Gird your loins, people, the proposed “Compliance with Court Orders Act of 2016” (CCOA) is a can of worms that looks to be a direct action against the 4th Amendment to the U.S. Constitution and a repudiation of Apple. It is an act written by – get this – Sen. Dianne Feinstein of California and Sen Richard Burr (R-NC), both veterans of the Senate Intelligence Committee, and it is aimed at getting around encryption meant to ensure privacy of the consumer when it comes to gathering evidence on criminals. From WIRED:
It’s a nine-page piece of legislation that would require people to comply with any authorized court order for data—and if that data is “unintelligible,” the legislation would demand that it be rendered “intelligible.” In other words, the bill would make illegal the sort of user-controlled encryption that’s in every modern iPhone, in all billion devices that run Whatsapp’s messaging service, and in dozens of other tech products. “This basically outlaws end-to-end encryption,” says Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology. “It’s effectively the most anti-crypto bill of all anti-crypto bills.”
Or to put it mildly, put a massive dent into that little law we know as the 4th Amendment. Just to review the law as enshrined in the U.S. Constitution:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Really, honestly, Senators, have you READ the law you are not supposed to violate lately?
What the CCOA – still just proposed, and being publicized in its idiocy and unAmericanness by none other than Senator Rand Paul of Kentucky – requires is not just a virtual version of the dreaded back door longed for by both Feinstein and Burr that has generated so much vitriol and words of warning from the tech companies themselves (which will be required in apps sold via the various platforms), but for the companies to turn over the information on devices unencrypted to law enforcement who will then do the digging through it. From the bill:
“To uphold the rule of law and protect the security and interests of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive and intelligible information or data, or appropriate technical assistance to obtain such information or data.”
Really? And render any expectation of privacy via the internet, and any other electronic means, as meaningless. Encryption experts across the pantheon of the field who are still parsing the law and coming up with the faults of it say that this particular act is bad in every way possible. In fact, against Constitutional Law, it is downright dangerous and demonstrates amazing ignorance of how coding technology and encryption works.
The words are not said outright, but the implication is that this bill is retaliation to Apple for standing up and refusing to provide the government the code to break into an iPhone with sophisticated encryption.
Tom Mentzer, a spokesman for Senator Feinstein, told WIRED in a statement on behalf of both bill sponsors that “we’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill. However, the underlying goal is simple: when there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. We’re still in the process of soliciting input from stakeholders and hope to have final language ready soon.”
But when the court order itself demands the breaking of a law on a higher order it is the responsibility of the so ordered to point that out. Apple did that, and got the backing of people who understand encryption and coding, and who know that “technical assistance” is a not so veiled way of getting back door coding.
Stay tuned. This may get ugly, but the WIRED post on this issue indicates that there is not broad support on Capitol Hill or at the White House at this time for this approach.
Bankston puts it more simply. “The CCOA is DOA,” he says, coining an acronym for the draft bill. But he warns that privacy activists and tech firms should be careful nonetheless not to underestimate the threat it represents. “We have to take this seriously,” he says. “If this is the level of nuance and understanding with which our policymakers are viewing technical issues we’re in a profoundly worrisome place.”