Senator Blumenthal Is Super Mad That Zoom Isn't Actually Offering The End To End Encryption His Law Will Outlaw

from the also-should-acquaint-himself-with-the-1st-amendment dept

Richard Blumenthal has been attacking internet services he doesn’t understand since before he was even a US Senator. It has carried over into his job as a Senator, and was abundantly obvious in his role as a co-sponsor for FOSTA. His hatred of the internet was on clear display during a hearing over FOSTA in which he flat out said that if smaller internet companies couldn’t put in place the kind of infrastructure required to comply with FOSTA, that they should go out of business. Blumenthal’s latest ridiculous bit of legislation lose your Section 230 protections. And while Blumenthal likes to pretend that the EARN IT Act doesn’t target encryption, he also lied about FOSTA and insisted it had no impact on CDA 230 (which it directly amended).

But Blumenthal has now taken his ridiculousness up a notch. Following the (legitimately concerning) reports that the suddenly incredibly popular videoconferencing software Zoom was not actually providing end-to-end encrypted video chats (despite its marketing claims), Blumenthal decided to step in and play the hero sending an angry letter to the company, while linking to the Intercept’s original story about Zoom’s misleading claims about encryption:

The letter highlights a number of recent claims that have been made about Zoom’s security and privacy practices — some of which are very significant (and a few that aren’t as big a deal) — including the end to end encryption claims:

Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?

And this is a legit question and I think it’s good that a Senator is asking that. I just think that this particular Senator is the wrong messenger, given his active role in trying to make it impossible for companies like Zoom to offer end-to-end encryption in the first place, as Riana Pfefferkorn (the Associate Director Surveillance & Cybersecurity at Stanford’s Center for Internet and Society) pointed out:

And it gets worse. As Pfefferkorn also points out, Blumenthal’s claims to be so concerned about cybersecurity and privacy ring hollow when just last month he straight up claimed that you have no right to privacy online:

This was in a weak attempt to “respond to concerns” raised about the EARN IT Act. In one of the responses, concerning government mandates for scanning content and how that interacts with the 4th Amendment, Blumenthal, quoting Neil Gorsuch, claims that there’s no reasonable expectation of privacy for any content you put online:

In the Ackerman opinion cited by tech companies as raising Fourth Amendment concerns, Gorsuch suggested that the third-party doctrine will protect evidence of CSAM found by a company that privately searched. When a company has terms and conditions that enable it to privately search, there is no Fourth Amendment violation because users lose their reasonable expectation of privacy. Gorsuch stated that ?The [Supreme] Court has, after all, suggested that individuals lack any reasonable expectation of privacy and so forfeit any Fourth Amendment protections in materials they choose to share with third parties.?

Of course, as Pfefferkorn further points out, Blumenthal’s broken analysis of the Ackerman opinion leaves out some important information. But, still, Blumenthal seems to constantly be talking out of both sides of his mouth. He doesn’t believe in an expectation of privacy for content posted online, but he also wants to slam a company for not keeping information private. He doesn’t want companies to have end-to-end encryption, but he’s angry at Zoom for not having end-to-end encryption.

And that’s not the end of the problems with Blumenthal’s approach here. While some of the privacy concerns he raises are legit, he lumps them in with ones that are not. For example, for reasons that make no sense at all, he seems to think the relatively new practice of Zoombombing — in which (often racist trolls from the worst parts of the internet) find publicly linked Zoom events and pop in to be total assholes — is on par with the other (often legit) security questions raised by Zoom’s security practices. Right after his question about end-to-end encryption he asks:

What measures has Zoom put into place to detect and prevent Zoombombing — intrusions and abuse targeting Zoom meetings? What are the policies governing such abusive behavior, what detection mechanisms are in place, how can users report abusive intrusions, and how quickly does Zoom respond to such incidents?

