Senators Pretend That EARN IT Act Wouldn't Be Used To Undermine Encryption; They're Wrong

from the plausible-deniability dept

On Wednesday, the Senate held a hearing about the EARN IT Act, the bill that is designed to undermine the internet and encryption in one single move — all in the name of “protecting the children” (something that it simply will not do). Pretty much the entire thing was infuriating, but I wanted to focus on one key aspect. Senators supporting the bill, including sponsor Richard Blumenthal — who has been attacking the internet since well before he was in the Senate and was just the Attorney General of Connecticut — kept trying to insist the bill had nothing to do with encryption and wouldn’t be used to undermine encryption. In response to a letter from Facebook, Blumenthal kept insisting that the bill is not about encryption, and also insisting (incorrectly) that if the internet companies just nerded harder, they could keep encryption while still giving law enforcement access.

?This bill says nothing about encryption,? Sen. Richard Blumenthal…, said at a hearing Wednesday to discuss the legislation…

[….]

?Strong law enforcement is compatible with strong encryption,? Blumenthal said. ?I believe it, Big Tech knows it and either is Facebook is lying ? and I think they?re telling us the truth when they say that law enforcement is consistent with strong encryption ? or Big Tech is using encryption as a subterfuge to oppose this bill.?

No, the only one engaged in lying or subterfuge here is Blumenthal (alternatively, he’s so fucking ignorant that he should resign). “Strong” encryption is end-to-end encryption. Once you create a backdoor that lets law enforcement in, you’ve broken the encryption and it’s no longer stronger. Even worse, it’s very, very weak, and it puts everyone (even Senator Blumenthal and all his constituents) at risk. If you want to understand how this bill is very much about killing encryption, maybe listen to cryptographer Matthew Green explain it to you (he’s not working for “Big Tech,” Senator):

EARN IT works by revoking a type of liability called Section 230 that makes it possible for providers to operate on the Internet, by preventing the provider for being held responsible for what their customers do on a platform like Facebook. The new bill would make it financially impossible for providers like WhatsApp and Apple to operate services unless they conduct ?best practices? for scanning their systems for CSAM.

Since there are no ?best practices? in existence, and the techniques for doing this while preserving privacy are completely unknown, the bill creates a government-appointed committee that will tell technology providers what technology they have to use. The specific nature of the committee is byzantine and described within the bill itself. Needless to say, the makeup of the committee, which can include as few as zero data security experts, ensures that end-to-end encryption will almost certainly not be considered a best practice.

So in short: this bill is a backdoor way to allow the government to ban encryption on commercial services. And even more beautifully: it doesn?t come out and actually ban the use of encryption, it just makes encryption commercially infeasible for major providers to deploy, ensuring that they?ll go bankrupt if they try to disobey this committee?s recommendations.

It?s the kind of bill you?d come up with if you knew the thing you wanted to do was unconstitutional and highly unpopular, and you basically didn?t care.

Or listen to Stanford’s Riana Pfefferkorn explain how the bill’s real target is encryption. As she explains, the authors of the bill (including Blumenthal) had ample opportunity to put in language that would make it clear that it does not target encryption. They chose not to.

As for the “subterfuge” Blumenthal calls out, the only real “subterfuge” here is by Blumenthal and Graham in crafting this bill with the help of the DOJ. Remember, just the day before the DOJ flat out said that 230 should be conditioned on letting law enforcement into any encrypted communications. So if Blumenthal really means that this bill won’t impact encryption he should write it into the fucking bill. Because as it’s structured right now, in order to keep 230 protections, internet companies will have to follow a set of “best practices” put together by a panel headed by the Attorney General who has said multiple times that he doesn’t believe real encryption should be allowed on these services.

