Reject the proposed Lawful Access to Encrypted Data Act, a well-meaning anti-crime bill in the US Senate that goes too far against privacy
On June 23, 2020 a bill was introduced in the US Senate by Senators Lindsay, Cotton, and Blackburn labelled the Lawful Access to Encrypted Data Act (LAEDA) to require technology vendors to provide law enforcement agencies a so-called “back door” mechanism to access encrypted data when presented with a lawful warrant. The bill, to give its authors the benefit of the doubt, is a well-meaning anti-crime initiative to crack and track encrypted communications by terrorists, human traffickers, drug dealers, criminal cartels, and other nefarious organizations or individuals. To its credit, at least the stipulation of a court-ordered warrant was included.
We infer that the bill envisions that a) vendors of communications hardware and software and other technologies would create and retain a “back door” decryption key so that they, in addition to the content owners, have the ability to decrypt documents, messages, audio/video content, etc.; b) upon presentation of a warrant by a law enforcement agency, the vendor would provide the agency the means to access and decrypt the encrypted content.
While such a bill would likely lead to easier prosecution of criminal elements who use encrypted communications to hide their illegal operations, it has many unintended side-effects with undesirable consequences that may not have been envisioned and that have a chilling effect on privacy of the innocent.
1. LAEDA severely weakens the value of encryption to law-abiding users
It weakens encryption’s value to ordinary citizens and professionals, creating new security risks. Imagine this analogy: your local law enforcement department requires you to hide a master key to your back door in the back yard of your house or apartment building, and to file a report depicting where the key is located. Then upon a perceived emergency, law enforcement could enter your back door. Inevitably criminals and other bad actors will discover the location of this back door key, and security and safety is reduced for everyone.
The moral of the analogy is that a backdoor decryption key will ultimately be discovered and abused by the very criminals and terrorists from whom law enforcement is trying to protect us. Or it could be abused by dishonest employees of the technology vendor or “bad apples” within law enforcement or government itself. The benefit of end-to-end encryption technologies -- that only the content owners can decrypt their content while the vendor has zero-knowledge concerning the content owner -- is neutralized.
2. Lawful Access to Encrypted Data Act may result in unintended crime increase
If the backdoor key is known to the vendor and is discovered by a dishonest employee leak, an act of espionage, “bad apples” in law enforcement, hackers, or other criminals, there could very conceivably be increased crime on multiple fronts: blackmail, intellectual property theft, espionage, political persecution, etc.
3. Drive technology outside the US
If US law effectively ends strong encryption, technology vendors could move to other countries, or new encryption technologies could emerge in other countries, technologies that criminals could use, even if banned by US law. As a real example, the providers of Signal, the encrypted instant messaging app, have already announced their intent to withdraw from the US market if such legislation were passed.
4. Abuse by government
Authoritarian governments could very conceivably discover the existence of the backdoor key and pursue political opposition and abuse human rights. Even in the US, we have seen abuse of the FISA courts (Foreign Intelligence Surveillance Act) whereby a warrant was granted too easily.
5. Privacy is a basic right
The principled argument that privacy is a basic right is of concern to many people. Just as you can talk to someone face-to-face without fear of being overheard, you should be able to message someone and share intellectual property, personal finances, political critique, intimate messages, trade secrets, private thoughts, etc. without fear of being overheard.
The LAEDA may be well-meaning, crime-fighting proposed legislation, but its chilling ramifications on the privacy of ordinary citizens leads us to conclude that it be rejected in its current form. We suggest that you contact your senators.