EARN IT is a direct attack on end-to-end encryption

[duddy]

EARN IT is a direct attack on end-to-end encryption*

 

Yesterday a bipartisan group of U.S. Senators introduced a new bill called the EARN IT act. On its face, the bill seems like a bit of inside baseball having to do with legal liability for information service providers. In reality, it represents a sophisticated and direct governmental attack on the right of Americans to communicate privately.

 

“Going Dark”, and the background behind EARN IT

Over the past few years, the U.S. Department of Justice and the FBI have been pursuing an aggressive campaign to eliminate end-to-end encryption services. This is a category that includes text messaging systems like Apple’s iMessage, WhatsApp, Telegram, and Signal. Those services protect your data by encrypting it, and ensuring that the keys are only available to you and the person you’re communicating with. That means your provider, the person who hacks your provider, and (inadvertently) the FBI, are all left in the dark.

 

The government’s anti-encryption campaign has not been very successful. There are basically two reasons for this. First, people like communicating privately. If there’s anything we’ve learned over the past few years, it’s that the world is not a safe place for your private information. You don’t have to be worried about the NSA spying on you to be worried that some hacker will steal your messages or email. In fact, this kind of hack occurs so routinely that there’s a popular website you can use to check if your accounts have been compromised.

 

The second reason that the government has failed to win hearts and minds is that providers like Facebook and Google and Microsoft also care very much about encryption. While some firms (*cough* Facebook and Google) do like to collect your data, even those companies are starting to realize that they hold way too much of it. This presents a  risk for them, and increasingly it’s producing a backlash from their own customers. Companies like Facebook are realizing that if they can encrypt some of that data — such that they no longer have access to it — then they can make their customers happier and safer at the same time.

 

Governments have tried to navigate this impasse by asking for “exceptional access” systems. These are basically “backdoors” in cyrptographic systems that would allow providers to occasionally access user data with a warrant, but only when a specific criminal act has occurred. This is an exceptionally hard problem to get right, and many experts have written about why this is. But as hard as that problem is, it’s nothing compared to what EARN IT is asking for.

 

*Abridged version

Source

 

 

[duddy]

US internet bill seen as opening shot against end-to-end encryption*

 

Senator Lindsey Graham said the goal of the law was to ‘forcibly deal with child exploitation’. Photograph: Luis M Alvarez/AP

 

Platforms would lose legal cover if they fail to follow ‘best practice’ to prevent child abuse

 

US senators have proposed a new law which would make key legal protections that online platforms rely on contingent on those platforms adopting specific practices related to privacy and the prevention of child sexual exploitation.

 

The act has widely been seen as an opening salvo in a renewed war on end-to-end encryption, with the US justice department (DoJ) regularly criticising technology companies for creating products, such as iMessage and WhatsApp, which cannot be intercepted by law enforcement.

 

Proposing what has been called the Earn It Act, a backronym for “Eliminating Abusive and Rampant Neglect of Interactive Technologies”, the new bill was introduced by a bipartisan collection of senators on Thursday.

 

It proposes an amendment to section 230 of the Communications Decency Act, described as “the 26 words that created the internet” in a recent book of that name, so that it only applies to platforms certified as following a set of best practices to prevent child abuse and exploitation. Section 230 indemnifies internet platforms against being viewed as the publishers of the content they host; before it was passed in 1996, websites ran the risk of taking full legal liability for everything they hosted unless they performed no moderation at all.

 

The Republican Lindsey Graham, one of the four primary sponsors of the bill, said: “I appreciate my colleagues working with me on this bill to ensure tech companies are using best business practices to prevent child exploitation online. This bill is a major first step. For the first time, you will have to earn blanket liability protection when it comes to protecting minors. Our goal is to do this in a balanced way that doesn’t overly inhibit innovation, but forcibly deals with child exploitation.”

 

The Democrat Dianne Feinstein, one of California’s two senators, and thus Silicon Valley’s representative in the Senate, added: “Technological advances have allowed the online exploitation of children to become much, much worse over recent years. Companies must do more to combat this growing problem on their online platforms. Our bill would allow individuals to sue tech companies that don’t take proper steps to prevent online child exploitation, and it’s an important step to protect the most vulnerable among us.”

 

The bill has created unease. Emma Llansó of the Centre for Democracy and Technology, a nonprofit organisation which campaigns “to preserve the unique nature of the internet”, said it “would give government officials unprecedented powers to craft de facto regulations for online speech. Online service providers would almost certainly err on the side of caution and take down anything – including a lot of lawful, constitutionally protected speech – that the attorney general might not like.”

 

The nature of the “best practices” that companies would be required to follow is left unspecified in the legislation, instead being placed under the auspices of a national commission on online child sexual exploitation prevention. But the outline was suggested by a second announcement on Thursday, by the US DoJ and the wider Five Eyes surveillance coalition, which includes the governments of the UK, Canada, Australia and New Zealand.

 

 

That group revealed a set of “voluntary principles to counter online child sexual exploitation and abuse”, 11 principles that included companies “adopting enhanced safety measures with the aim of protecting children, in particular from peers or adults seeking to engage in harmful sexual activity with children” and “seeking to identify and combat the dissemination of new child sexual abuse material via their platforms and services”.

 

The UK’s Internet Watch Foundation, a charity responsible for finding and removing images of child sexual abuse from the internet, welcomed the principles. Its chief executive, Susie Hargreaves, said she hoped they would “encourage more companies to follow the lead of our members and step up and do the right thing for victims of child sexual abuse”.

 

Adds Guardian on Twitter:👇

 

America faces an epic choice...**

 

 

"... in the coming year, and the results will define the country for a generation. These are perilous times. Over the last three years, much of what the Guardian holds dear has been threatened – democracy, civility, truth. This US administration is establishing new norms of behaviour. Anger and cruelty disfigure public discourse and lying is commonplace. Truth is being chased away. But with your help we can continue to put it center stage.

Rampant disinformation, partisan news sources and social media's tsunami of fake news is no basis on which to inform the American public in 2020. The need for a robust, independent press has never been greater, and with your support we can continue to provide fact-based reporting that offers public scrutiny and oversight. Our journalism is free and open for all, but it's made possible thanks to the support we receive from readers like you across America in all 50 states.

On the occasion of its 100th birthday in 1921 the editor of the Guardian said, "Perhaps the chief virtue of a newspaper is its independence. It should have a soul of its own." That is more true than ever. Freed from the influence of an owner or shareholders, the Guardian's editorial independence is our unique driving force and guiding principle.

We also want to say a huge thank you to everyone who generously supports the Guardian. You provide us with the motivation and financial support to keep doing what we do. Every reader contribution, big or small is so valuable ..."

*Source

**Source

 

 

 

 

 

 

 

[Karlston]

Two topics moved/merged from Software News.

 

(Encryption is security/privacy related so belongs here)