The following statement is attributed to Evan Engstrom, Executive Director of Engine, regarding this week’s introduction of the Lawful Access to Encrypted Data Act:
Simply put, the Lawful Access to Encrypted Data Act—introduced by Senate Judiciary Committee Chairman Lindsey Graham (R-S.C.) and Sens. Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.)—is bad for the privacy and security of startups and their users.
This bill claims to do two contradictory things: make it easier for law enforcement officials to obtain encrypted data, and protect the privacy of law-abiding Americans. The legislation would require manufacturers, tech companies, and startups to build so-called "backdoors" into their services—intentional vulnerabilities that could be exploited by bad actors to compromise the privacy and security of users. And this would disproportionately impact startups. Startups lack the resources necessary to engineer a backdoor and continue to protect their users' data, and it's the new and small tech companies without name recognition and longstanding relationships with their users that consumers will abandon first over fears about data security.
Despite the increased reliance on technology during the ongoing pandemic and national unrest over systemic racism, this bill risks the privacy of all law-abiding U.S. users who rely upon encrypted communications. In fact, this legislation directly minimizes the importance of this technology for communities that rely on secure communications—including protestors, reporters, and members of marginalized communities.
Companies already comply with the law and court orders when technologically possible, but the law should not be amended so that compliance comes at the expense of users’ privacy and security. We urge lawmakers to reconsider the impact that this bill would have on the privacy and security of Americans’ personal data, as well as the companies that provide those secure services.