US attorney general William Barr says Americans should accept security risks of encryption backdoors

deBoetie · Feb 6, 2020

The NSPCC is - how shall I put this - closely linked to government.

mood · Feb 12, 2020

[paywalled]
As WhatsApp Tops 2 Billion Users, CEO Vows to Defend Encryption
February 12, 2020
https://www.wsj.com/articles/as-wha...ers-ceo-vows-to-defend-encryption-11581516000

WhatsApp has surpassed more than two billion active users, and its chief executive is vowing to defend its fully private form of messaging against mounting threats from governments around the world.

In announcing the milestone, WhatsApp CEO Will Cathcart said in an interview with The Wall Street Journal that the app’s global popularity underscores why the company needs to fight for its users’ ability to communicate through encrypted channels. Even though encryption has complicated Facebook Inc.’s ability to earn a return on... [...]
Click to expand...

TechCrunch: WhatsApp hits 2 billion users, up from 1.5 billion 2 years ago

Whatsapp blog entry: Two Billion Users -- Connecting the World Privately

We are excited to share that, as of today, WhatsApp supports more than two billion users around the world.

We know that the more we connect, the more we have to protect. As we conduct more of our lives online, protecting our conversations is more important than ever.
That is why every private message sent using WhatsApp is secured with end-to-end encryption by default.

Strong encryption is a necessity in modern life. We will not compromise on security because that would make people less safe. For even more protection, we work with top security experts, employ industry leading technology to stop misuse as well as provide controls and ways to report issues — without sacrificing privacy.
Click to expand...

mood · Feb 12, 2020

Congress, Not the Attorney General, Should Decide the Future of Encryption
February 12, 2020
https://www.lawfareblog.com/congress-not-attorney-general-should-decide-future-encryption

The debate over end-to-end encryption focuses on the substantive question: Should encryption be restricted to help law enforcement, or do the privacy and security benefits of this technology outweigh its costs? A draft copy of the EARN IT Act, which could deprive platforms that use end-to-end encryption of their immunity from civil suit under Section 230 of the Communications Decency Act for child exploitation materials posted by users, has a set off a new round of debate.

But the encryption debate frequently ignores the vital procedural question: Who should decide? The EARN IT Act puts that question front and center by giving the attorney general the ultimate say in setting the “best practices” that will give Section 230 immunity for child exploitation suits.

More fundamentally, the question of whether to permit ubiquitous encryption is the sort of high-level policy decision that is best handled not by the executive branch but by Congress, which best represents the public and its different constituencies and interests.
In the meantime, there’s plenty that Congress can do to help fight child exploitation without prematurely wading into the encryption fight.
Click to expand...

mirimir · Feb 12, 2020

Not even Congress arguably has the authority. It'd take an amendment to the Constitution.

mood · Feb 13, 2020

Does a New Draft Bill Exploit Exploited Children in Its Fight Against End-to-End Encryption?
February 12, 2020
https://www.venafi.com/blog/does-ne...children-its-fight-against-end-end-encryption

And the beat goes on. The drums of war against end-to-end encryption are once more heard, marking another chapter on this never-ending debate between law enforcement and tech providers.

According to a Bloomberg report, Senator Lindsey Graham has drafted a bill which aims at lifting off “interactive computer services” providers’ immunity to lawsuits for child sexual abuse material (CSAM) posted on their platforms.
The draft bill is dubbed as Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act.
Section 230, CALEA and Title 18
Section 230 of the Communications Decency Act of 1996 says, in essence, “that online platforms (“providers” of “interactive computer services”) mostly can’t be held liable for the things their users say and do on the platform.”
The Proposed Bill is an Underhanded Manipulation
The question that raises is obvious: if the legislative provisions force platforms such as Facebook or WhatsApp to report CSAM when they discover it, why is there a need to amend Section 230?
Click to expand...

