Bill Would Ban State Efforts to Weaken Encryption

Reps. Ted Lieu, D-Calif., and Blake Farenthold, R-Texas, are challenging state-level proposals to restrict Americans’ ability to encrypt their phones. They say states shouldn’t preempt Congress and the White House by legislating against encryption while a national debate is ongoing.

Lieu, one of four members of Congress with a computer science degree, partnered with Farenthold, a member of both the House Oversight and House Judiciary committees, to introduce a bill on Wednesday — the “ENCRYPT Act of 2016” — that would stop states from individually trying to make companies change their technology to suit law enforcement needs.

New York District Attorney Cyrus Vance Jr. is one of many law enforcement officials arguing that their ability to obtain evidence on criminals’ devices — most often cellphones — is becoming impossible, because only the owner of that device can unlock it. Not even the company holds onto a copy of the passcode.

FBI Director James Comey said during a Senate Intelligence Committee hearing on Tuesday that locked phones are “overwhelmingly affecting local law enforcement.”

But technologists are practically unanimous in agreeing that forcing technology companies to provide anything less than the strongest encryption — for instance, by compelling them to provide some sort of backdoor so law enforcement can access unencrypted communications — leads to undue risk that criminal hackers will be able to abuse those new vulnerabilities.

Lieu, in an interview, said law enforcement should be more concerned about its own cybersecurity practices than about limiting what’s available to the public. “When the Department of Justice and FBI were hacked, it put to rest the notion of having a backdoor in encryption,” Lieu said, referring to this week’s hacker release of DOJ and DHS employee records.

The new bill, supported by the App Association, the Niskanen Center, the Internet Technology Industry Council, and the Internet Association, comes on the heels of two proposed state-level bills — in California and New York — attempting to ban certain types of phone encryption.

The New York bill, first proposed last year and reintroduced in January, would require that all smartphones sold in New York “be capable of being decrypted” either by the manufacturer or the owners of the operating system. A California legislator followed suit, introducing a bill to outlaw the sale of phones with full disk encryption, which makes it impossible to access the contents without the passcode.

Legal and technological experts have said the two bills are unlikely to pass as is, because they’re flawed, possibly impossible to implement, and potentially illegal. But the New York proposal could come up for a vote this year, and has support from Vance.

States shouldn’t make that call, the congressmen argue. “As Congress explores the appropriate response to encryption technology, a new and destabilizing front has opened up as state legislators have taken measures into their own hands,” Lieu and Farenthold wrote in a letter to their colleagues in Congress.

“We are deeply concerned that a patchwork system with different encryption requirements in every state would not only undermine national security — it would also threaten the competitiveness of American companies and dampen innovation.”

Ryan Hagemann, a technology and civil liberties policy analyst for the libertarian Niskanen Center, wrote in an email to The Intercept that federal preemption makes sense in this case. “The ENCRYPT Act won’t put a nail in the coffin of the ongoing encryption debate, but it will help forestall some of the bad legislation we see coming out of states like California and New York,” he wrote.

“Adding to the complexity of this debate by permitting a schizophrenic patchwork of legal regimes at the state level is not a good policy prescription.”