A New Bill Could Punish Web Platforms For Using End-To-End Encryption (theverge.com) 93
Lindsey Graham (R-SC) is working on a bill that would reduce legal protections for apps and websites, potentially jeopardizing online encryption. The Verge reports: The draft bill would form a "National Commission on Online Child Exploitation Prevention" to establish rules for finding and removing child exploitation content. If companies don't follow these rules, they could lose some protection under Section 230 of the Communications Decency Act, which largely shields companies from liability over users' posts. Reports from Bloomberg and The Information say that Sen. Lindsey Graham (R-SC) is behind the bill, currently dubbed the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act. It would amend Section 230 to make companies liable for state prosecution and civil lawsuits over child abuse and exploitation-related material, unless they follow the committee's best practices. They wouldn't lose Section 230 protections for other content like defamation and threats.
The bill doesn't lay out specific rules. But the committee -- which would be chaired by the Attorney General -- is likely to limit how companies encrypt users' data. Large web companies have moved toward end-to-end encryption (which keeps data encrypted for anyone outside a conversation, including the companies themselves) in recent years. Facebook has added end-to-end encryption to apps like Messenger and Whatsapp, for example, and it's reportedly pushing it for other services as well. U.S. Attorney General William Barr has condemned the move, saying it would prevent law enforcement from finding criminals, but Facebook isn't required to comply. Under the EARN IT Act, though, a committee could require Facebook and other companies to add a backdoor for law enforcement.
The bill doesn't lay out specific rules. But the committee -- which would be chaired by the Attorney General -- is likely to limit how companies encrypt users' data. Large web companies have moved toward end-to-end encryption (which keeps data encrypted for anyone outside a conversation, including the companies themselves) in recent years. Facebook has added end-to-end encryption to apps like Messenger and Whatsapp, for example, and it's reportedly pushing it for other services as well. U.S. Attorney General William Barr has condemned the move, saying it would prevent law enforcement from finding criminals, but Facebook isn't required to comply. Under the EARN IT Act, though, a committee could require Facebook and other companies to add a backdoor for law enforcement.
End-to-end encryption ... (Score:5, Insightful)
Re: (Score:2, Informative)
Exactly. This guy gets it.
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
The entire Republican Party should do the right thing for the country and retire and maybe put someone in place with functioning brain cells and ethics.
FTFY.
Re: (Score:2)
Who knows? They are closed source. They could literally be doing anything.
Re: (Score:2)
The thing is, a P2P messaging protocol would be wildly popular if everybody could agree on the standard.
Re: (Score:2)
The thing is, a P2P messaging protocol would be wildly popular if everybody could agree on the standard.
The thing is, that's simply not true. IRC with DCC chat is 30 [wikipedia.org] years old, there's probably older examples. Email, usenet groups, homepages, blogs etc. were decentralized now it's centered around a few large services like Facebook, Twitter, Instagram and such where the client and the protocol and the provider is one and the same. I won't go into long deliberations about why but the average user has never put much value on decentralization. Particularly the absence of any centralized authority to keep bots, sp
Re: (Score:2)
IRC with DCC still required cooperative server networks to facilitate client initial introductions, only then were services P2P.
But outside of TOR all HTML services are centralized [ aside form caching services], what are you talking about.
Also if IRCD were really decentralized why'd we have to run eggdrop to maintain channel control over server splits.
I think my idea of decentralization might differ than yours.
Re: (Score:2)
The thing is, a P2P messaging protocol would be wildly popular if everybody could agree on the standard.
Which brings up the question: "What keeps you from sending already-encrypted text over even a back-doored system?"
Parnas just said Graham was in the loop too (Score:2)
You can see why Graham would want end to end encrytption. No more records to subpoena..
Re: (Score:1)
I knew you were a moron; you've managed to get the opposite of the facts, despite the summary being in the first sentence.
Congrats.
