PINDROP BLOG

Tech Coalitions Urge Reconsideration of Burr-Feinstein Bill

Several large groups of technology vendors and communications companies have written a letter urging Sens. Diane Feinstein and Richard Burr to reconsider the anti-encryption bill they have drafted, saying it would lead to “unintended, negative consequences for the safety of our networks and our customers.”

The letter was signed by members of Reform Government Surveillance, the Computer and Communications Industry Association, Internet Infrastructure Coalition, and the Entertainment Software Association. The groups comprise a long list of powerful member companies, including Google, Amazon, eBay, Microsoft, Facebook, Netflix, and Yahoo, many of which would be affected directly by the Burr-Feinstein bill. That bill, which was released in final draft form last week, includes language that would require vendors and communications companies to build methods for providing plaintext data to law enforcement agencies.

The letter sent to Burr and Feinstein says that the requirement would weaken security for users and force vendors to put the needs of law enforcement above security and privacy.

“Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences. The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security. As a result, when designing products or services, technology companies could be forced to make decisions that would create opportunities for exploitation by bad actors seeking to harm our customers and whom we all want to stop,” the letter says.

The organizations also said that attackers would target any backdoor or other method that companies design to allow law enforcement access to encryption systems.

“The bill would force those providing digital communication and storage to ensure that digital data can be obtained in ‘intelligible’ form by the government, pursuant to a court order. This mandate would mean that when a company or user has decided to use some encryption technologies, those technologies will have to be built to allow some third party to potentially have access. This access could, in turn, be exploited by bad actors,” the letter says.

The Burr-Feinstein bill is still in draft form at the moment and has not reached the Senate floor. However, opponents of the measure worry that it would damage security and the trust that users have in technology vendors.

“The encryption debate is about having more security or having less security. This legislation would effectively outlaw Americans from protecting themselves. It would ban the strongest types of encryption and undermine the foundation of cybersecurity for millions of Americans,” said Sen. Ron Wyden (D-Ore.), who promised to filibuster the bill if it moves ahead to the Senate floor.