The “Compliance with Court Orders Act of 2016”, from Committee Chairman Richard Burr and Dianne Feinstein, aims to effectively backdoor encryption in the United States according to a draft of the bill.
The bill, which has yet to be introduced, states that “A covered entity that receives a court order from a government for information or data shall – provide such information or data to such government in an intelligible format; or provide technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order.”
It defines “intelligible” as data that’s either never been encrypted or data that was encrypted and then decrypted.
A “covered entity” is defined as a device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic communication service, remote computing service, or “any person who provides a product or method to facilitate a communication or the processing of storage or data.”
The 9 page document appears to be self-contradictory as well because it says that the Act doesn’t authorize the government to require or prohibit covered entities to implement a certain design but the Act itself will be prohibiting them.
The bill never discussed what would happen if a covered entity didn’t comply with a court order.
In a joint statement, Burr and Feinstein said, “We’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill, However, the underlying goal is simple: When there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. We’re still in the process of soliciting input from stakeholders and hope to have final language ready soon.”
The pair have been widely criticized by privacy advocates everywhere. The legislative counsel with the ACLU, Neema Singh Guliani, said that the senators should stop their efforts in a statement:
“This bill is a clear threat to everyone’s privacy and security. Instead of heeding the warnings of experts, the senators have written a bill that ignores economic, security, and technical reality, It would force companies to deliberately weaken the security of their products by providing backdoors into the devices and services that everyone relies on. Senators Burr and Feinstein should abandon their efforts to create a government backdoor.”
You can find the draft of the Senate Bill in its entirety here.