Bill Would Prevent States From Messing with Encryption

Featured eBooks

Disaster Recovery and Resilience
Innovations in Transit and Transportation
Cyber Threats: Preparing States and Localities
 

Connecting state and local government leaders

The bill comes amid an encryption debate that pits national security against cybersecurity.

State and local governments would be barred from passing and implementing laws that undermine encryption under a federal bill introduced by a bipartisan quartet of House lawmakers Thursday.

The bill, sponsored by Rep. Ted Lieu, D-Calif., among others, would effectively supersede any state or local law that required manufacturers to build surveillance tools into their products or to ensure customer communications or other activities could be decrypted.

The Ensuring National Constitutional Rights for Your Private Telecommunications, or ENCRYPT, Act was also sponsored by Reps. Mike Bishop, R-Mich., Suzan DelBene, D-Wash., and Jim Jordan, R-Ohio.

Lieu introduced an earlier version of the bill in 2016, which never reached a committee vote. That bill came soon after the FBI tried to compel Apple to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook.

An inspector general’s report later found the FBI did not pursue less extreme paths before taking Apple to court. That drew the ire of many cybersecurity- and privacy-focused lawmakers.

The FBI has argued since 2014 that end-to-end encryption systems, which shield customer communications from everyone except the sender and recipient, damage national security and allow terrorists and criminals to “go dark” online.

Cybersecurity and privacy advocates argue that any effort to allow law enforcement special access to encrypted communication could be exploited by criminal hackers, making consumers less secure.

So far, encryption advocates have generally carried the day in Congress.

“Any discussion of encryption and law enforcement access to data needs to happen at the federal level,” Lieu said in a statement.

“As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement,” he added.

The bill was endorsed by several industry associations and by the New America think tank’s Open Technology Institute, which advocates on cybersecurity and privacy protections.

Joseph Marks writes for Nextgov, where this story was originally published.

NEXT STORY: Monitoring Fire Truck Health in Real Time