Four Congressmen are proposing that states be forbidden to ask manufacturers to install encryption backdoors on their products outfitted with the technology.
The four filed a short bill this week that would deny states or parts of states from seeking alterations to products for the purpose of enabling surveillance of the user. It would also block them from seeking the ability to decrypt information that is otherwise unintelligible. The representatives filing the bill are Rep. Ted Lieu (D-Calif.), Rep. Blake Farenthold (R-Texas), Suzan DelBene (D-Wash.) and Mike Bishop (R-Mich.).
The proposal effectively would leave the decision about encryption backdoors up to Congress. It would also avoid the patchwork of laws and regulations that might arise if individual states, counties, cities and towns wrote their own rules.
The authors say such a patchwork would make selling smartphones, for example, confusing and would interfere with interstate commerce.
Already bills have been filed in New York and in California that would require manufacturers to make it possible to decrypt devices and communications when ordered to do so by a court.
These state bills are the type of response FBI Director James Comey seeks from Congress that he says would give law enforcement another tool to track criminals and terrorists. He testified earlier this week to a Senate committee that the FBI has been unable to crack the encryption on a cell phone used by the San Bernardino, Calif., couple that shot up a local health department training facility, killing 14 people.
He has testified in front of other Senate committees, twice last year, delivering a similar message.
So far besides the bill by the four congressmen, Congress has responded with a second legislative proposal to create a commission to study the matter. Some senators have talked about writing up a bill that would give Comey what he wants, but so far they haven’t filed it.
The text of the new bill is:
“A State or political subdivision of a State may not mandate or request that a manufacturer, developer, seller, or provider of covered products or services—
“(1) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or
“(2) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.