The New York Times published a story yesterday saying that the Obama Administration will propose new legislation next year that would require communications service providers to create the capability to allow the government to seek the equivalent of a wiretap to view encrypted communications. Communications service providers that encrypt communications would need to have the capability to provide the government backdoor access to unencrypted information in the event it receives a wiretap order. Peer-to-peer software providers would need to redesign their software in order to permit government access to unencrypted communications. The legislation would also cover social networking sites and companies that transmit emails, such as Research in Motion for its BlackBerry devices.
Encryption vendors should determine how the new legislation may affect them. If their technologies help communications service provider customers encrypt and decrypt customer data, they may need to redesign their technologies to comply with the new legislation, if it is enacted. And the costs of redesigning products may not be trivial. The legislation would apparently reach even those services facilitating encryption where even the service provider would be unable to decrypt the communications.
On the other hand, the proposed legislation appears not to cover services that simply transmit information that users themselves have encrypted. The government is apparently not seeking legislation to regulate encryption that would prevent users from encrypting information before it reaches service providers' networks. In other words, the proposed legislation covers service providers, and not end-user encryption technology providers.
We will need to wait and see what the bill would actually say. In the meantime, encryption vendors should keep a close eye on this proposed legislation. They will need to determine what, if anything, they may need to do to redesign their products and services.
Stephen Wu
Partner, Cooke Kobrick & Wu LLP