Further, the proposed bill will not have any effect to the root of the problem—the CSAM traders. The tech companies might be tempted to comply with the “best practices” in fear of losing Section 230 immunity, but that threat will have no effect on the bad actors in the CSAM ecosystem: Dark web sites devoted to CSAM, which already don’t qualify for Section 230 immunity because they serve and host directly the illegal content on their sites.
It is apparent that the Graham bill will not do anything to stop CSAM from being in the web.
Click to expand...

mirimir · Feb 13, 2020

Sure, but that's obviously just a pretext for the panopticon.

mood · Feb 18, 2020

Area law enforcement says encryption creates barriers for digital investigations
February 18, 2020
https://www.news5cleveland.com/news...n-creates-barriers-for-digital-investigations

Law enforcement agencies around the country and here in Northeast Ohio face a new hurtle in the digital age: encryption. Technology companies have responded to hackers and cyber criminals with robust end-to-end encryption. But the encrypted platforms aren’t keeping just hackers out, but law enforcement as well.

“It’s a huge problem that continues to get worse every day,” said Justin Herdman, US Attorney Northern District of Ohio.
The enhanced security is leaving police in the dark, not being able to see encrypted messages and passwords, locking them out of devices.

“If we continue to move in the direction we are moving, we’re going to get to a place where we aren’t able to protect a 9-year-old girl from a child predator, and that’s not a place we want to be in,” added Smith.
Click to expand...

The CEO of the Consumer Technology Association just days ago wrote an op-ed piece. In it, he argued that creating a back door for law enforcement will also give hackers access.
“We don’t want a back door, we want a front door,” said Smith.
Click to expand...

IvoShoen · Feb 18, 2020

mirimir said: ↑

Sure, but that's obviously just a pretext for the panopticon.
Click to expand...

Orwell would be turning in his grave.

mood · Feb 21, 2020

↑ The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It January 30, 2020
↑ Draft law could put encryption at risk, report says January 31, 2020
↑ Does a New Draft Bill Exploit Exploited Children in Its Fight Against End-to-End Encryption? February 12, 2020
Click to expand...

U.S. Working on Legislation to Weaken End-to-End Encryption, Used by Apple and Others
February 21, 2020
https://wccftech.com/u-s-working-on...d-to-end-encryption-used-by-apple-and-others/

Lawmakers in the United States are working to introduce legislation that would force tech companies to weaken encryption on their platforms. The bill threatens to disallow end-to-end encryption, which is commonly used to keep user data private and secure from prying eyes.
The bipartisan group of lawmakers responsible for this bill aims to curb child sexual abuse material distribution on platforms like Facebook and Google. Reuters reports:

The bill, proposed by a bipartisan group of lawmakers, aims to fight the distribution of such material on online platforms like Facebook and Alphabet’s Google’s by making them liable for state prosecution and civil lawsuits. It does so by threatening a key immunity the companies have under federal law called Section 230.
It is important to note that Senator Lindsey Graham had criticized Apple in the past because they use end-to-end encryption. His warning to tech companies meant that they should create backdoors in their products to comply with court orders, otherwise they will be forced to do so.

[...] Senator Graham issued a warning to Facebook and Apple: “This time next year, if we haven’t found a way that you can live with, we will impose our will on you.”
Click to expand...

EARN IT Act is expected to be introduced over the coming weeks. We expect tech companies to put up a tough fight against this law. Electronic Frontier Foundation is already encouraging people to take action and contact their representatives to reject the proposal.
Click to expand...

Reuters: U.S. lawmakers to introduce bill that threatens encryption on tech platforms

mood · Feb 25, 2020

MI5 chief asks tech firms for 'exceptional access' to encrypted messages
February 25, 2020
https://www.theguardian.com/uk-news...-for-exceptional-access-to-encrypted-messages

MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

Parker called on the tech firms to “use the brilliant technologists you’ve got” to answer a question: “Can you provide end-to-end encryption but on an exceptional basis – exceptional basis – where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?”
Spy agencies and technology companies have been battling over how much access to provide to encrypted communications, because current technology means they are otherwise extremely difficult to crack.
Click to expand...

deBoetie · Feb 25, 2020

Perhaps if his agency - amongst others - had not conducted unlawful and disreputable mass surveillance (now enshrined in the Investigatory Powers Act so that it's all OK), the market demand for consumer strong E2E encryption wouldn't have been so strong.

