Friend or Foe: The Secure Data Act of 2015
H.R. 726 is a bill that was assigned to a congressional committee on February 4, 2015 and is sponsored by Zoe Lofgren (D) (Representative for California’s 19th congressional district). Essentially, the purpose of the bill is to prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies. In layman’s terms that means that Federal agencies cannot require manufacturers, developers or sellers of covered products (meaning hardware, software or other electronic device made available to the general public) to create a “backdoor” to allow for easy access to the data on that device or for the purpose of surveillance. It is important to note that according to section b of the bill, law enforcement agencies are exempt. In other words, law enforcement agencies are the exception to the rule. The subject matter has garnered much debate recently, in not only the public sector but in the I.T. community and within the political realm as well. Some have argued that the creation of the equivalent of a digital “skeleton key” is not conducive to the prevention of illegal hacking and it could make all American devices susceptible to illicit access should that “key” or decryption process fall into the wrong hands. In an effort to get a sampling of public opinion on this matter, a public opinion poll was conducted via internet poll by Yolanda Wright in February of 2016. Interviewees were not only receptive but gave interesting insight to their reasoning behind why they agree or disagree with the proposed legislation.
As mentioned previously, the public opinion data was collected via Internet Poll. The following question was posed to the interviewees:
“On February 4, 2015 H.R. 726, also known as the Secure Data Act of 2015, was introduced to congress. The proposed legislation would prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies. Do you agree or disagree with this legislation? Why is this good or bad for the American public and/or I.T. industry?”
The polling method was self-selecting and non-scientific, thus the margin of error could be larger than 4%. Of the individuals who participated, 100% (10) were females between the ages of 18 and 45 and of mixed ethnicities and professional backgrounds. Out of that 100%, only 10% (1 individual) disagreed with the legislation. The background information and question was posed in such a way that respondents would state their for/against stance and to get them to consider how the legislation could impact American society in the digital age. The interviewer was also attempting to get respondents to consider the pros/cons of the legislation in general and gauge public opinion in regards to privacy and security standards in the I.T. industry to the extent of governmental involvement.
The overwhelming majority of respondents (90%) stated that they were in favor of the proposed legislation. It was noted by the interviewer that the common idea shared by that 90% was that “no government agency should be allowed to force developers to introduce security vulnerabilities.” Some interviewees (30%), elaborated further stating that the government was already “crossing the line” when it comes to the mass collection of personal data. One respondent even went so far as to say that it was “an insult to tech companies and developers to even suggest the forced development of vulnerabilities in their software, etc.”. On the other end of the spectrum one lone wolf respondent who stated that they were opposed to the proposed legislation of The Data Security Act of 2015 had interesting insight as to why they disagree with the proposition. The basis for her opinion was the potential subsequent limiting factor of the aftermarket, which is often the group who exposes flaws and holes in the original release of certain software. Her perspective was unique in that she considered I.T. in terms of the auto industry stating that “if this legislation passes, various tech features that drivers have grown accustomed to would become a thing of the past and there would be no more aftermarket updates.”
Initially, I was in favor of the proposed legislation for the same reason as the nine interviewees. I understand the potential implications of the forced creation of security vulnerabilities in regards to the potential cyber threats it could present if those data decryption keys fell into the wrong hands. My stance has always been that cyber criminals are very intelligent, so why create something that could make their “job” easier? However, the “lone wolf” respondent who opposes the legislation has me considering the question of whether this legislation extends beyond simple data security. It is an interesting and, I believe, important point to consider. I had not previously considered the potential impacts to the aftermarket. If this legislation were to pass, it could negatively impact an entire sector of the cyber security industry; it could leave those who actively seek out security holes in software without jobs. This is an important consideration as it is a rapidly growing profession.
The finding of the poll shows that at least the female portion of the American population is strongly against federally mandated creation of security vulnerabilities. The legislation is worded in such a way that it appeals to Americans desire to avoid federal surveillance beyond the current norm, but it begs the question as to whether it affects more than just the consumer or company. The findings also suggest that a potentially large segment of the population dislikes the idea that a federal agency could legally force a manufacturer or developer to do something that could leave their customers vulnerable in terms of their privacy and data security. There are pros and cons to all legislation. The impacts of this legislation are yet to be seen as it has been referred to the Select Committee on Intelligence. Regardless of what the future holds for this bill, the American public will adapt and the tech industry will continue to make great strides in technical innovation.