Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Encryption United States

Senate Bill Crafted With DEA Targets End-to-End Encryption, Requires Online Companies To Report Drug Activity (therecord.media) 144

Posted by msmash from the growing-concern dept.
A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) advanced to the Senate floor Thursday, alarming privacy advocates who say the legislation turns the companies into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption. From a report: The bipartisan Cooper Davis Act -- named for a Kansas teenager who died after unknowingly taking a fentanyl-laced pill he bought on Snapchat -- requires social media companies and other web communication providers to give the DEA users' names and other information when the companies have "actual knowledge" that illicit drugs are being distributed on their platforms.

Many privacy advocates caution that, if passed in its current form, the bill could be a death blow to end-to-end encryption services because it includes particularly controversial language holding companies accountable for conduct they don't report if they "deliberately blind" themselves to the violations. Officials from the DEA have spent several months honing the bill with key senators, Judiciary Committee Chairman Dick Durbin (D-IL) said Thursday. Providers of encrypted services would face a difficult choice should the bill pass, said Greg Nojeim, Senior Counsel & Director of Security and Surveillance Project at the Center for Democracy and Technology. "They could maintain end-to-end encryption and risk liability that they had willfully blinded themselves to illegal content on their service and face the music later," Nojeim said. "Or they could opt to remove end-to-end encryption and subject all of their users who used to be protected by one of the best cybersecurity tools available to new threats and new privacy violations."
This discussion has been archived. No new comments can be posted.

Senate Bill Crafted With DEA Targets End-to-End Encryption, Requires Online Companies To Report Drug Activity More

Senate Bill Crafted With DEA Targets End-to-End Encryption, Requires Online Companies To Report Drug Activity

Comments Filter:

  • children, drugs, terrorism, crime, "gun crime" (Score:5, Insightful)

    by Iamthecheese ( 1264298 ) on Monday July 17, 2023 @02:46PM (#63693956)
    Our overlords will seek excuse after excuse to destroy liberty. Don't let them. Stop voting for your political party NOW.

    • Re: (Score:3, Insightful)

      by Archangel Michael ( 180766 )

      This.

      Liberty is messy, sometimes ugly, but the only real option. Our Governance no longer supports Liberty as prime purpose, but rather to "protect" the people from each other. This creates conflict which leads to curtailing of liberties in the name of security. Insert Ben Franklin Quote here

      • Re:children, drugs, terrorism, crime, "gun crime" (Score:5, Insightful)

        by grmoc ( 57943 ) on Monday July 17, 2023 @03:49PM (#63694204)

        The idea that these are opposites is, I believe, incorrect.

        Anarchy is the ultimate "liberty"-- theoretically anyone can do anything, but practically, it sucks.

        In reality you'd end up with less overall freedom/liberty, because you'd have to spend most of your time ensuring you don't die, your stuff isn't stolen, etc. As a result, you can't support nearly as much specialization (farmers can't just be farmers, they have to be farmers AND warriors to protect themselves), which means everything is less efficient/productive, and you end up with a lower quality of life, more death/starvation, and worse stuff overall.

        The truth is that practical freedom/liberty comes from providing sufficient stability that specialization can happen, that not everyone has to be a warrior, and that you and the things in which you've invested time/effort are reasonable secure from being take from you.

        If freedom is measured as being able to do things that you want a maximal %age of the time, then, by that metric, we must give up /some/ freedoms in order to get time with which to do the other things you'd want.

        If anarchy is one end of the spectrum, then authoritarianism is one of those things at the other end. Authoritarianism also reduces your ability to do what you want a maximal %age of the time.

        The "best" area is in the middle between these.

        • You made a decent point, but you really lost me the moment that I imagined EZEKIEL: WARRIOR FARMER.
          Someone call Hollywood, we have a pitch for the next summer blockbuster.

          • Re: (Score:2)

            by grmoc ( 57943 )

            I agree that the warrior-farmer is laughable (outside of fantasy novels, where they're fun!), because in the real world those folks would be out-competed by people who actually worked together and established some rules that were closer to the middle of that spectrum (or even the authoritarians, who will out-compete the anarchists, but still likely lose out to the middle of the spectrum governmental styles)!

        • Authoritarianism also reduces your ability to do what you want a maximal %age of the time.

          This needs to be said: Your statement is only true for those not in a position of authority within the Authoritarian state. Those in authority get to do whatever they want, whenever they want (within limits set by Reality).

        • Think of liberty not as an absolute, but a sliding scale between anarchy and totalitarianism (phew!). What we are arguing about is where the slider should be located, obviously not too near either end.

      • Re: (Score:2)

        by jythie ( 914043 )
        No longer? Our government was always anti-liberty. The only difference is that people who are accustomed to being on the 'protected' side are finding themselves joining the 'constrained' and are upset THEY are being treated like THEM.

