The Lawful Access to Encrypted Data Act recently introduced to U.S. Congress may be the worse in a recent string of attacks on encryption, our strongest digital security tool online.
While the recently-amended EARN IT Act would leave strong encryption on unstable ground if passed into law, the Lawful Access to Encrypted Data Act (LAEDA) is a direct assault on the tool millions of people rely on for personal and national security each day.
LAEDA would facilitate the death of end-to-end encryption by forcing companies to provide “technical assistance” to access encrypted data upon request by law enforcement investigations.
The problem is the only way for companies to comply would be to build backdoors into their products and services, or not use encryption at all, making everyone more vulnerable to the same crime we are all trying to prevent. To be clear – we’re talking about the same encryption used to keep activities like online banking, working from home, telehealth, and talking with friends secure online.
The Internet Society raised its concerns in an open letter to the co-sponsors of LAEDA in the Senate, which was signed by over 75 global cybersecurity experts, civil society organizations, companies, and trade associations. According to signatories, the bill “is too technically flawed to be effective and will force companies to make their products less secure.”
To make matters worse, the proposed LAEDA is only the most recent attack on end-to-end encryption from a member of the Five Eyes alliance (the United States, United Kingdom, Canada, Australia, and New Zealand).
United States supporters of “backdoor access” are following the footsteps of the United Kingdom’s Investigatory Powers Act and Australia’s “Assistance and Access” or TOLA Act. Similar to these laws, which it is clearly modeled on, LAEDA would require companies or their employees to comply with government demands for “technical assistance” in law enforcement investigations. These requirements would inevitably force companies to build encryption backdoors.
We’ve said it before, and it’s worth repeating:
There is no way to provide backdoor access to end-to-end encrypted data without weakening security for all users.
The Lawful Access to Encrypted Data Act would not only make Americans more at risk to the crime it’s trying to prevent – but everyone worldwide who relies on American products and services that use encryption to keep them secure online.
Image by Matthew T Rader via Unsplash