So if Blumenthal wants us to believe that his bill won’t undermine encryption, he should address it explicitly, rather than lying about it in a Senate hearing, while simultaneously claiming that Facebook (and every other company) can do the impossible in giving law enforcement backdoor access while keeping encrypted data secure.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Senators Pretend That EARN IT Act Wouldn't Be Used To Undermine Encryption; They're Wrong”

Subscribe: RSS Leave a comment
27 Comments
This comment has been deemed insightful by the community.
Anonymous Anonymous Coward (profile) says:

It won't stop them

There are likely multiple companies, overseas, who are keeping their fingers crossed and hoping and wishing that this bill passes. The profile of these companies are those that have encryption products in existence or in the pipeline, or will start designing their version as soon as the bill passes.

As has been said many time here (and elsewhere) by many people, the bad guys will get their encryption from someone who isn’t under the thumb of the US government. There is probably also a large cadre of people who you and I wouldn’t classify as bad, but wish to keep their communications private. Journalists, diplomats, negotiators, strategists, and business executives come immediately to mind. The military has already said that this is a really big mistake.

The next step will be for the government to claim these offshore products are munitions and therefore illegal. The fact that many of those ‘not bad’ users are also ones who fund political campaigns will become painfully clear to politicians when that happens.

Anonymous Coward says:

Re: It won't stop them

There are likely multiple companies, overseas, who are keeping their fingers crossed and hoping and wishing that this bill passes.

So… Google, Facebook, etc.? It would take nothing more than filing a sheet of paper to suddenly be non-US companies. The only reason they haven’t already done it is US laws and taxes are far more favorable than those of most other nations. If either of those switches the other way around there is nothing to stop any of them from instantly reducing the US GDP.

fairuse (profile) says:

Any encryption product without Gov'ment mark

Yes if bill passed – Only Gov’ment approved encryption. Using Rebel tools to bypass snooping would be like ripping disks. Making and selling devices would be illegal.

Munitions is eye catching.

Software / Hardware to bypass and lockout Gov’ment mandated encryption is safety hazard and is criminal act of terrorism.

Anonymous Coward says:

Re: Any encryption product without Gov'ment mark

I feel that, more likely, what will end up happening is chasing the remaining cleartext traffic to the onion web. Can’t use client and server side """"""scanning""""""" if the thing they scan is complete garbage that they don’t know where it came from.
The idea that we’ve come all this way just to cripple the internet to keep the three letters out is far more terrifying.

Upstream (profile) says:

Re: Email services can read this just fine:

—–BEGIN PGP MESSAGE—–
hQIMA5xK+pw6n06EARAAjCDuPB5rIvp5BFPSCQk7Mo+rNULwmlHcnSJUxj1TT/kbwnDT9rN++gkQA+FkxVX8J2DidhnG+lGqEw5xR1qfrxOX/Kf814j5c9H/IpTH/HBvz8a+Syy5QtGFzQX8/g0GzTbYTzVsTEEAxHBKYdGTb1VcRl6XfgiwFOxV+jaDalyPpvQNX6fYE7DjgG2skfGOAsu6+dfoZAq8XkvVg0qdgd7jktgbk346/t0A5Ux5wFc0e6/n9rT79aUnHS7cFM8HcRWj5QGNjPakf/Glihk9Cc7czmcT2Iw9dyfB3e1Lqi02DFeXSICH+RSSpINPspCQnioZom3yGc0x9Md+sDMxh1GRrxXTndLpAQfwmJM8lF+qRdvHY9KqhLBnvLWUcpEVF7VbOrZcsRF9HI+t+fbc8jYCA+MPjzf5vqc77N3lD0tInzKUYIsr0r18BFcpuP3LQjxWJsPMoIydUa1hksmhSRJR8zgAo+abYvzkPUi69k1roFPGYF9I7Qo8LnAIs2RPe1KafRnglNg1ObTZXKXCgVwZ4wOyxQddkVHMvgWtYO+3myawAoPjzfepKpR3lezZfn0wS9seXSuF57htchNk2KbHPNwCaj
zgsTQ1SN8oB8MKEBQ8emri8BUsyTq8vhs4pUpIdYp5GLGChFHhfiz8L70rBibAEYHC2sEzr4CILmKHEBvP0lewrIUUp5VEsIB0fLG17h2eRceQUiQl2MwDsDoec0lA5NT385wKWaf/GwqA==
=C8pb
—–END PGP MESSAGE—–

Anonymous Coward says:

Re: Re: Email services can read this just fine:

I was not asking can email services support encrypted messages at the technical level, but rather would they be allowed to continue to allow encrypted messages on their servers, or would they be held liable if they could not deliver a readable message at the drop of a warrant.