    • Re:children, drugs, terrorism, crime, "gun crime" (Score:4, Insightful)

      by NoWayNoShapeNoForm ( 7060585 ) on Monday July 17, 2023 @03:15PM (#63694066)

      Our overlords will seek excuse after excuse to destroy liberty. Don't let them. Stop voting for your political party NOW.

      Politicians are leveraging the "Think of the children" line to tug at our hearts and take away our freedoms.

      Just a way of saying "When you got'em by the heartstrings their balls and minds will follow."

      • The solution to the drug problem is to take the profit out of it, not to give the DEA more power.

    • Re:children, drugs, terrorism, crime, "gun crime" (Score:4, Insightful)

      by GlennC ( 96879 ) on Monday July 17, 2023 @03:35PM (#63694138)

      Stop voting for your political party NOW.

      Nice sentiment, but unfortunately there is only ONE party. It has two divisions, "Team Blue" and "Team Red" and there are no other choices.

    • Re: (Score:3)

      by Ocker3 ( 1232550 )
      Not voting doesn't tell the parties Why you didn't vote, any message you are trying to send gets lost in the void. Also not voting Against the currently elected person or likely winner means they essentially get half of your vote.

      Instead vote for the candidate most like what you want, and then go backwards. Or submit a blank ballot but make sure you email each candidate a nicely worded letter (so they can't justify ignoring it because of profanity) explaining why they didn't earn your vote. Without some

  • Ehh one more criminal (Score:3)

    by r_naked ( 150044 ) on Monday July 17, 2023 @02:48PM (#63693960) Homepage

    Pass that shit and I will happily tell them to fuck off. So many bills coming up recently that are hills that I *WILL* die on.

    They can piss the fuck off.

    • Re: (Score:3)

      by Ocker3 ( 1232550 )
      Considering they're willing to enforce those laws with fines and jail time, what's your recourse at that time? Are you supporting the ACLU? Voting against members of that party?

  • Does a restaurant willfully blind itself... (Score:5, Interesting)

    by jddj ( 1085169 ) on Monday July 17, 2023 @02:56PM (#63693994) Journal

    Due to not looking for, or reporting on prostitution or securities fraud going on inside?

  • moderated content (Score:4, Interesting)

    by algaeman ( 600564 ) on Monday July 17, 2023 @02:57PM (#63693996)
    My understanding was the act only applied to moderated content. Have the "bipartisan" authors changed it since it passed out of committee?

    • Re: (Score:2)

      by dstwins ( 167742 )
      No.. actually the way its written.. any communication that passes through the hands of these companies that has a "at rest" model attached (which is almost every form of "store and forward" communication would be required to implement a scheme that allows them to "decrypt/inspect" or simply either not encrypt at all or not allow such content on their platforms..

      That is the concern with E2E as far as they are concerned, because they can't see what's going on.

      Me personally, if you die because of drugs (illega

  • As long as all DEA communication is reported. (Score:3, Interesting)

    by AutoTrix ( 8918325 ) on Monday July 17, 2023 @02:58PM (#63694000)
    All DEA communication is drug related by definition. So these should be reported to their authority which is the public they serve.

  • I thought that attacking encryption was to catch paedophiles ? No matter, it will be terrorists next week.

  • We should have a department, like OFAC, except for social media in the "Homeland." Go back to sleep sheeple!

  • In the old days ... (Score:3)

    by ardmhacha ( 192482 ) on Monday July 17, 2023 @03:05PM (#63694028)

    Did the postal service or phone company get held liable if mail or phone calls were used to plan or commit a crime?

    • Re: (Score:3)

      by Pembers ( 250842 )

      Did the postal service or phone company get held liable if mail or phone calls were used to plan or commit a crime?

      No, but those don't (or didn't) have end-to-end encryption built in, so if the authorities decided that you were using them to plan or commit a crime, it was relatively easy for them to find out what you were writing or saying.

      • This bill seems to require the post office or phone company to actively break any encryption scheme you might use. They can't turn a blind eye to your use of encryption. If they know you are using encryption, they must attempt to decipher the communication so that they can report it.

        • Re: (Score:2)

          by Pembers ( 250842 )

          "End-to-end encryption" normally implies that the service provides encryption for its users' messages, but doesn't keep any of the keys on any servers that it controls. Keys are held only on users' devices, and encryption and decryption happens there. So if law enforcement want to read a user's messages, they either have to seize the user's device (and defeat its security), or find a flaw in the implementation of the encryption, or brute-force the encryption.

          That's the sort of encryption that this bill is a

          • "normally applies" isn't something that I would like Congress or some Federal agency to decide. It needs to be explicit.

