From Senator Ron Wyden:
Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., today introduced the Secure Data Act to protect Americans’ privacy and data security. The bill prohibits government mandates to build backdoors or security vulnerabilities into U.S. software and electronics.
U.S. government officials have recently proposed to compel companies to build backdoors in the security features of their products. These proposals threaten to undermine the development and deployment of strong data security technologies and the overwhelming economic and national security interest in better data security.
“Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats. It is the best way to protect our constitutional rights at a time when a person’s whole life can often be found on his or her smartphone. And strong computer security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans,” Wyden said. “This bill sends a message to leaders of those agencies to stop recklessly pushing for new ways to vacuum up Americans’ private information, and instead put that effort into rebuilding public trust.”
Government-driven technology mandates to weaken data security for the purpose of aiding government investigations would compromise national security, economic security and personal privacy:
- Cyber vulnerabilities weaken cybersecurity. Once a backdoor is built in a security system, the security of the system is inherently compromised. For example, in 2005 it was revealed that an unknown entity had exploited a “lawful intercept” capability built into Greek cellphone systems and had used it to listen to users’ phone calls, including those of dozens of senior government officials.
- Technology mandates thwart innovation. Companies have less incentive to invest in the development and deployment of strong new data security technologies if they are required to compromise them from the outset.
- Mandating weak security would further erode trust in American products and services. Information technology companies are working to regain the trust of consumers upset by revelations of government intrusions into their personal communications. A mandate requiring companies to facilitate additional government surveillance would undermine those efforts.
Senator Wyden’s legislation builds on a bipartisan effort in the U.S. House of Representatives, which approved an amendment by Reps. Thomas Massie, R-Ky., and Zoe Lofgren, D-Calif., to prohibit electronic vulnerability mandates on a 293-123 vote in June 2014.