Latest U.S. ‘Anti-Encryption’ Bill Threatens Security of Millions Thumbnail
Encryption 7 July 2020

Latest U.S. ‘Anti-Encryption’ Bill Threatens Security of Millions

Kenneth Olmstead
By Kenneth OlmsteadSenior Internet Security and Privacy Expert
Ryan Polk
Ryan PolkDirector, Internet Policy

The Lawful Access to Encrypted Data Act recently introduced to U.S. Congress may be the worse in a recent string of attacks on encryption, our strongest digital security tool online.

While the recently-amended EARN IT Act would leave strong encryption on unstable ground if passed into law, the Lawful Access to Encrypted Data Act (LAEDA) is a direct assault on the tool millions of people rely on for personal and national security each day.

LAEDA would facilitate the death of end-to-end encryption by forcing companies to provide “technical assistance” to access encrypted data upon request by law enforcement investigations.

The problem is the only way for companies to comply would be to build backdoors into their products and services, or not use encryption at all, making everyone more vulnerable to the same crime we are all trying to prevent. To be clear – we’re talking about the same encryption used to keep activities like online banking, working from home, telehealth, and talking with friends secure online.

The Internet Society raised its concerns in an open letter to the co-sponsors of LAEDA in the Senate, which was signed by over 75 global cybersecurity experts, civil society organizations, companies, and trade associations. According to signatories, the bill “is too technically flawed to be effective and will force companies to make their products less secure.”

To make matters worse, the proposed LAEDA is only the most recent attack on end-to-end encryption from a member of the Five Eyes alliance (the United States, United Kingdom, Canada, Australia, and New Zealand).

United States supporters of “backdoor access” are following the footsteps of the United Kingdom’s Investigatory Powers Act and Australia’s “Assistance and Access” or TOLA Act. Similar to these laws, which it is clearly modeled on, LAEDA would require companies or their employees to comply with government demands for “technical assistance” in law enforcement investigations. These requirements would inevitably force companies to build encryption backdoors.

We’ve said it before, and it’s worth repeating:

There is no way to provide backdoor access to end-to-end encrypted data without weakening security for all users.

The Lawful Access to Encrypted Data Act would not only make Americans more at risk to the crime it’s trying to prevent – but everyone worldwide who relies on American products and services that use encryption to keep them secure online.

Image by Matthew T Rader via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 22 November 2022

Two Things the US Should Do to Protect the Internet and the Security of Billions of People Online

Adopting the practice of Internet impact assessments is not just an option—it’s a must to protect the Internet we...

Encryption 8 February 2022

A Safer Internet Starts with More Encryption

Security is crucial to a safer Internet, and the only way towards a safer Internet is to take encryption off...

Encryption 19 January 2022

UK Online Safety Bill Set to Weaken Encryption and Put UK Internet Users At Risk

The Internet Society joins the UK England Chapter in calling for a redraft of the UK’s Online Safety Bill...