Regardless, I thought their MO in these nominally "exceptional" cases is what they quaintly call "equipment interference" (hacking the phone, whatever). They already have the metadata.

Stefan Froberg · Feb 25, 2020

deBoetie said: ↑

Perhaps if his agency - amongst others - had not conducted unlawful and disreputable mass surveillance (now enshrined in the Investigatory Powers Act so that it's all OK), the market demand for consumer strong E2E encryption wouldn't have been so strong.

Regardless, I thought their MO in these nominally "exceptional" cases is what they quaintly call "equipment interference" (hacking the phone, whatever). They already have the metadata.
Click to expand...

Yea, USA has had strange fixation for the need to listening it's allies and non-allies communications since WII. And they gradually expanded it to include own citizens as well (with little loophole that if just one of the communication partners is foreigner or from outside USA it's totally ok to spy). George Orwell home country has been following it's Big brother footstep too. And so has land down under.

So like you said, they really asked for it.

MI5 chief is asking impossible.
By definition E2E is only between two parties and nobody else can decrypt/access it.
If someone makes access available then it's no longer E2E.

Stefan Froberg · Feb 25, 2020

The result, he says, is that cyberspace has become “a wild west, unregulated, inaccessible to authorities”, as he repeated calls that have been made by Britain’s spy agencies in recent years for special access to encrypted messages.
Click to expand...

It has always been wild wild west (or www for short ) and unregulated since day one.
It's only now that spooks can't read peoples stuff as easily as before that they are paying attention. So now they are in hurry to control it, regulate it, break it.

The way I see it, E2E is a must tool in nowadays. And like any other tool it can be used for bad (criminals) or
for good (in dictator countries that like to censorship things those in power don't like or even in so called "democratic"
countries where whistleblowers would be in serious danger)

deBoetie · Feb 26, 2020

Stefan Froberg said: ↑

MI5 chief is asking impossible.
Click to expand...

I think this is a deliberate tactic, in part for CYA, in part because it makes the other unacceptable behaviors seem bearable.

The reality is that E2E is an annoyance rather than fundamental to them: 95% of the value is in the metadata and network analysis which they still have, plus location data from the phone which they also have. And, in most cases, they will also be able to hack the clients while they're still running. It's only in the uncommon cases where that isn't possible that it's harder to unlock, and often they'll be able to recover info from associates.

As Schneier says, it's just that the golden age is slightly less golden - it's still a cornucopia for them.

mood · Feb 26, 2020

DOJ Plans to Strike Against Encryption While the Techlash Iron Is Hot
February 25, 2020
https://cyberlaw.stanford.edu/blog/...ke-against-encryption-while-techlash-iron-hot

There’s a story in today’s Washington Post “Cybersecurity 202” newsletter that confirms that the Department of Justice is capitalizing on the techlash in order to build up congressional support for the DOJ’s long-desired goal of legislation that will restrict your freedom to encrypt your data and communications.

The Post reports that, according to assistant attorney general for national security John Demers, the DOJ has given up hope that tech companies will “voluntarily” backdoor their own encryption, as the agency had been pressing them to do since around 2016. Instead, the DOJ is now “focusing on getting legislation that forces companies to cooperate – and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States.”
Click to expand...

Exploiting the techlash is a strategy I’ve been calling law enforcement out for since October 2017. It’s incredibly frustrating for me to see that this obvious ploy is working so well. AAG Demers admitted that the DOJ thinks it can persuade congressmembers to be angry at tech companies over encryption because they’re already mad at those companies for violating users’ privacy.
But this, let’s call it, transitive rage contradicts itself. Why? Because encryption protects user privacy.
Click to expand...

mood · Mar 2, 2020

mood said: ↑

MI5 chief asks tech firms for 'exceptional access' to encrypted messages
February 25, 2020
https://www.theguardian.com/uk-news...-for-exceptional-access-to-encrypted-messages
Click to expand...

