The American government is trying to get rid of encryption services


Congress is working on a bipartisan bill called the EARN IT act that seems to be an attempt to use opposition to child sex trafficking and abuse as a back door to undermine end-to-end encryption in general

Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether.

[…]

Riana Pfefferkorn, the associate director of surveillance and cybersecurity at Stanford’s Center for Internet and Society, outlined fears about the privacy and security implications of an earlier leaked draft of the EARN IT Act in January. After a preliminary assessment of the version of the bill introduced on Thursday, she told WIRED that she sees well-meaning revisions aimed at reducing concerns that EARN IT could violate First, Fourth, and Fifth Amendment rights related to speech, privacy, and lawful search. But she says the bill remains fundamentally problematic.

“I see this as being an attempt to cure procedural problems while throwing a bone somewhat to civil liberty, privacy, and security concerns,” she told WIRED. “But looking at the additional language it’s clear to me that this is still going to be a vehicle for the attorney general to wage his war on encryption. And it’s kind of a black box. One of my fears is if this were implemented, what’s to stop China from saying ‘in addition to monitoring for child sex abuse images, turn this on for Uighur freedom activists too.'”

The article contains quotes from Facebook saying they do fine without measures like EARN IT, but it shouldn’t shock the reader that I don’t put much stock in what they have to say. For all the ways Facebook is a massive corporation doing a huge amount of harm in the world, their opposition to this bill does not mean it’s a good thing. Unfortunately, there are many large, powerful entities at work in the world, and most of them don’t hold human life, freedom, and happiness as their core principles. From the blog “A Few Thoughts on Cryptography Engineering

Over the past few years, the U.S. Department of Justice and the FBI have been pursuing an aggressive campaign to eliminate end-to-end encryption services. This is a category that includes text messaging systems like Apple’s iMessageWhatsAppTelegram, and Signal. Those services protect your data by encrypting it, and ensuring that the keys are only available to you and the person you’re communicating with. That means your provider, the person who hacks your provider, and (inadvertently) the FBI, are all left in the dark.

The government’s anti-encryption campaign has not been very successful. There are basically two reasons for this. First, people like communicating privately. If there’s anything we’ve learned over the past few years, it’s that the world is not a safe place for your private information. You don’t have to be worried about the NSA spying on you to be worried that some hacker will steal your messages or email. In fact, this kind of hack occurs so routinely that there’s a popular website you can use to check if your accounts have been compromised.

The world is a big, complicated place, and if we’re to have any hope of people having a meaningful right to self-determination, keeping a watch on those with power is a must. They have a history of turning good causes to evil purposes. With the rise in authoritarian politics around the world and the rise in efforts to decrease the power of corporations and oligarchs, I very much fear that the ability to hide communication and organizing from governments will be needed in the years ahead.


Thanks to the COVID-19 outbreak, layoffs have increased, job interviews have been indefinitely postponed, and many places aren’t hiring new workers. All of that means I really need help paying my bills and keeping a roof over my head. Patreon.com is a way for you to help with that, even if it’s just a little bit, and get some perks and extra content in return. You control how much you give, and how long you give it, and every little bit really does help. When lots of people pitch in, it can make a huge difference. Please help if you’re able, and share my work with others. Thank you!

Comments

  1. Ice Swimmer says

    One of the worst parts of 1990s is back. They are at it again, I remember when Netscape came effectively with 40-bit encryption keys (88 bits of complexity denied from the 128-bit key) due to the encryption export restrictions. I only got into paying bills online when the bank in which my money is in started to provide an SSH (which was invented here, in this country, city and campus) accessible version of their text-based online service and went for web-based online banking only after they lifted the encryption export restrictions for Europe.

  2. ColeYote says

    I’ve lost track of how many times US congress has tried to take a wrecking ball to privacy under the pretence of combating child sex trafficking. I don’t even understand how this is supposed to help with that, but it can’t possibly be a widespread-enough problem to warrant the response anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *