Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A covered entity includes "any person who provides ... a method to facilitate a communication or the processing or storage of data." FOSS encryption libraries could be considered a method of processing data.

If signed into law, this could compel maintainers to design libraries with gov't decryption in mind.



Given that courts have ruled open-source crypto code to be constitutionally protected speech, it might be difficult to make that stick.

https://en.wikipedia.org/wiki/Source_code#Legal_issues_in_th...


The case in question (Bernstein v. United States) is fascinating: https://epic.org/crypto/export_controls/bernstein_decision_9...


Would protected speech mean you could use some non compliant code to provide services or just that you could publish it?


I don't know, but the bill doesn't appear to cover end users. Cloud-based services would probably have to deal with it, but not people running software on their own computers.


How could this be enforced, assuming the library developers are scattered throughout the world?

Worst case scenario, all US developers drop off the project, or contribute anonymously.


Just decryption. It isn't government only just mandated by them ANYONE can use it.


Agreed. Those familiar with encryption understand that a single security incident resulting in the theft of such a backdoor key is all it would take. The attack would cascade to any company that implemented the library.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: