U.S. Rep. Suzan DelBene (D-Wash.) worked as vice president of mobile communications at Microsoft from 2004 to 2007. That was her second stint at Microsoft; her first was from 1989 to 1998 after receiving an MBA when she worked on Windows 95, email and embedded systems. In between, she helped start Drugstore.com.
Her tech background is likely to come in handy in the upcoming encryption debate. The ENCRYPT (Ensuring National Constitutional Rights for Your Private Telecommunications) Act, introduced this week, is designed to ensure a uniform national policy for encryption technology.
DelBene and the bill's co-sponsors -- Reps. Ted W. Lieu (D-Calif.), Blake Farenthold (R-Texas) and Mike Bishop (R-Mich.) -- fear that a patchwork of state and local laws could be chaotic and disrupt interstate commerce. Two bills under consideration in California and New York would require manufacturers of encrypted smartphones to enable decryption of data on phones made after 2017.
ENCRYPT "has a good chance of becoming law," DelBene said via email. That's partly because it "sets out the principle that laws on encryption are a national issue requiring policies from the federal government, not a piecemeal approach from the states."
There are already deep divisions in Congress and between federal officials and privacy advocates over whether tech firms like Apple and Google should be forced find a way to decrypt smartphone data -- even when the encryption is disk-level hardened and passcodes are known only by users, not stored where a vendor can retrieve the data readily.
"No matter where you stand on whether there should be backdoors in devices for law enforcement to access personal information, you should be able to support this bill, because a patchwork of state laws on encryption will not make us safer -- it would actually weaken our national security," DelBene added.
The congresswoman said she often hears from constituents who are concerned about privacy. "Many are surprised to learn that some of their electronic communications aren't subject to the same warrant standard [requiring a judge's signature based on probable cause] as a piece of paper in a filing drawer," she said. "America's most basic electronic privacy laws are woefully out of date. As we consider increasingly complex questions in the digital age, I'm committed to ensuring my constituent's privacy is protected in the manner the Fourth Amendment requires."
The Fourth Amendment, which prohibits unreasonable searches and seizures without a judge's warrant, has become the lodestone for all types of electronic privacy matters. There are at least two major cases before the federal courts based on the amendment's privacy protections, but Congress appears primed to act as well.
In addition to ENCRYPT, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Sen. Dianne Feinstein (D-Calif.) are still working on a bill to guarantee law enforcement access to encrypted data. Meanwhile, Sen. Mark Warner (D-Va.) and House Homeland Security Chairman Michael McCaul (R-Texas) are drafting legislation to create a commission to study U.S. encryption policies and practices.
A Burr/Feinstein bill would undoubtedly ignite more fireworks than passing ENCRYPT. DelBene said such proposals, which require companies to break encryption, "will not make us more secure. They will just give bad actors more targets to exploit."
Congress can "find a balance between preserving one's right to privacy and protecting our national security," she said.
DelBene suggested she favors the commission concept from McCaul and Warner. "Lawmakers, industry leaders, privacy advocates, security experts and law enforcement need to come together to ensure we're doing everything we can to protect our national security in a responsible way," she said.
"As someone with a long career in the technology industry and as an entrepreneur, I know firsthand how quickly technologies have developed to become critical to our daily lives," DelBene said. "Policymakers need to be more engaged and informed on how technology works. For example, requiring companies to weaken devices with backdoors means opening up innocent Americans' personal information to bad actors and hackers who would love nothing more than to have easier access."