The Lawful Access to Encrypted Data Act is being decried as “an awful idea” by security experts.

Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant.

The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee

Chairman Lindsey Graham (R-SC), Sen. Tom Cotton (R-AR) and Sen. Marsha Blackburn (R-TN). The three argued that ending the use of “warrant-proof” encrypted technology would “bolster national security interests” and “better protect communities across the country.” Such encryption cloaks illicit behavior during criminal investigations into terrorists and other bad actors, they said.

Tech companies, security and privacy experts all staunchly disagree, arguing that the bill will instead open up a potential for abuse from law enforcement, and obstruct on the data privacy of consumers.

“Bluntly, this bill is an awful idea,” Allan Liska, solutions architect with Recorded Future, told Threatpost. “Any sort of backdoor or weakened encryption can be used by adversaries to gain access to unauthorized data, not to mention the potential for abuse by law enforcement, despite assurances to the contrary. Finally, if this bill were to pass, people who are conducting nefarious activity will just switch to tools that are built outside of the United States where there will be no backdoor access. So, the FBI will not only not be able to access the data, they won’t even be able to access unencrypted metadata that can prove very valuable in tracking down bad guys.”

Tech companies argue that the government should instead be focusing on external cybercriminal threats, rather than imposing on the privacy of data that’s protected by companies.

“At a time when cyberthreats from criminals, hackers, and nation states are on the rise, our nation’s leaders should not be calling on companies to weaken the encryption that allows us all to communicate privately and securely,” said Will Cathcart, head of WhatsApp, in a tweet.

A Facebook spokesperson added that “rolling back this vital protection will make us all less safe, not more.”

“End-to-end encryption is a necessity in modern life — it protects billions of messages sent every day on many apps and services, especially in times like these when we can’t be together,” said the spokesperson told Threatpost via email. “We are committed to continuing to work with law enforcement and fighting abuse while preserving the ability for all Americans to communicate privately and securely.”

The new bill also directs the Attorney General to create a “prize competition” that awards participants who create a “lawful access solution in an encrypted environment.” Finally, it also funds a grant program within the Justice Department’s National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations.

“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said Cotton in a statement.

Tech companies and the government have long butted heads over the issue of data privacy in the context of criminal investigations, with Federal Bureau of Investigation Director Christopher Wray previously calling unbreakable encryption an “urgent public safety issue.”

#government #privacy #apple #data analysis