This comment has been flagged by the community. Click here to show it.

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: Re:

That hasn’t been funny since Henry II and Thomas Becket. Or more contemporarily, any movie with a mobster. Don’t be making meme-laden threats about a person’s safety.

If you must use "it would be a shame if", then try this one:

It would be a shame if, having been warned the consequences of his bill beforehand, his own correspondence became public because of lack of encryption caused by the bill.

"Hoist by your own petard", in other words.

Upstream (profile) says:

Email services can read this just fine:

—–BEGIN PGP MESSAGE—–

hQIMA5xK+pw6n06EARAAjCDuPB5rIvp5BFPSCQk7Mo+rNULwmlHcnSJUxj1TT/kbwnDT9rN++gkQA+FkxVX8J2DidhnG+lGqEw5xR1qfrxOX/Kf814j5c9H/IpTH/HBvz8a+Syy5QtGFzQX8/g0GzTbYTzVsTEEAxHBKYdGTb1VcRl6XfgiwFOxV+jaDalyPpvQNX6fYE7DjgG2skfGOAsu6+dfoZAq8XkvVg0qdgd7jktgbk346/t0A5Ux5wFc0e6/n9rT79aUnHS7cFM8HcRWj5QGNjPakf/Glihk9Cc7czmcT2Iw9dyfB3e1Lqi02DFeXSICH+RSSpINPspCQnioZom3yGc0x9Md+sDMxh1GRrxXTndLpAQfwmJM8lF+qRdvHY9KqhLBnvLWUcpEVF7VbOrZcsRF9HI+t+fbc8jYCA+MPjzf5vqc77N3lD0tInzKUYIsr0r18BFcpuP3LQjxWJsPMoIydUa1hksmhSRJR8zgAo+abYvzkPUi69k1roFPGYF9I7Qo8LnAIs2RPe1KafRnglNg1ObTZXKXCgVwZ4wOyxQddkVHMvgWtYO+3myawAoPjzfepKpR3lezZfn0wS9seXSuF57htchNk2KbHPNwCaj
zgsTQ1SN8oB8MKEBQ8emri8BUsyTq8vhs4pUpIdYp5GLGChFHhfiz8L70rBibAEYHC2sEzr4CILmKHEBvP0lewrIUUp5VEsIB0fLG17h2eRceQUiQl2MwDsDoec0lA5NT385wKWaf/GwqA==
=C8pb
—–END PGP MESSAGE—–

This comment has been deemed insightful by the community.
That One Guy (profile) says:

How to spot a dishonest liar in one easy step...

It’s the kind of bill you’d come up with if you knew the thing you wanted to do was unconstitutional and highly unpopular, and you basically didn’t care.

Not ‘kind of’, it is. He and those pushing the train wreck have failed to undermine encryption directly, so they’ve sunk to trying to slip it through in another manner, making clear for all to see how grossly dishonest and dangerous to the public they really are.

Anonymous Coward says:

No one of authority gives a damn about kids and pornography and in this case, the whole aim is to undermine encryption, not protect anyone! The USA is fast becoming the same as a nation that was fought against 75 years ago. What the hell happened? How the hell did we get to this place? Once it’s here, with just a very few giving orders that the rest have to follow or suffer the consequences, there’ll be no coming back. The Land Of The Free is a long way off and a long time away!

That One Guy (profile) says:

Re: Re:

No one of authority gives a damn about kids and pornography and in this case, the whole aim is to undermine encryption, not protect anyone!

Oh that’s certainly a big part of it, but it’s not the entire goal, there’s also forcing platforms to be ‘neutral’, which is to say give certain groups special treatment and stop ‘oppressing’ them by applying penalties for TOS violations/being repulsive individuals.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...