U.S. Tries to Pass New Laws Regarding Encryption Policies

Laura BednarCybersecurityLeave a Comment

US Tries to Pass New Encryption Laws

Encryption continues to be a popular topic in the tech world but has expanded into mainstream news as the federal government attempts to pass laws against it. Two new pieces of legislation may alter how companies and individuals protect their data in terms of encryption access by government officials. These new decryption laws range from decrypting data on demand to designing products with backdoors built-in. While it is argued that devices without encryption would bolster national security, consumers and security researchers find it to be an invasion of their privacy and rights as Americans.

What Does this Legislation Do?

The Lawful Access to Encrypted Data Act is thought to pose serious threats to cybersecurity. These acts would amend parts of the existing framework that is in place regarding the issuance of warrants and other surveillance orders. For instance, a provider of online services would have to decrypt data on demand.

In other cases, and for smaller providers who have fewer than one million customers or annual devices sold, they would be asked to build a decryption capability for the government to access the service or device. Larger companies would have to have that design implemented before the government asks so they are prepared in the event a federal employee needs access.

The EARN IT Act, on the other hand, was originally created for a federal commission to develop recommended best practices that computer service providers could implement, prevent, and respond to the online sexual exploitation of children. It has since been amended, so that the commission may recommend practices, but a provider will not have immunity under Section 230 of the Communications Decency Act of 1996.

This immunity meant that if a provider followed best practices, then they would not be held responsible for the child sex abuse material (CSAM) that a user posted. They would remove it and report it to the proper authorities, but there would be no legal action taken against the service provider. The new commission in the EARN IT Act would set the laws surrounding that in the name of saving children but also infringes upon individual security.

Effects of the Laws if Enacted

If these acts are passed, service providers would lose their immunity under Section 230, which dovetails into other consequences. End-to-end encryption for messaging on platforms like What’s App and other social media sites would likely be prohibited because there is a possibility that CSAM material could be hidden that way. Additionally, with a potential lawsuit hanging over the heads of online platforms, the censorship of user-generated material may also be more aggressive than ever.

While tech giants seem to be generally immune to many legal attacks because of Section 230 as well as their wealth, the new legislation would force them to have a deeper look at the material being processed on their platform. However, legislation that seems to have good intentions would have other implications for individual privacy and security, such as encryption on a device. The Lawful Access to Encrypted Data Act would limit a company’s ability to offer encryption of a device for protection from hackers and other malicious cyberthreats.

Offering Quality Data Security for All

Technology companies, as well as the consumers who use their services, should not have to compromise on their security. While maintaining standards on the internet is important, it should not come at a cost. CSAM removal and using messaging and other files from a phone in a criminal investigation are important moves in preventing crime. However, infringing upon an individual’s rights to data security is not an acceptable consequence.

SecureData puts consumer’s data security first with security certifications in place for our forensic and data recovery services. We also offer hardware encrypted data storage devices that have no back doors. An intruder cannot access your personal data on the device and a user can authenticate using their own unique PIN or biometric indicators on their mobile device to unlock the drive. To learn more about how we work to protect your digital security and privacy, call 1-800-388-1266.