Senate Bill Prohibits Government-Mandated Backdoors

7 Important Tech Regulatory Issues In 2015

A bill introduced to the US Senate on Thursday calls for the prohibition of government-mandated backdoors or security holes in US software and hardware products.

US Senator Ron Wyden (D.-Ore.) proposed the bill, the Secure Data Act, as a way to protect Americans' data from independent and state-backed hackers, following calls from US government officials to compromise US technology products for the convenience of law enforcement.

"Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats," said Sen. Wyden in a statement. "It is the best way to protect our constitutional rights at a time when a person's whole life can often be found on his or her smartphone."

[Will the US Senate turn to third-party cybersecurity protection? Read Senate Explores Outsourcing Security Services.]

Prompted by a series of disclosures that began last year about the scope of online data gathering by the National Security Agency and other government agencies -- revelations prompted by the government documents leaked by Edward Snowden -- technology companies have been moving to implement encryption more broadly, so their security commitments don't sound hollow. Absent credible security capabilities, cloud computing and mobile devices become too risky for many businesses and individuals.

Both Apple and Google, for example, have implemented encryption their smartphones in a way that they claim prevents them from decrypting data, even if presented with a request for access by officials.

Though authorities have other avenues for obtaining data about smartphone users and their devices -- neither Apple nor Google has said it cannot access data stored in its cloud services -- the prospect of inaccessible smartphones has alarmed the FBI.

Wyden's bill comes in response to FBI director James Comey's call for technology vendors to include a way for law enforcement to access encrypted data on vendors' devices. Comey in a speech in October argued that he is asking not for a backdoor but for a front door, without explaining the ostensible distinction between the two.

"There is a misconception that building a lawful intercept solution into a system requires a so-called 'backdoor,' one that foreign adversaries and hackers may try to exploit," said Comey. "But that isn't true. We aren't seeking a backdoor approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law."

Security experts consider any breach in electronic defenses, whether referred to as a hole, door, or by some other term, a potential vulnerability. In 1996, during a previous government push for access to encrypted data, a National Research Council report argued against backdoors, noting that the burden on intelligence gathering was outweighed by the business benefits of data security.

Wyden points to the 2005 compromise of the Greek cellphone system through a lawful interception mechanism built into Ericsson's AXE network switches as an example of the risk posed by backdoors. The 2010 hacking of Google's systems in China, which prompted the company's withdrawal from mainland China, was also facilitated by a lawful interception system.

Wyden's bill may have difficulty attracting support in the Senate. Last month, the Senate narrowly failed to advance the USA Freedom Act, a bill that would have banned the NSA's collection of phone data. And Republicans, who take control of the Senate in January, have tended to be deferential to the concerns of law enforcement authorities.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.