- Last week, as leaders of the U.S Senate Select Committee on Intelligence released a draft of the Compliance with Court Orders Act of 2016.
- Chairman Richard Burr said “I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information – which involves strong encryption … I do not believe, however, that those solutions should be above the law. I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law.”
- Vice Chairman Dianne Feinstein said “No entity or individual is above the law … The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
- Separately, Microsoft filed a lawsuit against the U.S. Department of Justice that said “Over the past 18 months, federal courts have issued nearly 2,600 secrecy orders silencing Microsoft from speaking about warrants and other legal process seeking Microsoft customers’ data; of those, more than two-thirds contained no fixed end date … These twin developments — the increase in government demands for online data and the simultaneous increase in secrecy — have combined to undermine confidence in the privacy of the cloud and have impaired Microsoft’s right to be transparent with its customers, a right guaranteed by the First Amendment.”
- As Senators Burr and Feinstein seek to strengthen the government’s approach to data access and Microsoft seeks to clarify and perhaps restrain the government’s access to data, a broader set of data privacy issues continue to be debated.
- Given the complexity of data privacy, poorly crafted legislation could lead to unexpected outcomes.
- Bottom line: regardless of how public policy is crafted, encryption technology continues to evolve and law enforcement will need to adapt.