MI5 Still Thinks Encryption Backdoors are an Excellent Idea That Couldn't Possibly Go Wrong
March 2, 2020
https://www.gizmodo.co.uk/2020/03/mi5-encryption-backdoors/

Sir Andrew Parker, head of MI5, is asking tech companies to give spy agencies "exceptional access" (meaning in exceptions, not exceptionally detailed – although we wouldn't be surprised) to encrypted messages, especially on Facebook (and presumably Facebook-owned WhatsApp) which is introducing end-to-end encryption.
Parker's comments were made in an ITV interview that'll be broadcast this Thursday.

As ever, the excuse is that MI5 and other spy agencies can't see what terrorists are saying to one another, but as we all know, this kind of argument is always used to try and scare us into giving up the tiny sliver of privacy we have left.
Essentially, Parker is saying "hey locksmiths, can you provide locks that are totally secure on everyone's doors and windows, but also open with a master key? BUT STILL SECURE!"

Even if we do give up the last bit of privacy we had and allow spies into our chats, we won't be safe, Parker admits.
Click to expand...

mood · Mar 5, 2020

EARN IT Act Not Earning Much Support Yet
March 5, 2020
https://duo.com/decipher/earn-it-act-not-earning-much-support-yet

The highly controversial EARN IT Act, which would present serious challenges to the operators of end-to-end encrypted services, was on track for introduction in the Senate this week but has not yet hit the floor amid opposition from technology companies and privacy advocates.

Though the bill does not even mention the word encryption, it could make it difficult, if not impossible, for providers to operate encrypted services such as chat or messaging. If those services are encrypted from end to end,

“It’s possible that law enforcement may try to amend this bill in a way that sidesteps the damage they’re doing to encryption and privacy. It could be as straightforward as putting a clause in the bill explicitly saying the bill doesn’t apply to encryption,” Joe Mullin, a policy analyst at the Electronic Frontier Foundation, wrote in an analysis of the bill.
Click to expand...

EFF: The Graham-Blumenthal Bill: A New Path for DOJ to Finally Break Encryption

Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet.
Click to expand...

mood · Mar 5, 2020

Does This Bill Fight Online Child Exploitation or Kill Encryption? Depends on Who You Ask
March 5, 2020
https://uk.pcmag.com/security-5/125...ion-or-kill-encryption-depends-on-who-you-ask

A new bill intended to fight online child exploitation has garnered bipartisan support in Congress, but the tech industry fears it will end up undermining encryption.

The EARN IT Act proposes overhauling an important legal protection all US internet companies use to shield themselves from lawsuits: Section 230 of the Communications Decency Act.

“The drafters of this bill obviously want to address some real harms, yet their solutions could radically change the way we communicate online,” said Free Press Senior Policy Counsel Gaurav Laroia in a statement. “The legislation sets up the US government as the arbiter of all communications and conversations that happen on the internet — a terrible idea in any instance.”
The Software Alliance, meanwhile, said it shares Congress's goal of stamping out online child exploitation, but wants to do so without undermining the security benefits of end-to-end encryption.
Click to expand...

longshots · Mar 6, 2020

I've long been of the opinion that the TLA's quest for ubiquitous surveillance -- in all its forms from telephone snooping to the quest for encryption backdoors - has far more to do with an institutional sense of entitlement than any security need.

The American intelligence services view gathering, and hoarding, strategically questionable levels of intelligence as an objective unto itself rather than something to be done in support of security objectives. Like a bunch of children playing spy vs. spy, the security apparatus is far more interested in gloating over having secret knowledge than using its legal privileges and technological capabilities to protect people.

The long list of national security failures where ample information was available regarding threats but nothing was done to stop them reflects this.

