys and is therefore unable to decrypt a users' data) by name, the stipulation that companies must be able to decrypt data on order would seem to be a move towards making this illegal.

Potentially companies such as Apple, whose latest devices are end-to-end encrypted, and Facebook (owner of WhatsApp, which recently introduced end-to-end encryption to its messaging service) would be in contempt of court if they were unwilling or unable to provide data on government demand.

What the senators propose to do about encrypted devices that are produced outside the US, or about open-source encryption software that can be downloaded for free is unclear. The draft bill, which is likely to be officially circulated this week, makes no mention of these issues.

The provisions in the draft bill will be unpopular with US technology companies. During the recent Apple vs FBI case Google, Facebook, Snapchat, Amazon, Microsoft and Twitter all voiced support for Apple's position.

Others have expressed concern about the range of the authorities that could potentially demand data under the draft bill.

"On its face, the Feinstein-Burr bill isn't just limited to law enforcement/intel - any court order, even civil, would qualify! Gee whiz," tweeted digital rights lawyer Kevin Bankston.

The senators have said that the leaked draft is not the final version.

"We're still working on finalising a discussion draft and as a result can't comment on language in specific versions of the bill," said Tom Mentzer, a spokesman for Feinstein in a statement.