While there are plenty of questions about how companies can deal with such things, this is not an issue that is under the government’s purview. Indeed, as annoying as Zoombombing is, and as quickly as I’m sure Zoom has been working on technology tools to allow meeting hosts to deal with the issue, most Zoombombing is still 1st Amendment protected speech, and a Senator has no business insisting that Zoom silence such activities. And yet, that seems to be exactly what he’s focused on doing:

In that tweet he says: “I am calling on Zoom to take urgent & aggressive action to stop the racists, trolls, & peddlers of hate that are silencing & bullying communities.” Yeah, the 1st Amendment (the one you swore to defend) might want to have a word with you about that, Senator. I’m all for Zoom coming up with tools for users of its service to help prevent such trollish behavior, but seriously, these kinds of stunts are not at all new on the internet and have been around for literally decades. That doesn’t make the juvenile behavior any less annoying or problematic, but it’s not the role of any government official to insist that a company censor people for protected speech, no matter how trollish.

Separately, of course, this ignores that Zoom had already put in place a detailed plan for how to stop Zoombombing over a week before Blumenthal sent the letter. The company still could do more, and it’s worth noting that it has since released a detailed plan to deal with the newly raised security and privacy concerns, including a 90 day freeze on all feature development to have the engineering team focus on privacy and security issues. That didn’t take Senator Blumenthal’s grandstanding — and, of course, if Blumenthal’s EARN IT Act passes, that would make Zoom’s job that much more difficult.

I know that Senator Blumenthal loves to grandstand over tech issues, but it might help if he understood the technology, the law, and the Constitution before making such a fool of himself. Unfortunately, for over a decade he’s shown a decided lack of interest in doing any of those things, and I guess he has no intention of starting now.

Filed Under: , , , , , , , , ,
Companies: zoom

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Senator Blumenthal Is Super Mad That Zoom Isn't Actually Offering The End To End Encryption His Law Will Outlaw”

Subscribe: RSS Leave a comment
22 Comments
This comment has been deemed insightful by the community.
This comment has been deemed funny by the community.
Anonymous Anonymous Coward (profile) says:

Hmmph

A politician making disingenuous, self-serving yet ideologically (his own) harming statements due to an extreme ignorance of the subject matter (or blindness caused by that ideology). Who woulda thought?

This comment has been deemed insightful by the community.
Cdaragorn (profile) says:

Re: Re:

They’re talking about meetings that were intentionally made available to the public. Anyone who saw the link could join. You can’t claim they weren’t invited since the entire world was literally invited. End to end encryption has nothing to do with that and would not have prevented anything since the user had a legitimate link to the meeting.

Anonymous Coward says:

Re: People who elected him stupid?

Short answer to your question: Probably. At least perfectly willing to elect someone who misrepresented himself as a combat veteran of Vietnam.

This isn’t a ‘swift boating’ thing, where someone unquestionably served in combat but where there are arguments over how he performed. This is outright, blatant, inarguable lying; him saying he served in Vietnam during the Vietnam war. When in fact he never went further from Connecticut than Washington DC.

To get more than a blurb about this, you’ll have to do some digging. His Wikipedia page, for instance, has done some massive damage control/scrubbing, implying the usual ‘misspoke’ and he wasn’t ‘clear or precise’. But he was extremely clear that he fought as a Marine in Vietnam in combat . When he did no such thing.

It boggles the mind when these cowards assume some reporter isn’t going to actually do due diligence, and also assume actual combat veterans aren’t going to be outraged about him stealing valor.

This comment has been deemed insightful by the community.
Anonymous Coward says:

If only they'd say this...

Gov’t: Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?

Zoom response: "No, we were trying out some functionality where we installed a backdoor that would allow someone like law enforcement to be able to intercept communications, because ZOMG terrorists. Someone else unlawfully used it. Who’d have thunk it?"

Anonymous Coward says:

How about this?

Most senators and congresspeople have contact addresses.

Richard Blumenthal may not respond to your entreaties, but there are 49 more senators, and ALL of the House that may read your email (or even mail!).

We didn’t succeed with SESTA-FOSTA, but we did with SOPA. We certainly won’t succeed with the EARN-IT act unless people write in.

So what are you doing, still reading my comment? Get busy!

And even you foreign readers – "I may not be represented by you, but we ARE watching the US. Vote thoughtfully."

Anonymous Coward says:

There’s a bad actor in the US supply chain that does in fact claim to interrupt all end to end encryption globally already.

It seems credible that it is not actually possible with the current configuration of the internet.

I know how to make a good algorithm for it but I don’t think I could get around the network controls to implement it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...