Senators Richard Burr and Dianne Feinstein released the official version of their anti-encryption bill today after a draft appeared online last week. The bill, titled the Compliance with Court Orders Act of 2016, would require tech firms to decrypt customers’ data at a court’s request.
The Burr-Feinstein proposal has already faced heavy criticism from the tech and legislative communities and is not expected to get anywhere in the Senate. President Obama has also indicated that he will not support the bill, Reuters reports.
“I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information — which involves strong encryption,” Sen. Burr said in a statement announcing the bill. But in spite of his stated support of strong encryption, Burr’s bill calls for the exact opposite. It requires legislation that requires communications services to backdoor their encryption in order to provide “intelligible information or data, or appropriate technical assistance to obtain such information or data.”
Sen. Feinstein weighed in too, stating, “The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
Predictably, the bill has been panned by tech trade organizations and advocacy groups. But Burr’s fellow senators are coming out against it, too — Sen. Ron Wyden tweeted that he would do “everything in [his] power” to block the bill, including filibustering it.
A similar anti-encryption bill died in California’s General Assembly yesterday. The Assembly Committee on Privacy and Consumer Protection determined that the proposed legislation, which would have mandated $2,500-per-day penalties for companies that refused to decrypt data, would place too much burden on the state’s technology companies and declined to vote on it.