Update: This bill did not get as far as a vote.
This bill was introduced on June 23, 2020, in a previous session of Congress, but it did not receive a vote.
Although this bill was not enacted, its provisions could have become law by being included in another bill. It is common for legislative text to be introduced concurrently in multiple bills (called companion bills), re-introduced in subsequent sessions of Congress in new bills, or added to larger bills (sometimes called omnibus bills).
A bill proposed in the US Senate would effectively make it a legal requirement for Apple to build a backdoor into iPhones. It would make it illegal for Apple and other tech giants to use strong encryption for either devices or cloud services …
It would force Apple to have a means of accessing customer data on both the devices it sells and the cloud services it operates.
The bill opens by saying that when a manufacturer is presented with a search warrant, it will assist in accessing the data. That’s no different to the position today: Apple will provide whatever assistance it can when presented with a lawful demand.
However, the company currently has no way to unlock an iPhone, and that’s the part this bill seeks to change. It would make a backdoor into devices a legal requirement for anyone selling more than a million devices in the US.
A device manufacturer that sold more than 1,000,000 consumer electronic devices in the United States in 2016 or any calendar year thereafter, or that has received an assistance capability directive under section 3513, shall ensure that the manufacturer has the ability to provide the assistance described in subsection (b)(2) for any consumer electronic device that the manufacturer designs, manufactures, fabricates, or assembles; and intends for sale or distribution in the United States.
Subsection (b)(2) states that the manufacture assistance must include:
Decrypting or decoding information on the electronic device or remotely stored electronic information that is authorized to be searched, or otherwise providing such information in an intelligible format, unless the independent actions of an unaffiliated entity make it technically impossible to do so.
Note here that Apple would no longer be able to shrug and say it can’t access locked iPhones, because the first part quoted means that it must by law be able to do so. The only exception is if it’s technically impossible due to the “independent actions of an unaffiliated entity.” So Apple would no longer be able to decide to make it impossible to access customer phones.
Apple can currently hand over iCloud backups, as these don’t use end-to-end encryption, but there have been growing calls for Apple to use strong encryption here, too. Indeed, I recently speculated that the company’s approach to CSAM scanning may be a precursor to end-to-end encryption of iCloud backups in order to strengthen customer privacy.
FTC: We use income earning auto affiliate links. More.