US Senator introduces bill to block FBI backdoor access

Senator Ron Wyden's bill aims to prevent government-forced backdoors and security vulnerabilities

U.S. Senator Ron Wyden on Thursday introduced a bill that would prevent the government from forcing companies to design backdoors or security vulnerabilities into their products to aid surveillance.

The Secure Data Act aims to preempt moves by the government to better eavesdrop over newer communications technologies, and is part of an overall bid by some legislators to place curbs on extensive government surveillance.

A key legislation that would put curbs on the bulk collection of phone records by the U.S. National Security Agency, called the USA Freedom Act, could not move towards a final vote on the legislation in the Senate last month, despite backing from the administration of U.S. President Barack Obama.

Wyden said his bill comes in the wake of proposals by U.S. government officials to compel companies to build backdoors in the security features of their products. "Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats," Wyden said in a statement Thursday.

The U.S. Congress should pass a law requiring that all communication tools allow police access to user data, U.S. FBI Director James B. Comey said in October.

The Communications Assistance for Law Enforcement Act, or CALEA, which requires telecommunications carriers and broadband providers to build interception capabilities for court-ordered surveillance, was enacted 20 years ago, and does not cover newer communications technologies, Comey said in a speech to the Brookings Institution.

"The issue is whether companies not currently subject to the Communications Assistance for Law Enforcement Act should be required to build lawful intercept capabilities for law enforcement," Comey said.

Apple and Google had recently announced that they would start encrypting iOS and Android user data by default, a plan that didn't go down well with Comey.

Wyden, a Democrat from Oregon, counters that government-driven "technology mandates to weaken data security for the purpose of aiding government investigations would compromise national security, economic security and personal privacy."

A backdoor built into a security system inherently compromises it, and companies will have less incentive to invest in new strong data security technologies, he said. Mandating backdoors would also further erode consumer trust in these products and services, which was already hit by revelations of government surveillance.

The Senate bill aims to establish that no agency may mandate that a manufacturer, developer, or seller of computer hardware, software or an electronics device available to the public should design or change its security functions for the purpose of surveillance of any user or for the physical search of a product, unless the product is already covered under CALEA.

Wyden said his legislation builds on a bipartisan effort in the U.S. House of Representatives, which approved an amendment by Representatives Thomas Massie and Zoe Lofgren to prohibit electronic vulnerability mandates in June.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationU.S. Senatesecuritylegislationgovernmentprivacy

More about AppleFBIFreedomGoogleHouse of RepresentativesIDGNational Security AgencyNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place