Workload and Application Security Blog

ENCRYPT Act reintroduced with bipartisan backing in Congress

Written by Virsec | Jun 13, 2018 1:39:50 AM

Articles by SC Magazine, Journal of Cyber Policy, Green Sheet & Information Security Buzz, June 11, 2018, with comments by Willy Leichter;

A bill from a bipartisan group of representatives aims to create a national standard of encryption that if signed into law, would supersede state and local levels of any similar standards.

First goal: Create a national standard of encryption

One goal is to establish a uniform national standard that would eliminate a patchwork of encryptions standards varying from state to state. Inconsistent uses of encryption could arguably contribute to conflicting standards and create conflicts and issues for commerce, cybersecurity, users, law enforcement and more. Worse, it could create vulnerabilities for criminals to exploit.

Second goal: Prevent local state and government from “back door” access to devices

The proposed law was originally introduced in February 2016. Now it carries a second goal of preventing state and local government from passing legislation requiring manufacturers to put technology in place that would give someone “back door” or forced access to the device. The purpose is to keep your data out of someone else’s hands, including state or local governments.

But bill includes no such "back door" restrictions for federal government

However, security experts are questioning the bill stopping short of blocking the federal government from using back doors to get into devices. Acknowledging the government has a mix of challenges when it comes to the need to access data, including anti-terrorism, the conflict this presents to data privacy remains.

Willy Leichter, vice president of marketing at Virsec explained, “It seems like a positive move to have a standardized national encryption policy. However, this doesn’t solve the basic collision of interests around encryption – law enforcement wants broader access, while privacy experts (and most of the security industry) don’t want to neuter the effectiveness of encryption. This group seems to understand that encryption is a fundamental building block of most digital business, and weakening it, for whatever reasons, can be disastrous.”

Read full SC Magazine Encrypt Act article
Read full Journal of Cyber Policy Experts Weigh in on Ecrypt Act article
Read full Green Sheet Encryption Debated in WA article
Read full Information Security Buzz U.S. Encrypt Act article