    • Re: (Score:2)

      by jythie ( 914043 )
      The post and telecoms have lobbying power that tech companies can only dream of. It is sometimes rather comical how bad all these new companies are at politics.

  • Blatant violation of free speech rights (Score:5, Insightful)

    by mysidia ( 191772 ) on Monday July 17, 2023 @03:06PM (#63694032)

    A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms

    Whoever floated the bill should be ashamed of themselves.

    You know.. We have a constitution in the US, and one of the most important rights is the Freedom of Speech? It is JUST a vital a fundamental right and essential liberty that the government Cannot punish you for not saying something as it is that they can't punish you for saying something.

    You cannot have a law requiring mandating that someone report something to the government - You especially can't require that someone report their friend or neighbor's "Violative speech" -- that's a violation of the peoples' constitutional rights. It is Also the method of tyrannical governments to do so (Enlist the people to report thoughtcrime neighbors, etc reveal themself as having)

    • I wonder if the tech companies could sue the government for punishing them when they say n272lGr3VWkJgG6G9lM68eRgsoTPeh9tV8GvAnGGK== to my mate Steve. I suspect the answer is yes.

    • Re: (Score:2)

      by jythie ( 914043 )
      I am not sure this really crosses 'free speech' lines though. It doesn't make any speech illegal, only the ability to hide what you are saying.

      • Re: (Score:2)

        by sconeu ( 64226 )

        What if my buddy and I create a made up language, and use it. That's giving us "the ability to hide what you are saying".

        Should THAT be illegal?

        • I was just thinking this same thing.

          Machine translation is getting pretty good. So there's no reason you can't translate a message into Spanish, send it to your friend, and have them translate it into English. But where does the government draw the line? German? Welsh? Navajo? Klingon? Egyptian hieroglyphics? A custom language? How about a custom language using numbers and letters and symbols which require a one-time-pad to read?

          "You can talk to your friend on the internet, but you can't use Welsh because w

          • "You can talk to your friend on the internet, but you can't use Welsh because we can't understand it and you might be talking about drugs." is fucking ridiculous.

            It's ridiculous. It was also the policy of one well-known American company. In the Xbox 360 era, Microsoft's policy for Xbox Live Indie Games required all in-game text to be in one of a half dozen supported languages, and text in a language in which fewer reviewers were fluent could delay a game's approval.

            • Re: (Score:2)

              by sconeu ( 64226 )

              The difference here is that Microsoft is a private entity, and thus may create whatever rules it wishes for the use of its "property".

              The US Government, however, is constrained by the Constitution -- in this case, the First Amendment -- and may not impose such restrictions.

  • There is no "War on Drugs" (Score:5, Insightful)

    by L. J. Beauregard ( 111334 ) on Monday July 17, 2023 @03:11PM (#63694050)

    There is only a War on Civil Liberties.

    • Re: (Score:2)

      by jythie ( 914043 )
      The whole police system in the US was designed to counter civil liberties. The war on drugs is just a particularly lucrative aspect.
  • Their legislation just means people will use software for that instead of a service. Attempts to crack down on all encrypted messages will just fail, both legislatively and practically, like it always has. So, the legislation proposed will make voters unhappy but not provide benefit.

  • End-to-end encryption (Score:5, Informative)

    by Arnonyrnous Covvard ( 7286638 ) on Monday July 17, 2023 @03:42PM (#63694172)
    > dig @8.8.8.8 +short slashdot.org

    104.18.29.86
    104.18.28.86

    > whois 104.18.29.86

    CIDR: 104.16.0.0/12
    NetName: CLOUDFLARENET

    The man in the middle is already reading everything.

  • With a chainsaw. That is all.

    • Before I start. I have never used any illegal drug. I rarely even drink. Can't recall the last time I drank enough to be "Drunk"

      Now. Why does the government have any say in what I choose to put in my body? They make it a crime to do so if they don't approve of a particular chemical. We should take the money out of enforcement, then move it to education, and recovery. I am not saying a free for all either. You can still prevent drugs you don't like from being imported or produced. If someone wants to risk

      • I'm okay if you want to put paint thinner in your system, just sign a release stating you do not wish to receive any social or medical services in the future and you're forfeiting any money paid into the social welfare system.

        • I'm okay if you want to put paint thinner in your system, just sign a release stating you do not wish to receive any social or medical services in the future and you're forfeiting any money paid into the social welfare system.

          They should not have to pay for services they are not eligible to receive. What are you a communist?

      • Why does the government have any say in what I choose to put in my body?

        The right is all about telling you what you can do with your body. Drugs, prostitution, medically assisted dying, pornography, abortion, gender treatments, etc.

        I assume because they truly believe your body should only be controlled by God, and he obviously desperately needs their help. LOL.

