Congress introduced a new bill [draft bill, PDF] on Friday which will force smartphone manufacturers to decrypt data in response to law enforcement demands. The bill was proposed by senators Diane Feinstein and Richard Burr, and states that companies “must provide in a timely manner responsive, intelligible information or data, or appropriate technical assistance to obtain such information.” However, the bill does not include any criminal penalties for a company’s failure to comply. There are severe hurdles that need to be overcome in order for the bill to gain approval, and the Obama Administration has declined to support the bill [Reuters report]. Security experts have criticized [The Verge report] the bill’s language as being “so broad as to target ancillary forms of encryption covering web traffic or credit card data, far beyond its intended scope.”
This development comes in the face of a bitter conflict between federal authorities and technology giant Apple over the government’s demands to unlock an encrypted iPhone owned by the San Bernardino shooter [CNN report] Syed Rizwan Farook. The US Department of Justice filed a motion [text] in February in the US District Court for the Central District of California to compel Apple to unlock [JURIST report] the said smartphone, after Apple rejected repeated requests from the Federal Bureau of Investigation to do so. Apple subsequently filed a brief [text, NPR] opposing the government’s request [JURIST report], citing First and Fifth Amendment concerns, while its biggest competitor Google joined its side [NBC news report] in opposing the government’s motion. However, the entire dispute came to an untimely and unexpected end when the DOJ managed to successfully decrypt the phone [JURIST report] by its own efforts and dropped the case.