EncryptionThe ENCRYPT Act protects encryption from U.S. state prying
It’s not just the DOJ and the FBI that want to compromise your right to private communications and secure devices—some state lawmakers want to weaken encryption, too. In recent years, a couple of state legislatures introduced bills to restrict or outright ban encryption on smartphones and other devices. Fortunately, several Congress members recently introduced their own bill to stop this dangerous trend before it goes any further.
It’s not just the Department of Justice and the FBI that want to undermine your right to private communications and secure devices—some state lawmakers want to weaken encryption, too. In recent years, a couple of state legislatures introduced bills to restrict or outright ban encryption on smartphones and other devices. Fortunately, several Congress members recently introduced their own bill to stop this dangerous trend before it goes any further.
The bill is called the ENCRYPT Act. EFF gladly supports it and thanks Representatives Ted Lieu (D-CA), Mike Bishop (R-MI), Suzan DelBene (D-WA), and Jim Jordan (R-OH) for sponsoring and co-sponsoring the bill.
Encryption—the technology used to secure data on phones and computers and keep digital messages safe from eavesdroppers—is under threat around the world. In the U.S., some of those threats have come from the Department of Justice and FBI, which want technology companies to purposefully and irresponsibly weaken encryption so that law enforcement can more easily get their hands on the contents of encrypted data and messages.
But the threats have come from individual U.S. states, too.
Two years ago, lawmakers in California and New York introduced statewide legislation that would’ve significantly limited their residents’ access to encrypted devices and services. In California, for example, Assembly Bill 1681 would have originally required that any smartphone sold in the state be “capable of being decrypted and unlocked by its manufacturer or its operating system provider.” To help compel this, manufacturers could have been subject to fines of $2,500 for every non-compliant device sold in the state.
This piecemeal approach to encryption is not just wrong-headed, it simply won’t work. If state legislatures individually meddle with encryption policy, we could see a landscape where Illinois residents can buy the latest iPhone and download messaging apps like Signal and WhatsApp, but Californians can’t. But the California and New York state bills, intended to help law enforcement catch criminals, ignored the reality that people could still cross into states where the technology is unrestricted to purchase encrypted devices. What’s more, it would be trivially easy for anyone to download encrypted messaging apps online, regardless of state laws.
The ENCRYPT Act would make sure this scenario doesn’t come to pass. In fact, the bill was originally introduced in 2016 as a bulwark against the California and New York state bills—both of which failed on their own.
The ENCRYPT Act would prevent U.S. states and local governments from compelling companies to weaken their encrypted products or store decryption keys for use on demand by law enforcement. It would also prevent states from prohibiting the sale and offering of certain devices and services based solely on their encryption capabilities. That means everyone across the United States, no matter what state they live in, could have equal access to strong encryption.
Of course, there are threats to encryption at the federal level as well, which is why EFF also supports the Secure Data Act. The Secure Data Act, which also has bipartisan sponsorship, would act as a perfect complement to the ENCRYPT Act by prohibiting courts and federal agencies from mandating weakened encryption or otherwise intentionally introducing security vulnerabilities. Together, the two bills would go a long way toward ensuring that strong encryption remains free of government interference in the United States.
In the meantime, the ENCRYPT Act gets encryption policy right. Your zip code shouldn’t determine your digital security.
David Ruiz is a writer covering NSA surveillance and federal surveillance policy for EFF’s activism team. This article is published courtesy of the Electronic Frontier Foundation (EFF).