  • Why won't someone think of the CHILDREN??

  • Here's a better idea (Score:5, Insightful)

    by MpVpRb ( 1423381 ) on Monday July 17, 2023 @04:21PM (#63694322)

    Abolish the DEA, end the drug war
    Create a new agency that uses evidence-based strategies to reduce drug abuse
    Treat it as a health problem, not a crime

    • Yes. This. With a chainsaw.

    • I was just thinking the other day, how the world has changed when it comes to Marijuana. My state was first to legalize it in 2013, because suddenly if people paid a "tax", that was enough to elevate it from a life ruining addictive drug into something society is okay with. Over the last 10 years of legal Marijuana, the money was great in the beginning but now it's starting to evaporate as more states have legalized, causing local headlines to read "Weed Recession is here". I think people are starting to re

  • The idiots don't use encryption.

  • Watch as every industry which involves communicating loads of sensitive information among companies all of a sudden quits the US after this bill passes.

    In Europe all those nice, sweet, juicy money bringing tech companies could have access to companies like ASML, Siemens, and Philips really nearby. We most certainly wouldn't mind some of them coming here.

    We'd even help those skilled American tech workers emigrate, provided they leave their guns at home.

  • It's only "money laundering" if you're not on the S&P 500 (literally the law)

  • Decouple clients from services (Score:4, Interesting)

    by Sloppy ( 14984 ) on Monday July 17, 2023 @06:48PM (#63694768) Homepage Journal

    I hate this, and love it, at the same time.

    The reason these companies are sitting ducks for this type of abuse, is that they run services but also insist that their users use a particular proprietary client. If you were to RE their services and make a compatible client, they would freak out and sue you, because your client doesn't show their ads to the user (and wouldn't reliably count those impressions if it did). So fuck 'em.

    But if you don't unnaturally tie the service and the endpoint software together, then you can have a resilient system which is able resist government interference (or at least the boundaries of legal US government interference, until we get around to repealing the 1st Amendment).

    Let service providers pass around the ciphertext you give them. This is how PGP and email worked. Yes, it has problems. Laypeople couldn't figure out PGP (and it seems the market has decided that laypeople simply can't figure out key exchange in general), and having the envelope in plaintext means you have to avoid the dreaded "Subject: Your cocaine has shipped" header. But the basic idea is great, in that the service providers really are innocent and have no practical way to stop criminal uses, so it's hard to pretend they're responsible. Holding a generic email provider responsible for what is said in an encrypted email is as silly as holding a road construction crew responsible for a bank heist getaway.

    But tie the two together, and the client author can put in whatever weaknesses the government wants, knowing they have a captive audience who has no choice but to either use a deliberately-insecure client, or don't use the service at all.

    So in the name of increased privacy for everyone, I'm fine with a "death blow to end-to-end encryption services", because the very idea of an end-to-end encryption service is ridiculous. Run encryption outside of the service. The service doesn't need to know anything about how the user generated the message body.

    • This would immediately make people who use PGP a target of increased government interest.

  • If the comms are end to end encrypted, the company has no knowledge of the content, so it cannot inform anything.

  • Funny how the Republicans and Democrats can't agree on much of anything - except when it gives more power to the government. (this bill is sponsored by two Republicans and three Democrats)

  • This is just another angle on nosy politicians wanting a 'backdoor' into encryption, which as we all well know would equate to NO encryption at all. They're just shifting the responsibility to tech companies. But the bottom line is a bill like this being passed into law would mean the end of any meaningful encryption, as the tech companies -- and by extenstion, the government -- would have their 'backdoor' into everyones' communications. From there it's just a half-step away for hackers to get their hands o

  • These tyrants have no shame.

  • I went back to the states last summer on a family vacation and EVERYWWHERE I looked there were pot shops. In the states where THC was illegal, they were selling CBJ (is that what its called).

    I met UPS drivers who had side hustles selling vapes and edibles and he straight out told me that he hasn't gone more than 30 minutes of waking hours without vaping THC in a long time. He's vaping constantly while delivering packages.

    I drove past vape shops near schools and day care centers. I went to a grocery store in

  • Now I know this is short of what e.g. Signal provides. But as a thought experiment, suppose we have a shared key-value store somewhere. Any LAMP stack anywhere will do. There is some cookie based authentication
    to allow users to read/write. Then (this is a quick and dirty sketch, to needs a little work)

    1. To create a room, you have a shared passphrase $S with someone else.
    2. You hash("key.$S") to get a row key $K, and hash("enc.$S") to get an encryption key $E..
    3. You encrypt your message with $E to get $M, and store

Slashdot Top Deals

Truly simple systems... require infinite testing. -- Norman Augustine

Close