ENCRYPT Act preempting state and local anti-encryption laws introduced with bipartisan support

June 7, 2018

Lawmakers in the House revived a proposal Thursday that would preempt state and local governments from implementing legislation restricting encryption and leave the matter instead to their representatives to Washington.

Spearheaded by Rep. Ted Lieu, California Democrat, the bipartisan Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act would supplant non-federal laws to “ensure a uniform, national policy for the interstate issue of encryption technology,” his office said in a statement.

First introduced in February 2016, the bill would prohibit states and other municipalities from requiring that technology companies alter the security features of their products, effectively thwarting any legislation mandating so-called encryption “backdoors” designed to let authorities decipher user data.

“As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation and ultimately law enforcement,” said Mr. Lieu. “Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way.”

Technologists have warned that backdoors would weaken security and place user data at risk of being exploited by individuals other than authorities, placing them at odds with law enforcement officials concerned that criminals and terrorists are evading investigators by securing their communications with digital encryption.

Mr. Lieu first introduced the bill in response to anti-encryption proposals that emerged in states including New York and California after the Department of Justice said the FBI was unable to access the contents of an encrypted Apple iPhone owned by Syed Farook, a suspected terrorist killed following a Dec. 2015 mass shooting in San Bernardino.

The Department of Justice sued Apple in 2016 seeking the company’s assistance in cracking into Farook’s iPhone, but the government ultimately dropped the litigation after contracting the hacking services of a professional security firm. Mr. Lieu’s offered his first iteration of the ENCRYPT Act in the interim, meanwhile, and that bill garnered the support of seven co-sponsors before ultimately stalling in committee.

Three congressmen have co-sponsored the revived bill as of Thursday, including Rep. Jim Jordan, Ohio Republican, and two of the original bill’s co-sponsors, Rep. Mike Bishop, Michigan Republican, and Rep. Suzan DelBene, Washington Democrat.

“When 50 states have different laws on encryption, it undermines our efforts to protect innocent Americans from bad actors who are looking to snatch personal data for their own nefarious uses,” said Ms. DelBene.

“By creating a unified approach to encryption, we can protect security and privacy while allowing law enforcement to continue keeping us safe,” added Mr. Jordan.

No federal laws currently exists requiring encryption backdoors, but Justice Department officials including both Attorney General Jeff Sessions and Deputy Attorney General Rod Rosenstein have suggested that Congress consider legislation.

Earlier this week, meanwhile, a coalition of 21 groups pressed the Justice Department’s inspector general to investigate the circumstances that resulted in Mr. Sessions and FBI Director Christopher Wray, among others, repeatedly touting a bogus statistic that grossly inflatedthe number of encrypted cellphones federal investigators have lawfully seized but been unable to access data from.