The topic of encryption is not a new one and has been debated for some time in the mobile world. However, it does feel like a new topic thanks to the increased level of attention it has received lately from the media and largely thanks to a battle which ignited very quickly between Apple and the FBI. In tangent and as part of that particular battle, it came to light that a bill was being planned and put together to legalize or more specifically, make it illegal for tech companies to refuse to comply with such orders like Apple received.
Now it seems that proposed bill is edging ever closer as the draft bill proposed by Senators Richard Burr and Dianne Feinstein and entitled ‘Compliance with Court Orders Act of 2016’ has now made its way online. The details of which seem to confirm that the planned approach would be to make it law that companies must hand over requested information, or at the very least provide “appropriate technical assistance” to those requesting the information to gain access to the information. However, it seems the bill does not really dwell on the technical aspects of achieving such access and simply makes it clear that companies must comply “with all legal requirements and court orders” and also pointing out that “no person or entity is above the law.” Interestingly, the terminology does seem to make it clear that if a court order was issued to the likes of Google or Apple, they would be responsible for accessing information through additional add on encrypted services like WhatsApp. The language used does highlight that the court order under this legislation would cover features or services “by a third party on behalf of the covered entity.” So it would seem that as well as forcing companies like WhatsApp to comply with a court order, it could also force companies like Google and Apple to obtain the information of any service which uses their respective operating systems.
Of course and as to be expected, a number of critics are already becoming vocal and criticizing the content of the bill and the notion that without any real technological awareness, companies are expected to hand over data or the keys, which are typically now thought to only be held by the owner of encrypted devices. For those interested in reading the bill in full (nine pages), head through the source link below.