Lawmakers renew push to preempt state encryption laws

A bipartisan group of lawmakers is renewing a push for legislation to block states from mandating that technology companies build “backdoors” into devices they produce in order to allow law enforcement access to them.

The measure is designed to preempt state and local governments from moving forward with their own laws governing encryption before the federal government acts on the issue.

{mosads}

Rep. Ted Lieu (D-Calif.), one of the bill’s sponsors, said that the measure “ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”

“Any discussion of encryption and law enforcement access to data needs to happen at the federal level,” Lieu said. “As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement.”

Reps. Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio) are co-sponsoring the legislation, which they are introducing on Thursday.

Specifically, the legislation would prohibit state and local governments from mandating that tech companies “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State or the United States,” according to a copy of the bill viewed by The Hill. 

It would also block states and localities from requiring that tech companies maintain the ability to decrypt information stored on encrypted devices that they produce. Finally, states would also not be able to prohibit manufacturers from selling products to the public because they use encryption or a similar security function.

Lieu originally introduced the bill, called the Encrypt Act, along with a group of bipartisan co-sponsors in 2016, but it never reached the House floor for a vote.

The issue of encryption has long been a source of tension between law enforcement officials and the private tech sector.

Justice Department and FBI officials have often raised the alarm over the large number of encrypted devices they have been unable to access for ongoing criminal investigations despite having relevant warrants. 

However, officials have come under fire in recent weeks after The Washington Post reported that FBI Director Christopher Wray and others have been grossly overstating the number of encrypted devices they have been unable to access.

Officials have repeatedly said that they were locked out of nearly 7,800 devices in 2017, when the actual number was likely between 1,000 and 2,000, according to the Post.

Wray and others have been pushing industry for some kind of technical fix that would allow law enforcement to access to encrypted devices in the event they need it. While officials maintain they are not looking for a “back door,” privacy advocates and others have argued that any such technical solution would inevitably weaken security. 

Attorney General Jeff Sessions acknowledged in early May that Congress may ultimately need to get involved to solve the encryption problem. Leaders on the Senate Judiciary Committee were said to be exploring potential legislation back in April, but no formal bill has been introduced. 

Meanwhile, a small group of bipartisan lawmakers in the House has introduced legislation that would block the government from mandating that tech companies install backdoors into their devices. It is unclear, however, if the legislation will gain any traction.