Senator introduces a bill to ban government mandated weakenesses and access to security programs

December 5, 2014 |

A growing battle in cybersphere is that between those developing surveillance resistant and privacy enhancing technologies and governments, in particular security agencies and law enforcement bodies, who want access to some, and sometimes much more than that, data.  Encryption software of the both the made to order or the publicly available varieties are becoming cheaper and more accessible.  The Prism revelations and the overt moves by governments to increase surveillance and mandate data retention provides incentive for those who are privacy conscious to encrypt their communications when possible. An additional complication is the fact that privacy regulators regard encryption as a good data security practice.  As a result one arm of government is keen on protections while the other would like to have access notwithstanding.  Which results in governments and agencies requiring or pressuring software developers to provide details of back doors for data security programs.  Or at least identify vulnerabilities.

This development has prompted US Senator Ron Wyden, a Democrat from Oregon, to introduce the Secure Data Act to prohibit government from requiring software companies from installing back doors or security vulnerabilities into the system.

Senator Wyden issued a statement to explain the operation of the Bill (found here) which provides:

The Secure Data Act will prohibit Federal agencies from requiring that private entities design or alter their commercial information technology products for the purpose of facilitating government surveillance.

US government and independent experts have extensively documented the multi-billion dollar threat posed by constant cyber attacks from criminal organizations and foreign government-sponsored hackers. The U.S. government also urges private companies and individuals to protect sensitive personal and business data, including through the use of data security technologies such as encryption. The recent proposals from U.S. law enforcement officials to undercut the development and deployment of strong data security technologies by compelling companies to build back doors in the security features of their products work against the overwhelming economic and national security interest in better data security.

Moreover, the decision of government officials to repeatedly mislead the American public about domestic surveillance activities has resulted in an erosion of public trust. Requiring computer hardware and software companies to now create intentional gaps in their data security products to facilitate further government access to personal data will undermine the effort to restore trust in the U.S. digital economy.

Government-driven technology mandates to weaken data security for the purpose of aiding government investigations would compromise national security, economic security and personal privacy:

  • Cyber vulnerabilities weaken cybersecurity.  Once a backdoor is built in a security system, the security of the system is inherently compromised.  For example, in 2005 it was revealed that an unknown entity had exploited a “lawful intercept” capability built into Greek cellphone systems and had used it to listen to users’ phone calls, including those of dozens of senior government officials.
  • Technology mandates thwart innovation.  Companies have less incentive to invest in the development and deployment of strong new data security technologies if they are required to compromise them from the outset.
  • Mandating weak security would further erode trust in American products and services.  Information technology companies are working to regain the trust of consumers upset by revelations of government intrusions into their personal communications.  A mandate requiring companies to facilitate additional government surveillance would undermine those efforts.

The Bill is found here.

One Response to “Senator introduces a bill to ban government mandated weakenesses and access to security programs”

  1. Senator introduces a bill to ban government mandated weakenesses and access to security programs | Australian Law Blogs

    […] Senator introduces a bill to ban government mandated weakenesses and access to security programs […]

Leave a Reply