A few days ago, a group of Republican senators introduced a controversial bill that for many cybersecurity specialists poses a serious threat to the use of encryption in the U.S. The project, known as the “Legal Access to Encrypted Data Act 2020” (LAED), aims for technology companies to be prohibited from providing end-to-end encryption on any online platform.
The drivers of this law are intended to apply to any technological implementation, including operating systems, mobile applications, messaging services, social networks, video conferencing platforms, cloud storage services, smartphones and even video game consoles and Internet of Things (IoT) devices with more than 1GB of storage capacity.
According to the project, the authorities will only have to file a court order for suppliers to submit the requested information without encryption and in a readable format. Law enforcement agencies should only show “reasonable grounds” for judges to order the issuance of such an order. Providers can even appeal court orders, which could lead to non-enforcement of this law in specific cases.
Although the LAED project seems to resort to data decryption only under completely necessary circumstances, this is much worse than it sounds. When talking about access to information only in exceptional cases, this is a phrase that suggests a limited and malleable concept. In practice, what this bill would require is the implementation of a massive backdoor incorporated into any technological development on a mandatory basis; in other words, the approval of this project would mean the end of encryption in the United States.
In the first instance, this would lead to the forced removal of communication platforms such as WhatsApp, Signal, Apple’s iMessage, among others, as they would not meet the security requirements to remain available on the Google Play Store and App Store. On the other hand, the condition “only with a court order” doesn’t really mean much given how easy it is to comply with this process.
Eventually, companies would be forced to reinvent their technology, preparing to remove encryption; In other words, companies will have to sell technology with serious vulnerabilities, exposing users to acting on malicious hackers.
Multiple members of the cybersecurity community urge senators to vote against the project, considering this to be a highly intrusive measure, especially in the context of the pandemic, when individuals and companies have relied on the use of communication and information technologies. This is a crucial time for cybersecurity, and citizens need to be supported by law makers and tech companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.