I'll also echo what many others have said about repression campaigns in South and Central America: the CIA didn't need backdoored encryption to know about what was going on. The CIA already knew what was going on because they were the ones encouraging, directing, and often funding, attacks by right-wing governments against their citizens.

mood · Mar 14, 2020

New Warning Issued For All WhatsApp And iMessage Users: ‘Major Threat’ To Encryption
March 14, 2020
https://www.forbes.com/sites/zakdof...nd-imessage-users-major-threat-to-encryption/

Describing this as “a major threat... an attack on online speech and security,” EFF warns “imagine an internet where the law requires every message sent to be read by government-approved scanning software. The privacy and security of all users will suffer if U.S. law enforcement achieves its dream of breaking encryption.”

This is an argument that has polarized between security advocates and lawmakers.
The former argue that any compromise in end-to-end encryption, say government-mandated backdoors, will be exploited by the bad guys, to say nothing of having to decide which governments do and do not get access. The latter have said that this insistence hampers investigations—the industry, they say, needs to change.

As Sophos complained, “[...] a bill tiptoeing through the U.S. Congress that could inflict the backdoor virus that law enforcement agencies have been trying to inflict on encryption for years.”
“If the bill passes,” Sophos warns, “the choice for tech companies comes down to either weakening their own encryption and endangering the privacy and security of all their users, or foregoing protections and potentially facing liability in a wave of lawsuits.”
Click to expand...

A year ago, Facebook’s Mark Zuckerberg predicted “the future of communication will shift to private, encrypted services where people can be confident what they say to each other stays secure.” A lot has happened since then.
Click to expand...

EFF: The EARN IT Bill Is the Government’s Plan to Scan Every Message Online

Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn’t be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate.
Click to expand...

lucd · Apr 5, 2020

using these methods to prosecute criminals could be helpful and save some lives but it is dangerous too because some people believe only the authorities would have access to it which is not always the case, unfortunately hardware backdoors are everywhere to perform diagnostics and they often fall pray to bad actors which is the same with software backdoors, these are difficult to stop, if there is a mechanism, it will be found and exploited, some people will suffer, it's always like that

it seems there is no solution to this problem, by solving one immediate problem authorities create another 10 for themselves, its not a war anybody can win

mood · Apr 8, 2020

Messaging App Signal Threatens to Dump US Market if Anti-Encryption Bill Passes
April 8, 2020
https://uk.pcmag.com/security-5/125...dump-us-market-if-anti-encryption-bill-passes

Signal is warning that an anti-encryption bill circulating in Congress could force the private messaging app to pull out of the US market.

[...] on Wednesday, the nonprofit behind the app published a blog post, raising the alarm around the EARN IT Act. “At a time when more people than ever are benefiting from these (encryption) protections, the EARN IT bill proposed by the Senate Judiciary Committee threatens to put them at risk,” Signal developer Joshua Lund wrote in the post.
If the companies fail to do so, they risk losing legal immunity under Section 230 of the Communications Decency Act, which can shield them from lawsuits concerning objectionable or illegal content posted on their websites or apps.

However, Signal says the efforts to undermine end-to-end encryption risk doing more harm to innocent users than actual criminals, who will simply choose other ways to mask their activities online.
“Meanwhile, criminals would just continue to use widely available (but less convenient) software to jump through hoops and keep having encrypted conversations.”
Click to expand...

Signal: 230, or not 230? That is the EARN IT question.

Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States. Tech companies and organizations may be forced to relocate, and new startups may choose to begin in other countries instead.

Proponents of this bill are quick to claim that end-to-end encryption isn’t the target.
Click to expand...

mood · May 24, 2020

Going dark: encryption and law enforcement
May 22, 2020
https://blog.malwarebytes.com/security-world/2020/05/going-dark-encryption-and-law-enforcement/

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we’ve decided to republish the following blog outlining our stance on the subject.
Click to expand...

mood · May 26, 2020

Facebook shareholders try to block encryption plan
May 26, 2020
https://www.bbc.co.uk/news/technology-52779897

The firm says it wants to make the measure the default option across its messaging platforms to protect privacy.

