U.S. Senator Ron Wyden on Thursday introduced a bill that would prevent the government from forcing companies to design backdoors or security vulnerabilities into their products to aid surveillance.
The Secure Data Act aims to preempt moves by the government to better eavesdrop over newer communications technologies, and is part of an overall bid by some legislators to place curbs on extensive government surveillance.
A key legislation that would put curbs on the bulk collection of phone records by the U.S. National Security Agency, called the USA Freedom Act, could not move towards a final vote on the legislation in the Senate last month, despite backing from the administration of U.S. President Barack Obama.
Wyden said his bill comes in the wake of proposals by U.S. government officials to compel companies to build backdoors in the security features of their products. "Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats," Wyden said in a statement Thursday.
The U.S. Congress should pass a law requiring that all communication tools allow police access to user data, U.S. FBI Director James B. Comey said in October.
The Communications Assistance for Law Enforcement Act, or CALEA, which requires telecommunications carriers and broadband providers to build interception capabilities for court-ordered surveillance, was enacted 20 years ago, and does not cover newer communications technologies, Comey said in a speech to the Brookings Institution.
"The issue is whether companies not currently subject to the Communications Assistance for Law Enforcement Act should be required to build lawful intercept capabilities for law enforcement," Comey said.
Apple and Google had recently announced that they would start encrypting iOS and Android user data by default, a plan that didn't go down well with Comey.
Wyden, a Democrat from Oregon, counters that government-driven "technology mandates to weaken data security for the purpose of aiding government investigations would compromise national security, economic security and personal privacy."
A backdoor built into a security system inherently compromises it, and companies will have less incentive to invest in new strong data security technologies, he said. Mandating backdoors would also further erode consumer trust in these products and services, which was already hit by revelations of government surveillance.
The Senate bill aims to establish that no agency may mandate that a manufacturer, developer, or seller of computer hardware, software or an electronics device available to the public should design or change its security functions for the purpose of surveillance of any user or for the physical search of a product, unless the product is already covered under CALEA.
Wyden said his legislation builds on a bipartisan effort in the U.S. House of Representatives, which approved an amendment by Representatives Thomas Massie and Zoe Lofgren to prohibit electronic vulnerability mandates in June.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.