Eric Bergman-Terrell's Blog

"Compliance with Court Orders Act of 2016"
April 9, 2016

Today I learned about the "Compliance with Court Orders Act of 2016" bill, sponsored by senators Richard Burr and Dianne Feinstein. This bill was released as a "discussion draft" (see Burr And Feinstein Release Their Anti-Encryption Bill... And It's More Ridiculous Than Expected).

If this bill were to become law, in its current form, it would require any USA software developer, who distributes software that stores data, to do the following, when issued a court order (I quote):

(A)  provide   such   information    or   data   to 
such  government  in  an  intelligible  format;  or 
(B)  provide  such  technical   assistance   as  is 
necessary   to  obtain   such  information   or  data  in 
an  intelligible  format   or  to  achieve  the  purpose 
of  the  court  order. 

If this bill were to become law, in its current form, it would apply to my Vault 3, Vault 3 Outliner (Free) and Vault 3 Outliner (Paid) apps, since those applications optionally encrypt data. When given a court order, I would be required to either provide the court with the decrypted documents specified by the court order, or assist the court in decrypting those documents.

Because Vault 3 documents are encrypted with the industry-standard, 128-bit AES algorithm, and because the decryption key is neither stored on the user's device, nor transmitted to me or any other third party, there is no assistance that I could offer.

If this bill were to become law, I would be faced with this choice:

  1. Stop developing, supporting, and distributing the applications.
  2. Update the applications to make the decryption keys available to me, or the court, so that I could assist in decrypting the documents.

I use those apps, on a daily basis. I store private information with them. Many of my users do the same. I will never modify the apps in any way to weaken privacy and security. Consequently, I would be forced to immediately cease development and distribution of those apps. I would remove the apps from this website, and take them off of Google Play.

The encryption debate has been a popular topic in the technology news recently. There have been many calls by law enforcement, politicians and lawmakers to compel software developers to provide "backdoors" that would allow law enforcement and the courts to decrypt encrypted data. The problem, of course, is that such "backdoors" would be exploited by "bad guys".

I've heard technologically knowledgeable commentators say, again and again, that the law enforcement personnel, politicians, and lawmakers calling for "backdoors" are simply ignorant about cryptography, and don't realize that weakening security for all users will make us less safe, not more safe. I don't think that is the case. I could explain this issue to anyone in a few minutes! It's a simple issue, really, and I believe most of our political representatives involved with cryptography issues understand it. They tend to be smart people, who know how to engage with technical experts. I believe they want to keep American citizens safe. And I believe they are making a very wrong and dangerous choice by pushing for "back doors" to decrypt encrypted data.

I encourage you to make your opinion known to Senators Burr and Feinstein:

Contact Senator Richard Burr (North Carolina)
Contact Senator Dianne Feinstein (California)

I am sending both lawmakers a very simple message, and I suggest that you do the same:

I am an American who places a high value on privacy and security, I urge you to withdraw the 
"Compliance with Court Orders Act of 2016" bill from the legislative process. If this bill were to 
become law, in its current form, it will make US citizens less safe, and will have a devastating 
effect on the US technology industry.
Keywords: Vault 3, Encryption, Privacy, Decryption, "back doors", Security

Reader Comments

Comment on this Blog Post

Recent Posts

TitleDate
Java Programming Tip: SWT Photo Frame ProgramOctober 31, 2016
Vault 3 (Desktop) Version 1.63 ReleasedSeptember 9, 2016
"Compliance with Court Orders Act of 2016"April 9, 2016
Disable "Visual Voicemail" on Android / T-MobileJanuary 17, 2016
IPv6 HumorDecember 10, 2015
Java Programming Tip: Specify the JVM time zoneDecember 7, 2015
Node.js / Express Programming Tip: Detect and Fix Memory LeaksOctober 27, 2015