All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders.This is the crux of the issue. The senators want to have their cake – by requiring tech companies to protect their customers' data – and eat it too – by insisting that law enforcement can break the code.
Of course, Congress doesn't care that this is impossible, as long as they have a fig leaf ("protect the privacy of United States persons") to cover that ugly decrypt-anything-we-tell-you-to thing. It tastes great and it's less filling. And it makes you lose weight, too!According to the best minds in cryptography this simply can't be done – it's not a moral or legislative issue but a mathematical one. Once you introduce a flaw into an encryption system, it's impossible to stop others finding it, especially since you are mandating it is there by law and the prize is free access to all US data traffic, as evidenced in the Juniper case.
And protections against abuse have been stripped:
As we have mentioned, there are also now no restrictions on what kind of court order can be used to force companies to hand over data to the police. As we've seen with the Patriot Act in the US and RIPA in the UK, once you give police these powers, they will use them for everything because they cut down on the workload required.
And this is bi-partisan. Forgive be for being unimpressed with the Republican Party's commitment to liberty.The original draft did include caveats to which types of court orders could be used, but those requirements are now gone.