A version of Richard Burr and Dianne Feinstein’s ill-considered encryption bill has been released here. They’re calling it the “Compliance with Court Orders Act of 2016,” but I think I’ll refer to it as the Cuckoo bill. This will be a working thread.
(2) Note the bill starts by suggesting economic prosperity relies on breaking encryption. There are many reasons that’s not true, most obviously that it will put US products at a disadvantage in other countries.
(2) Note this only applies to “providers of communications services and products (including software).” Does it apply to financial companies? Because they’re encrypting data between themselves that should be accessible to law enforcement. Does it apply to car companies? IoT companies?
(2) Note they mention “judicial order” and “court order” here. It’s clear (and becomes clearer later) that this includes orders that aren’t warrants, so FISA orders. Which suggests they’re having a problem with encryption under FISA too.
(3) The Cuckoo Bill builds in compensation. That’s one way companies could fight this: to make sure it would take a lot to render data intelligible.
(4) I suspect this license language would expand to do scary things with other “licensing” products.
(4) Note that they’ve expanded the definition of metadata to include “switching, processing, and transmitting” data. I bet that has already been done in secret somewhere.
(5) The language on destination and switching suggests they’re trying to include location data in metadata.
(6) Note the “order or warrant” language.
(6) The covered entity might include banks and cars, though not obviously so.
(8) An odd use of “original form” in decrypted definition.
(9) Wow, they even want to require entities to have to provide decrypted data in motion.