Draft of Congressional Bill Leaked: Tech Companies Would Have to Create Backdoor Access

Sen. Dianne Feinstein, D-Calif., represents a faction in government and law enforcement seeking to limit the use of encryption and force companies to build products with back doors for law enforcement agents to access.

by Sean Sposito and Carolyn Lochhead, San Francisco Chronicle / April 11, 2016
Sen. Dianne Feinstein at a July 8 Senate Intelligence Committee hearing. Video screenshot courtesy of Senate Intelligence Committee

(TNS) -- California Sen. Dianne Feinstein confirmed Friday she is seeking new legislation to compel technology companies to assist government agencies in gaining access to encrypted technology, opening a new front in a continuing battle over the issue.

A leaked draft of the legislation co-sponsored by Feinstein appeared online as the Department of Justice renewed its efforts to obtain access to an iPhone in a Brooklyn drug-dealing case and an Apple executive accused the government of attempting to expand its powers beyond what the law allows.

The rapid-fire series of events shows how the debate over encryption — the technology that safeguards government secrets, online bank transactions, medical records, and an increasing swath of personal communications — is moving to a new stage, with battle lines more clearly drawn than before.

Feinstein represents a faction in the government and law enforcement who are seeking to limit the use of encryption and force companies to build products with back doors that law enforcement agents can access.

Technology companies, alarmed by revelations of government spying and concerned that consumers will distrust them and stop using their products, want to include encryption tools that even company officials and engineers can’t break. That way, even if served with a court order, they would not be able to decode and turn over user data.

Bill draft gets leaked

Feinstein’s office confirmed to The Chronicle Friday that the senator was working with Sen. Richard Burr, R-North Carolina, on legislation to address encryption. The leaked draft called the bill the “Compliance with Court Orders Act of 2016.”

“All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rules of law and comply with all legal requirements and court orders,” reads the draft, which was posted online Thursday by The Hill reporter Cory Bennett.

In a joint statement, Burr and Feinstein said the bill remains a “discussion draft,” and would not comment on the specific language of the leaked document.

“However, the underlying goal is simple: when there's a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out,” the senators said. “No individual or company is above the law.”

‘Soliciting input’ now

Feinstein and Burr said they were still “soliciting input from stakeholders and hope to have final language ready soon.”

Such controversial legislation is highly unlikely to pass the Senate during an election year.

Reuters reported Thursday that White House sources said the legislation would also lack administration support. Reuters pointed to President Obama’s remarks last month suggesting the government should have access to encrypted information, but also to White House press secretary Josh Earnest’s remarks saying he was skeptical of legislative attempts to solve the problem.

The American Civil Liberties Union called the Feinstein-Burr bill “a clear threat to everyone’s privacy and security ... that ignores economic, security, and technical reality.”

‘Easy prey for bad actors’

Linda Moore, president and CEO of TechNet, a group representing industry executives, said the bill “could establish standards that force companies to eliminate security features that may be exploited by others who do not share law enforcement’s good intentions.” Moore warned that should it pass, “common transactions will become easy prey for bad actors” and cause customers everywhere to “lose faith in the trustworthiness of American products and choose alternatives that don’t have the same vulnerabilities.”

Meanwhile, on Friday morning, Department of Justice lawyers sent a letter to Eastern District of New York Judge Margo K. Brodie stating that the FBI continued to be unable to break into a drug dealer’s iPhone.

In late February, U.S. Magistrate James Orenstein of Brooklyn denied the Justice Department’s original request to compel Apple to assist the FBI in accessing data on the phone, saying that the government lacked legal authority to do so.

The wording of the leaked legislation suggests that its authors are trying to find a way to give law-enforcement agencies legal room to maneuver in such cases.

In March, after the FBI announced it had found a way to unlock an iPhone used by San Bernardino shooter Syed Rizwan Farook, Apple asked the Brooklyn court to postpone a hearing on the order. Company lawyers argued that the outcome of that case would affect the Brooklyn case.

“In this case, we still need Apple’s help in accessing the data, which they have done with little effort in at least 70 other cases when presented with court orders for comparable phones,” Justice Department spokeswoman Emily Pierce said.

This week, FBI Director James Comey made a speech at Kenyon College where he said that the scope of the technique used on the San Bernardino shooter’s iPhone was limited.

Various iPhone models have different hardware features and run different versions of Apple’s mobile operating system. Techniques used to defeat Apple’s protections often depend on a device’s specific configurations and can’t be applied across the board. In the San Bernardino case, for example, the iPhone was a 5C and the Brooklyn phone was a 5S, a newer model. Yet the Brooklyn phone was running an older operating system. For law-enforcement agents, dealing with all these complexities is just part of the challenge.

As Comey put it, the San Bernardino phone was “a bit of a technological corner case.”

“The world is moving on to (iPhone) 6s. This (technique) doesn't work in 6s, it doesn't work in a 5S, and so we have a tool that works on a narrow slice of phones.”

Setting a precedent

An Apple executive who spoke to reporters on a conference call Friday morning on the condition that he not be named, said the Department of Justice was trying to set a precedent in the Brooklyn case.

There reportedly are hundreds of iPhones — as well as other models of smartphones — held as evidence in cases where law-enforcement officials have said they can’t access data on the devices.

Apple is expected to file a brief in the Brooklyn case on Thursday.

©2016 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.