New Anti Encryption Bill introduced in the US

On Tuesday, June 23, Senators Graham (R-SC), Cotton (R-AR), and Blackburn (R-TN) introduced a bill that is a full-frontal nuclear assault on encryption in the United States. You can find the bill text here. It’s been formally introduced as Senate bill 4051, which you can track here. (Other reactions to the bill so far: EFF, Techdirt.)

Dubbed the “Lawful Access to Encrypted Data Act of 2020” (acronym: LAED, which my fingers definitely do not mis-type as LEAD every single time), the bill is an actual, overt, make-no-mistake, crystal-clear ban on providers from offering end-to-end encryption in online services, from offering encrypted devices that cannot be unlocked for law enforcement, and indeed from offering any encryption that does not build in a means of decrypting data for law enforcement.

The new bill applies to operating systems and apps and messaging and chat and social media platforms and email and cloud storage and videoconferencing and smartphones and laptops and desktops and your Xbox, and probably voting machines and IoT devices – basically any electronic device with just 1 GB of storage capacity. It isn’t just aimed at Apple, Google, Facebook, Signal, and the like, though it certainly applies to them; it goes well beyond, to include everyone from Box and Dropbox, to the full range of Microsoft’s products, to OEM handset manufacturers…



Sort-of-related, is the 40-bit encryption cap still a thing that is conveniently ignored? Or has it been amended?

I remember that 40 bit used to be there and may still linger in the rules - not sure about it, however I do know that we are specifying AES 128 and AES 256 in the new addendum coming for SCOSTA SCOSTA also, RSA 2048 is coming in SCOSTA PKI specs.

1 Like