Senator Proposes Bill to Prohibit Government-Mandated Backdoors in Smartphones

Just because data on your smartphone is encrypted doesn’t mean law enforcement couldn’t demand that whoever made your phone decrypt it.

Image from file404/Shutterstock

Revelations about the NSA have led to a broader awareness that government agencies often demand backdoors in encryption. Google and Apple even added security in their new mobile operating systems that makes it impossible for them to decrypt user data. That way they can’t be compelled to hand anything over to law enforcement.

Needless to say, government agencies are not happy about this. FBI Director James Comey feels that providing true, uncompromised encryption to consumers means, “marketing something expressly to allow people to place themselves above the law.” But on Thursday, Sen. Ron Wyden, D-Ore., introduced a bill called the Secure Data Act that would generally prohibit government agencies from demanding backdoors in software or hardware. He said in a statement:

Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats. It is the best way to protect our constitutional rights at a time when a person’s whole life can often be found on his or her smartphone. … This bill sends a message to leaders of those agencies to stop recklessly pushing for new ways to vacuum up Americans’ private information, and instead put that effort into rebuilding public trust.

Bills aimed at curtailing surveillance have failed to pass in the Senate this month (also most of the time), and the Secure Data Act will probably face the same uphill battle. As Ars Technica points out, an amendment similar to the Secure Data Act passed the House in June, but never became a bill.

It’s worth noting, though, that the Secure Data Act doesn’t actually prohibit backdoors—it just prohibits agencies from mandating them. There are a lot of other types of pressure government groups could still use to influence the creation of backdoors, even if they couldn’t flat-out demand them.

Here’s the wording in the bill: “No agency may mandate that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.”