Outline of the Lawful Access to Encrypted Data Act
Senators Graham, Blackburn, and Cotton call the Lawful Access to Encrypted Data Act (press release): "a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior".
They justify the proposed bill with the threat from terrorists and pedophiles: "Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage", says Cotton. He wants to "end the Wild West of crime on the Internet".
Instead, Cotton wants to open the Wild West for law enforcement and the authorities. Once surveillance laws such as an encryption backdoor for the "good guys" is available, it's just a matter of time until the "good guys" turn bad or abuse their power. History has taught us that often enough so we should be able to understand the threat of an Orwellian-like surveillance by the government. In Germany alone, we had two oppressive governments in the last one hundred years that taught us why government surveillance is very dangerous: the GDR and Nazi Germany.
Public opinion objects to an encryption backdoor
By stressing the fact that tech companies must decrypt sensitive information only after a court issues a warrant, the three Senators believe they can swing the public opinion in favor of this encryption backdoor law.
However, the backbone of the internet relies on unbreakable encryption. We need it for banking, for storing sensitive documents, for having a private communication online. Of course, the Senators argue that the backdoor they are demanding would be only available to the 'good guys' only. However, cryptography experts have already explored in detail if and how an encryption backdoor could be realized.
The conclusion has always been the same: While implementing a backdoor is easy, limiting its access to the 'good guys' only is impossible.
How would such a backdoor work?
To comply with decryption orders such as demanded by the Lawful Access to Encrypted Data Act, online services would need to have central access to all encrypted data, possibly with a general decryption key. When being presented with a court order, they would have to decrypt the data of this particular user - leaving the data of all other users untouched.
This process is done by employees, by people. Consequently, one can imagine how hard - if not impossible - it would be to secure the general key from abuse and mistakes. Particularly when considering the high value that such a general key would have to malicious attackers, state actors (also from abroad), and others.
With the constantly rising number of breaches, shown by this data breach report, one can imagine that it would not take long before some malicious actor on the internet got access to this general key, rendering all encryption for all users futile.
How devastating this would be, becomes obvious when looking at one of the most severe data breaches of 2020: The so-called BlueLeaks breach exposed files from hundreds of US police departments, including personal information of suspects and convicted criminals alike.