Senator Blumenthal Is Super Mad That Zoom Isn't Actually Offering The End To End Encryption His Law Will Outlaw

from the also-should-acquaint-himself-with-the-1st-amendment dept

Richard Blumenthal has been attacking internet services he doesn't understand since before he was even a US Senator. It has carried over into his job as a Senator, and was abundantly obvious in his role as a co-sponsor for FOSTA. His hatred of the internet was on clear display during a hearing over FOSTA in which he flat out said that if smaller internet companies couldn't put in place the kind of infrastructure required to comply with FOSTA, that they should go out of business. Blumenthal's latest ridiculous bit of legislation lose your Section 230 protections. And while Blumenthal likes to pretend that the EARN IT Act doesn't target encryption, he also lied about FOSTA and insisted it had no impact on CDA 230 (which it directly amended).

But Blumenthal has now taken his ridiculousness up a notch. Following the (legitimately concerning) reports that the suddenly incredibly popular videoconferencing software Zoom was not actually providing end-to-end encrypted video chats (despite its marketing claims), Blumenthal decided to step in and play the hero sending an angry letter to the company, while linking to the Intercept's original story about Zoom's misleading claims about encryption:

The letter highlights a number of recent claims that have been made about Zoom's security and privacy practices -- some of which are very significant (and a few that aren't as big a deal) -- including the end to end encryption claims:

Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?

And this is a legit question and I think it's good that a Senator is asking that. I just think that this particular Senator is the wrong messenger, given his active role in trying to make it impossible for companies like Zoom to offer end-to-end encryption in the first place, as Riana Pfefferkorn (the Associate Director Surveillance & Cybersecurity at Stanford's Center for Internet and Society) pointed out:

And it gets worse. As Pfefferkorn also points out, Blumenthal's claims to be so concerned about cybersecurity and privacy ring hollow when just last month he straight up claimed that you have no right to privacy online:

This was in a weak attempt to "respond to concerns" raised about the EARN IT Act. In one of the responses, concerning government mandates for scanning content and how that interacts with the 4th Amendment, Blumenthal, quoting Neil Gorsuch, claims that there's no reasonable expectation of privacy for any content you put online:

In the Ackerman opinion cited by tech companies as raising Fourth Amendment concerns, Gorsuch suggested that the third-party doctrine will protect evidence of CSAM found by a company that privately searched. When a company has terms and conditions that enable it to privately search, there is no Fourth Amendment violation because users lose their reasonable expectation of privacy. Gorsuch stated that “The [Supreme] Court has, after all, suggested that individuals lack any reasonable expectation of privacy and so forfeit any Fourth Amendment protections in materials they choose to share with third parties.

Of course, as Pfefferkorn further points out, Blumenthal's broken analysis of the Ackerman opinion leaves out some important information. But, still, Blumenthal seems to constantly be talking out of both sides of his mouth. He doesn't believe in an expectation of privacy for content posted online, but he also wants to slam a company for not keeping information private. He doesn't want companies to have end-to-end encryption, but he's angry at Zoom for not having end-to-end encryption.

And that's not the end of the problems with Blumenthal's approach here. While some of the privacy concerns he raises are legit, he lumps them in with ones that are not. For example, for reasons that make no sense at all, he seems to think the relatively new practice of Zoombombing -- in which (often racist trolls from the worst parts of the internet) find publicly linked Zoom events and pop in to be total assholes -- is on par with the other (often legit) security questions raised by Zoom's security practices. Right after his question about end-to-end encryption he asks:

What measures has Zoom put into place to detect and prevent Zoombombing -- intrusions and abuse targeting Zoom meetings? What are the policies governing such abusive behavior, what detection mechanisms are in place, how can users report abusive intrusions, and how quickly does Zoom respond to such incidents?

While there are plenty of questions about how companies can deal with such things, this is not an issue that is under the government's purview. Indeed, as annoying as Zoombombing is, and as quickly as I'm sure Zoom has been working on technology tools to allow meeting hosts to deal with the issue, most Zoombombing is still 1st Amendment protected speech, and a Senator has no business insisting that Zoom silence such activities. And yet, that seems to be exactly what he's focused on doing:

In that tweet he says: "I am calling on Zoom to take urgent & aggressive action to stop the racists, trolls, & peddlers of hate that are silencing & bullying communities." Yeah, the 1st Amendment (the one you swore to defend) might want to have a word with you about that, Senator. I'm all for Zoom coming up with tools for users of its service to help prevent such trollish behavior, but seriously, these kinds of stunts are not at all new on the internet and have been around for literally decades. That doesn't make the juvenile behavior any less annoying or problematic, but it's not the role of any government official to insist that a company censor people for protected speech, no matter how trollish.

