Today I learned about the "Compliance with Court Orders Act of 2016" bill, sponsored by senators Richard Burr and Dianne Feinstein. This bill was released as a "discussion draft" (see Burr And Feinstein Release Their Anti-Encryption Bill... And It's More Ridiculous Than Expected).
If this bill were to become law, in its current form, it would require any USA software developer, who distributes software that stores data, to do the following, when issued a court order (I quote):
(A) provide such information or data to such government in an intelligible format; or (B) provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order.
If this bill were to become law, in its current form, it would apply to my Vault 3, Vault 3 Outliner (Free) and Vault 3 Outliner (Paid) apps, since those applications optionally encrypt data. When given a court order, I would be required to either provide the court with the decrypted documents specified by the court order, or assist the court in decrypting those documents.
Because Vault 3 documents are encrypted with the industry-standard, 128-bit AES algorithm, and because the decryption key is neither stored on the user's device, nor transmitted to me or any other third party, there is no assistance that I could offer.
If this bill were to become law, I would be faced with this choice:
I use those apps, on a daily basis. I store private information with them. Many of my users do the same. I will never modify the apps in any way to weaken privacy and security. Consequently, I would be forced to immediately cease development and distribution of those apps. I would remove the apps from this website, and take them off of Google Play.
The encryption debate has been a popular topic in the technology news recently. There have been many calls by law enforcement, politicians and lawmakers to compel software developers to provide "backdoors" that would allow law enforcement and the courts to decrypt encrypted data. The problem, of course, is that such "backdoors" would be exploited by "bad guys".
I've heard technologically knowledgeable commentators say, again and again, that the law enforcement personnel, politicians, and lawmakers calling for "backdoors" are simply ignorant about cryptography, and don't realize that weakening security for all users will make us less safe, not more safe. I don't think that is the case. I could explain this issue to anyone in a few minutes! It's a simple issue, really, and I believe most of our political representatives involved with cryptography issues understand it. They tend to be smart people, who know how to engage with technical experts. I believe they want to keep American citizens safe. And I believe they are making a very wrong and dangerous choice by pushing for "back doors" to decrypt encrypted data.
I encourage you to make your opinion known to Senators Burr and Feinstein:
I am sending both lawmakers a very simple message, and I suggest that you do the same:
I am an American who places a high value on privacy and security, I urge you to withdraw the "Compliance with Court Orders Act of 2016" bill from the legislative process. If this bill were to become law, in its current form, it will make US citizens less safe, and will have a devastating effect on the US technology industry.
|Java Programming Tip: SWT Photo Frame Program||October 31, 2016|
|Vault 3 (Desktop) Version 1.63 Released||September 9, 2016|
|"Compliance with Court Orders Act of 2016"||April 9, 2016|
|Disable "Visual Voicemail" on Android / T-Mobile||January 17, 2016|
|IPv6 Humor||December 10, 2015|
|Java Programming Tip: Specify the JVM time zone||December 7, 2015|
|Node.js / Express Programming Tip: Detect and Fix Memory Leaks||October 27, 2015|