+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Groups representing Google, Netflix, Microsoft, and Apple are slamming the latest bill that aims to limit tech security

Apr 20, 2016, 19:16 IST

Burr, McCain and Ayotte hold a news conference to talk about new legislation to restrict prisoner transfers from the detention center at Guantanamo Bay, at the U.S. Capitol in WashingtonThomson Reuters

One of the big upcoming battles for the tech industry is whether Congress will pass a law limiting the ability to build strong privacy measures into products like Facebook's WhatsApp or Apple's iPhone and iMessage.

Advertisement

While the House holds preliminary hearings, the Senate is further along, with Senators Richard Burr and Dianne Feinstein, both on the Senate Intelligence Committee, presenting a draft of legislation that has been called "clueless and unworkable" by computer security experts.

Now the tech industry has weighed in on Feinstein-Burr, via an open letter published earlier this week endorsed by four trade associations, and they're not happy about the draft.

The open letter was signed by Reform Government Surveillance, the Computer and Communications Industry Association, the Internet Infrastructure Coalition, and the Entertainment Software Association, which represent a huge amount of major tech companies, including Amazon, Google, Netflix, Microsoft, and Apple.

In the letter, the trade groups point out that tech companies currently regularly respond and comply with legal processes and emergency requests for data. The also note that even if the United States passes the anti-encryption bill, companies based outside the country can continue to offer strong encryption.

Advertisement

Here's the full text:

Dear Chairman Burr and Vice-Chairman Feinstein:

We write to express our deep concerns about well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm. We believe it is critical to the safety of the nation's, and the world's, information technology infrastructure for us all to avoid actions that will create government-mandated security vulnerabilities in our encryption systems.

As member companies whose innovations help to drive the success and growth of the digital economy, we understand the need to protect our users' physical safety and the safety of their most private information. To serve both these interests, we adhere to two basic principles. First, we respond expeditiously to legal process and emergency requests for data from government agencies. Second, we design our systems and devices to include a variety of network- and device-based features, including but not limited to strong encryption. We do these things to protect users' digital security in the face of threats from both criminals and governments.

Any mandatory decryption requirement, such as that included in the discussion draft of the bill that you authored, will to lead to unintended consequences. The effect of such a requirement will force companies to prioritize government access over other considerations, including digital security. As a result, when designing products or services, technology companies could be forced to make decisions that would create opportunities for exploitation by bad actors seeking to harm our customers and whom we all want to stop. The bill would force those providing digital communication and storage to ensure that digital data can be obtained in "intelligible" form by the government, pursuant to a court order. This mandate would mean that when a company or user has decided to use some encryption technologies, those technologies will have to be built to allow some third party to potentially have access. This access could, in turn, be exploited by bad actors.

Advertisement

It is also important to remember that such a technological mandate fails to account for the global nature of today's technology. For example, no accessibility requirement can be limited to U.S. law enforcement; once it is required by the U.S., other governments will surely follow. In addition, the U.S. has no monopoly on these security measures. A law passed by Congress trying to restrict the use of data security measures will not prevent their use. It will only serve to push users to non-U.S. companies, in turn undermining the global competitiveness of the technology industry in the U.S. and resulting in more and more data being stored in other countries.

We support making sure that law enforcement has the legal authorities, resources, and training it needs to solve crime, prevent terrorism, and protect the public. However, those things must be carefully balanced to preserve our customers' security and digital information. We are ready and willing to engage in dialogue about how to strike that balance, but remain concerned about efforts to prioritize one type of security over all others in a way that leads to unintended, negative consequences for the safety of our networks and our customers.

Signed,

Reform Government Surveillance

Computer & Communications Industry Association

Advertisement

Internet Infrastructure Coalition (I2C)

The Entertainment Software Association

NOW WATCH: This 309-square-foot micro apartment has a home theater, full kitchen, and even a guest bedroom

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article