Separately, of course, this ignores that Zoom had already put in place a detailed plan for how to stop Zoombombing over a week before Blumenthal sent the letter. The company still could do more, and it's worth noting that it has since released a detailed plan to deal with the newly raised security and privacy concerns, including a 90 day freeze on all feature development to have the engineering team focus on privacy and security issues. That didn't take Senator Blumenthal's grandstanding -- and, of course, if Blumenthal's EARN IT Act passes, that would make Zoom's job that much more difficult.

I know that Senator Blumenthal loves to grandstand over tech issues, but it might help if he understood the technology, the law, and the Constitution before making such a fool of himself. Unfortunately, for over a decade he's shown a decided lack of interest in doing any of those things, and I guess he has no intention of starting now.

Filed Under: earn it, encryption, fosta, free speech, privacy, richard blumenthal, section 230, security, trolls, zoombombing
Companies: zoom


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 2 Apr 2020 @ 8:59am

    Hmmph

    A politician making disingenuous, self-serving yet ideologically (his own) harming statements due to an extreme ignorance of the subject matter (or blindness caused by that ideology). Who woulda thought?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 9:48am

    If zoom did have real end to end encryption, its users might be able to avoid those who drop in uninvited.

    reply to this | link to this | view in chronology ]

    • icon
      Cdaragorn (profile), 2 Apr 2020 @ 9:34pm

      Re:

      They're talking about meetings that were intentionally made available to the public. Anyone who saw the link could join. You can't claim they weren't invited since the entire world was literally invited. End to end encryption has nothing to do with that and would not have prevented anything since the user had a legitimate link to the meeting.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 10:43am

    Surely the only questions worth asking here is how the hell did he get elected in the first place and are those who voted him in completely fucking stupid?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2020 @ 10:40am

      People who elected him stupid?

      Short answer to your question: Probably. At least perfectly willing to elect someone who misrepresented himself as a combat veteran of Vietnam.

      This isn't a 'swift boating' thing, where someone unquestionably served in combat but where there are arguments over how he performed. This is outright, blatant, inarguable lying; him saying he served in Vietnam during the Vietnam war. When in fact he never went further from Connecticut than Washington DC.

      To get more than a blurb about this, you'll have to do some digging. His Wikipedia page, for instance, has done some massive damage control/scrubbing, implying the usual 'misspoke' and he wasn't 'clear or precise'. But he was extremely clear that he fought as a Marine in Vietnam in combat . When he did no such thing.

      It boggles the mind when these cowards assume some reporter isn't going to actually do due diligence, and also assume actual combat veterans aren't going to be outraged about him stealing valor.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 11:13am

    Another example of those in government desperately trying to not only out-stupid each other, but even to out-stupid themselves.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 12:38pm

    If only they'd say this...

    Gov't: Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?

    Zoom response: "No, we were trying out some functionality where we installed a backdoor that would allow someone like law enforcement to be able to intercept communications, because ZOMG terrorists. Someone else unlawfully used it. Who'd have thunk it?"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 1:19pm

    Nice display of Cognitive dissonance I'd say.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 2:01pm

    How about this?

    Most senators and congresspeople have contact addresses.

    Richard Blumenthal may not respond to your entreaties, but there are 49 more senators, and ALL of the House that may read your email (or even mail!).

    We didn't succeed with SESTA-FOSTA, but we did with SOPA. We certainly won't succeed with the EARN-IT act unless people write in.

    So what are you doing, still reading my comment? Get busy!

    And even you foreign readers - "I may not be represented by you, but we ARE watching the US. Vote thoughtfully."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Apr 2020 @ 3:25pm

    Being a bombastic asshat worked for Andrew Cuomo to become Governer of NY, why not Richard Blumenthal to further his polical ambitions? Wondering - is he up for election this year??

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 2 Apr 2020 @ 6:21pm

    When pandering to fools, act foolish

    I shudder to think of how stupid those that elected him are, or how utterly disastrous the other choices have been if he was considered the better option.

    reply to this | link to this | view in chronology ]

    • icon
      BugMN (profile), 3 Apr 2020 @ 5:37am

      Re: When pandering to fools, act foolish

      Connecticut is heavily Democrat. Blumenthal was the Democrat incumbent and was the first politician in the state to get 1 million votes when he was reelected in 2016 even with a history of lying about having served in Vietnam.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2020 @ 12:08am

    There's a bad actor in the US supply chain that does in fact claim to interrupt all end to end encryption globally already.

    It seems credible that it is not actually possible with the current configuration of the internet.

    I know how to make a good algorithm for it but I don't think I could get around the network controls to implement it.

    reply to this | link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 3 Apr 2020 @ 9:53pm

      Re: not actually possible with the current configuration of the

      Yes, secure end-to-end encryption is possible. People do it every day.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Apr 2020 @ 8:59pm

    Hypocrisy in full display

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.