There’s Little Energy In Congress For Making Encryption Law

The bill with the highest profile, Burr-Feinstein, is little more than a giveaway to the FBI and NSA.

There’s Little Energy In Congress For Making Encryption Law
[Photo: jgolby via Shutterstock]

Don’t look for Congress to make a law on government access to encrypted data anytime soon. As members rush for the airport before the Memorial Day break, the high-profile standoff between Apple and the FBI over encryption backdoors is likely far from the top of their minds.


After the FBI sought to compel Apple to help it access the iPhone of San Bernardino shooter Syed Farook in mid-February, a flurry of congressional hearings took place, and two powerful senators circulated a bill that would force all companies to provide “back doors” to encrypted user data.

But the FBI has since given up conscripting Apple’s help in two separate cases in two different federal courts–one in San Bernardino and one in Brooklyn–and the issue seems to have lost some of its urgency on the Hill.

So FBI officials and Apple executives, for now, have ceased sparring in editorials, TV interviews, and court filings. But the shelving of the encryption policy debate is caused by more than just that.

Congressman Darrell Issa (R-Calif.) told Fast Company that many members of Congress are still getting educated on the technical aspects of encryption.

Both Rep. Zoe Lofgren (D-Calif.) and Senator Ron Wyden (D-Oregon) explained that many members see no way to codify in law a “middle ground” that satisfies both the data security needs of tech companies and consumers, and the need of government agencies to access that data with a court order.

There probably is no middle ground. Lofgren put it this way: “It’s either a one or a zero; you either have strong encryption or you don’t.”


The widely criticized Burr-Feinstein encryption bill (formal name: The Compliance with Orders Act of 2016), which would create backdoors into stores of private user data, was circulated in a Senate committee April 8 and is still showing little sign of advancing to the Senate floor for a vote.

The bill forthrightly places the responsibility on businesses large and small (and not just tech businesses) to build and maintain back doors into encrypted user data at their own expense, so that law enforcement can easily access the data (with a court order) during criminal or national security investigations.

Burr-Feinstein is now languishing in the Senate Intelligence Committee that Burr chairs and Feinstein co-chairs. The two sponsors have the power to bring the bill up for discussion in the committee, but can’t force a vote on the Senate floor. The bill, in its current form, wouldn’t have the votes needed for passage in the Senate, sources say.

Several members of Congress who spoke to Fast Company this week in the Capital say there’s little energy on either side of the aisle for moving the bill forward. Senator Ron Wyden (D-Oregon) told Fast Company this week he’s still planning a filibuster if the bill comes to the floor.

Tech and privacy groups lined up against the bill immediately after it appeared. The New America Foundation Open Technology Institute called it “ludicrous,” “dangerous,” and “technically illiterate.”

“The draft shows how out of touch Senate Intelligence Committee leaders Sens. Burr and Feinstein are with the needs of the American people,” said the Electronic Frontier Foundation.


Senator Feinstein was taken to task for the bill in a stinging editorial in the San Jose Mercury News. “Sen. Dianne Feinstein remains clueless on the technology issues that drive her state’s economy.” On the bill itself, the Merc said: “The Senate should trash it and look somewhere other than California for leadership on this national challenge.”

Burr has his own problems. Suffering from lack of name recognition, he’s in danger of losing his North Carolina senate seat in November.

On the House side, an encryption “work group” (don’t call it a commission) has been formed (Issa and Lofgren both participate) to investigate ways of establishing rules of the road around encryption for private tech companies and law enforcement.

But the group has met only once, and a second meeting has not been scheduled. Staffers are now out doing research and talking to experts on the subject, with the aim of eventually creating a formal report.