Crypto-Wars Escalate: Congress Plans Bill To Force Companies To Comply With Decryption Orders

Seemingly angered at the temerity of Apple's Tim Cook's defense of individual's privacy and security, Congress has escalated the 'crypto-wars' that are dividing Washington and Silcon Valley. In its most directly totalitarian move yet, WSJ reports that Senate Intelligence Committee Chairman Richard Burr (R., N.C.) is working on a proposal that would create criminal penalties for companies that don’t comply with court orders to decipher encrypted communications. It seems Edward Snowden was right, The FBI is creating a world where citizens rely on Apple to defend their right, rather than the other way around.

Liberty Blitzkrieg's Mike Krieger provides some much-needed background in the escalation of the crypto-wars. The feds, and the FBI in particular, have been very vocal for a long time now about the desire to destroy strong encryption, i.e., the ability of citizens to communicate privately. A year ago, I wrote the following in the post, By Demanding Backdoors to Encryption, U.S. Government is Undermining Global Freedom and Security:

One of the biggest debates happening at the intersection of technology and privacy at the moment revolves around the U.S. government’s fear that the American peasantry may gain access to strong encryption in order to protect their private communications. Naturally, this isn’t something Big Brother wants to see, and the “solution” proposed by the status quo revolves around forcing technology companies to provide a way for the state to have access to all secure communications when they deem it necessary.


Many technology experts have come out strongly against this plan. Leaving aside the potential civil liberties implications of giving the lawless maniacs in political control such power, there’s the notion that if you create access for one group of entitled people, you weaken overall security. Not to mention the fact that if the U.S. claims the right to such privileged access, all other countries will demand the same in return, thus undermining global privacy rights and technology safeguards.


We are already seeing this play out in embarrassing fashion. Once again highlighting American hypocrisy and shortsightedness, as well as demonstrating that the U.S. government does’t actually stand for anything, other than the notion that “might means right.” Sad.

And today's decision by Tim Cook not to comply with the government's latest demands confirms what Edward Snowden noted on Twitter:


Krieger adds that Tim Cook deserves tremendous credit for the courage to come out and so aggressively and publicly denounce what the FBI is trying to do.  

If he hadn’t decided to publicly challenge the court order and write a detailed treatise on precisely why, the American citizenry would be left completely in the dark. This would be an unethical and unacceptable position.


Second, this case could very well be headed up to higher courts. The greatest risk in these sorts of cases revolves around judicial ignorance when it comes to technology issues. The government knows all too well that most judges are clueless when it comes to tech, and that all they have to do is scaremonger with the word “terrorism” and judges will almost always default to the government position. Cook’s very public stance will at least shine some light on the issue and hopefully fuel robust, intelligent public debate which could inform judges ahead of being presented with technology related cases they don’t really understand.

Which is perhaps why Congress is escalating the situation, as The Wall Street Journal reports,

Senate Intelligence Committee Chairman Richard Burr (R., N.C.) is working on a proposal that would create criminal penalties for companies that don’t comply with court orders to decipher encrypted communications, four people familiar with the matter said, potentially escalating an issue that is dividing Washington and Silicon Valley.




Mr. Burr hasn’t finalized plans for how legislation would be designed, and several people familiar with the process said there hasn’t been an agreement among any other lawmakers to pursue criminal penalties. It’s also unclear whether Mr. Burr could marshal bipartisan support on such an issue during an election year that has divided Washington in recent months.


The bill could be written in a way that modifies the Communications Assistance for Law Enforcement Act, a 1994 law that compels telecommunications companies to construct their systems so they can comply with court orders.




Mr. Burr has spent months pressuring technology companies to work more closely with law enforcement and others to prevent encryption tools from being used to plan and carry out crimes. He warned technology firms that they need to consider changing their “business model” in the wake of the widening use of encrypted communications.

Read that last sentence again!! Since the scale of criminal penalty could be anything - as opposed to the 'cost of doing business' fines associated with the US banking system - this theoretically forces tech companies to comply, no matter what.

The critical question then, once again, as Mike Krieger concludes, is:

Do we really want to sacrifice overall privacy and security in order to get information from one person’s phone?

Or what about the following question posed by cryptography professor Matthew Green:


These are enormous questions with tremendous implications. I just hope we as a society choose wisely.