A bipartisan bill being put before Congress would eliminate the possibility of any future battles between Apple and the government over backdoor access to iPhones. Apple famously fought the FBI when it demanded the firm create a compromised version of iOS to access a work iPhone used by one of the San Bernardino shooters.
The Secure Data Act would ‘prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies’ …
No court may issue an order to compel a manufacturer, developer, or seller of covered products to design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by an agency.
The sole exception would be that wiretaps would still be permitted under the Communications Assistance for Law Enforcement Act. However, this exception would not allow the government to demand any weakening of end-to-end encrypted messaging services.
The bill is being introduced by three Democrats and three Republicans: Representatives Zoe Lofgren (D-CA), Thomas Massie (R-KY), Ted Poe (R-TX), Jerry Nadler (D-NY), Ted Lieu (D-CA), and Matt Gaetz (R-FL).
The Electronic Frontier Foundation welcomed the bill, noting that it finally delivers the message that you can’t create a weakness for use by the government without making it equally vulnerable to discovery and use by criminals.
This welcome piece of legislation reflects much of what the community of encryption researchers, scientists, developers, and advocates have explained for decades—there is no such thing as a secure backdoor. Just last week, EFF convened a panel of true experts on Capitol Hill to explain why government-mandated backdoors face insurmountable technical challenges and will weaken computer security for all. Given that the DOJ and FBI continue to rely on flawed theoretical approaches to key escrow in pushing for “responsible encryption,” we’re glad to see some Congress members are listening to the experts and taking this important step to protect anyone who uses an encrypted device or service.
A DOJ investigation concluded in March that the FBI inadvertently misled Congress when it said that it had exhausted all attempts to access the iPhone in the San Bernardino case.