But activist shareholders say this would make it nearly impossible to detect child exploitation on Facebook.
The group wants the company to delay the move until after its board of directors studies the risk further.

"As shareholders, we know that privacy is important to a social media company, but it should not come at the expense of unleashing a whole new torrent of virtually undetectable child sexual abuse on Facebook," said Michael Passoff, founder of Proxy Impact, a shareholder advocacy service supporting the measure.
Click to expand...

Reputational risk to Facebook
Some investors supporting the measure claim this could prove damaging to the company.
"The position of Facebook as the world's number one hub for online child sexual abuse material is not the marketing strategy you want to have for long-term success."

However, Mr Zuckerberg has previously addressed the issue directly.
"When we were deciding whether to go to end-to-end encryption across the different apps, this was one of the things that just weighed the most heavily on me," he said in October.
Click to expand...

mood · Jun 8, 2020

Nearly 500,000 say Congress shouldn’t ‘kill encryption’ with the EARN IT Act
A lot of people are calling on lawmakers to kill the bill
June 8, 2020
https://www.dailydot.com/debug/earn-it-act-petition/

A petition calling on members of Congress to reject the controversial EARN IT Act because it could “kill encryption” has garnered nearly 500,000 signatures.

The bill, which was unveiled by a bipartisan group of senators in early March, would force websites to adhere to a set of “best practices” for removing child exploitation content or risk having Section 230 of the Communications Decency Act immunity be taken away.
Given the department’s long-standing desire to create back doors into encryption, advocates have argued it’s not a stretch to think—and perhaps is likely—such a back door would be added as a “best practice.”

Not all lawmakers have expressed support for the EARN IT Act, with Sen. Ron Wyden (D-Ore.) calling it a “Trojan horse” that would “give Attorney General [William] Barr and Donald Trump the power to control online speech and require government access to every aspect of Americans’ lives.”
Click to expand...

It appears that many other people feel the same way.
A petition from internet rights group Fight for the Future has collected around 480,000 signatures as of Monday morning. The petition asks for members of Congress to “reject the dangerous EARN IT Act.”

Evan Greer, the deputy director of Fight for the Future, told the Daily Dot the petition went viral over the past week as “people are more aware than ever that encryption is an essential tool to keep people safe from police and government surveillance.”

“Lawmakers need to stop using Section 230 of the Communications Decency Act as a political football. It’s dangerous and just plain silly. We can and should take steps to make the internet safer for everyone. The EARN IT act does the opposite of that.”
Click to expand...

Log in or Sign up

US attorney general William Barr says Americans should accept security risks of encryption backdoors

deBoetie Registered Member

mood Updates Team

mood Updates Team

mirimir Registered Member

mood Updates Team

mirimir Registered Member

mood Updates Team

IvoShoen Registered Member

mood Updates Team

mood Updates Team

deBoetie Registered Member

Stefan Froberg Registered Member

Stefan Froberg Registered Member

deBoetie Registered Member

mood Updates Team

mood Updates Team

mood Updates Team

mood Updates Team

longshots Registered Member

mood Updates Team

lucd Registered Member

mood Updates Team

mood Updates Team

mood Updates Team

mood Updates Team

Log in or Sign up

US attorney general William Barr says Americans should accept security risks of encryption backdoors

deBoetie Registered Member

mood Updates Team

mood Updates Team

mirimir Registered Member

mood Updates Team

mirimir Registered Member

mood Updates Team

IvoShoen Registered Member

mood Updates Team

mood Updates Team

deBoetie Registered Member

Stefan Froberg Registered Member

Stefan Froberg Registered Member

deBoetie Registered Member

mood Updates Team

mood Updates Team

mood Updates Team

mood Updates Team

longshots Registered Member

mood Updates Team

lucd Registered Member

mood Updates Team

mood Updates Team

mood Updates Team

mood Updates Team

Useful Searches