A Florida draft bill that would require social media companies to provide encryption backdoors for law enforcement officials to access user accounts has cleared a key legislative hurdle, and will now advance to the state’s Senate floor for a vote.
Florida lawmakers unanimously approved pushing the bill through committee, per Florida Politics.
The “Social Media Use by Minors” (SB 868) bill, if passed into law, would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” The bill would also require social media companies to allow parents or guardians access to a child’s account, and would prohibit child accounts from using features that allow the use of disappearing messaging, the bill reads.
Critics, including the tech companies and industry organizations that oppose the bill, have long argued that weakening encryption would make people less safe by compromising the security of their private messages, and could result in data breaches.
In a blog post last week, the digital rights group Electronic Frontier Foundation criticized the bill, arguing that encryption is the “best tool we have to protect our communications online,” and that passing the law would likely result in companies removing encryption for minors and making those users less safe.
“The idea that Florida can ‘protect’ minors by making them less safe is dangerous and dumb,” wrote the EFF.
The Florida bill builds on a state law passed last year restricting social media for people under the age of 16. The law remains largely on hold while it remains under scrutiny in the courts amid questions about the law’s constitutionality.
Tech companies, like Apple, Google, and Facebook-owner Meta, are increasingly end-to-end encrypting their users’ data so that their private content is only accessible to the user, not even the companies themselves. This also helps to protect users’ private messages from hackers or malicious company insiders. By encrypting user data, the tech companies say they also cannot provide law enforcement with information that they themselves cannot access.
It’s not clear if the proposed Florida bill, as written, would require social media companies to comply with only a subpoena, which are typically issued by law enforcement agencies and without judicial oversight.
Subpoenas are usually not signed by a judge, but can still be used by law enforcement to compel limited amounts of account information, such as names, email addresses, or phone numbers, from tech companies about their users. Companies will often demand to see a court-authorized search warrant, which requires police to present a court with a higher degree of evidence of suspected criminality, before turning over a user’s private messages.
A corresponding bill going through the Florida House (HB 743) has a final committee vote to clear before it will proceed to the House floor for a vote, per Florida Politics.