Intelligence Committee leaders release discussion draft of encryption legislation

Senate seal 112On April 13, Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA) released the Compliance with Court Orders Act of 2016; draft legislation which reinforces that all entities must comply with court orders to protect Americans from criminals and terrorists. The senators will now solicit input from the public and key stakeholders before formally introducing the bill.

“I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information – which involves strong encryption,” said Chairman Burr.  “I do not believe, however, that those solutions should be above the law. I am hopeful that this draft will start a meaningful and inclusive debate on the role of encryption and its place within the rule of law.  Based on initial feedback, I am confident that the discussion has begun.  We remain eager to sit down and discuss a way forward with all who are willing to engage constructively on this critically important and challenging issue.”

“No entity or individual is above the law,” said Vice Chairman Feinstein. “The bill we have drafted would simply provide that, if a court of law issues an order to render technical assistance or provide decrypted data, the company or individual would be required to do so. Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”

The discussion draft legislation is available here.

Compliance with Court Orders Act of 2016

The bill ensures that everyone must comply with court orders to protect America from criminals and terrorists.

  • Sense of Congress.  The bill establishes that:
    • No one is above the law.  Court order recipients must comply with the rule of law.
    • Providers of communications services and products should protect United States persons’ privacy with strong data security while still complying with court orders and other legal requirements.
  • Covered Entities are subject to the bill’s requirements. Covered Entities include device manufacturers, software manufacturers, electronic communication services, remote communication services, providers of wire or electronic communication services, providers of remote communication services, or any person who provides a product or method to facilitate a communication or to process or store data.
  • Covered Entities must provide information or data.  Covered entities that receive a court order for information or data for the investigation or prosecution of specified serious crimes must provide it to the government in an intelligible format or provide the technical assistance necessary to do so.
    • Covered entities are responsible only for the information or data that they (or another party on their behalf) have made unintelligible.
    • Covered entities shall be compensated for the reasonably necessary costs incurred in providing the intelligible data or required technical assistance.
    • The government cannot require or prohibit any specific design or operating system for any covered entity to use in complying with a court order.
    • Certain communication service providers that distribute licenses for a covered entity’s products and services also must ensure that these products and services are capable of providing information or data in an intelligible format.
  • No new collection authorities.  The bill does not create any new collection authorities for the government to obtain communications.  The bill simply requires covered entities to ensure that the government’s lawfully-obtained evidence is readable—so that law enforcement can solve crimes and protect our communities from criminal and terrorist activities.

Source: Office of Senator Richard Burr