Re: (Score:2)
Re: (Score:1)
Know the gov is collecting it all from the ISP vs a VPN product?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2, Funny)
We will get right to that, Mr. Durden. Right after we impeach Trump and stop Brexit.
Re: (Score:2)
Brexit happens in 3 minutes. Seems that one has failed...
In other news, stopping authoritarian scum from spying on everybody is an on-going effort and will remain so.
Re: (Score:2)
And this may have been placed in the Senate Hopper, but the Senate is busy on the Impeachment. That, and Brexit tonight, Iowa Caucuses Monday, and the Super Bowl on Sunday... news is a little busy right now.
Re: (Score:2)
I wonder what announcements have been made to take advantage of the busy news period. If I had an unpopular policy to announce, I'd do it right now.
Re: (Score:2)
Yep, this is a well protected "Take out the trash!" weekend. Anybody got the AP Wire and can submit stories to Slashdot?
Re: (Score:2)
Trump issued an order permitting the US to utilize land mines again, though only under 'exceptional circumstances.' He took the chance to insult Obama while he was at it, of course.
Re: Time to hit the reset switch (Score:1)
Itâ(TM)s a joke snowflake. Donâ(TM)t take everything so seriously
Re: (Score:2)
No you won't.
You will just get the bill, replace "children" by "hate speech" and send it back for voting.
Same power grubbing shit, different buzzwords and megacorporations behind the scenes, which is why there is even fight between the two sides.
Exxon Mobil and Lockheed martin versus Google and Disney.
And of course (Score:4, Insightful)
Re: (Score:3)
I find it interesting that terrorism is not used anymore. By https://en.wikipedia.org/wiki/... [wikipedia.org] the next thing should be organized crime when finally everybody has gotten really sick of the "children" argument.
Re: (Score:1, Informative)
Re: (Score:1)
Trump Destroys Self?
Just let it run its course.
Re: (Score:2)
I got every reason in the world to consider the sonofabitch a terrorist.
Re: (Score:3, Informative)
These are the sort of threats you hear from terrorists. It's also the sorts of crimes against humanity that ISIS/Daesh have committed. This is why Trump is a terrorist. Congratulations, asshole, this is who you voted for, I hope you're proud of yourself.
Re: (Score:2)
Incidentally, the original meaning of "terrorism" is a form of Government where the population is kept under control by fear. The sad thing is that Trump is just one of a whole army of cave-men that managed to get into power.
Re: (Score:2)
Re: And of course (Score:1)
Re: (Score:2)
But it's for the sake of the children!
Is it?
Children may be harmed in the creation of child porn, but there is little evidence that they are harmed by possession or distribution.
Child molestation is correlated with possession of CP, but that is not the same as causation. Countries with more restrictions on CP do not have lower levels of molestation. Some studies have found a negative causative factor, so access to CP may reduce harm. In Japan, child sex dolls have been shown to reduce molestation by giving pedophiles an alternative outlet. Y
Re: (Score:2)
The ban on possession and distribution is intended on pulling the money out of it... too bad that's not working.
Re: And of course (Score:2)
I doubt they would actually be illegal here as pornographic artwork featuring children has been deemed constitutional, so I doubt a doll would be any different. However, you're probably unlikely to be able to make or sell them.
All it really takes is one viral tweet to have any potential business partners refuse to do business with you. Your supply chain would be practically non-existent, as would your means of taking payment, and your means of distribution. This is also why I doubt you're ever going to find
Re: (Score:2)
'Why do you hate the children?'
It's because we all must really want to use, traffic and take nude photos of them. My gosh, where has our moral compass gone.
Re: (Score:1)
Re: (Score:2)
Have you MET children?!? *shudder* ;)
The GOP & Right Wing Dems want to kill section (Score:5, Insightful)
Make no mistake, Section 230 _is_ the Internet. Without it no website can risk having user made content except the largest, most establishment friendly ones. You'd be sued into oblivion. The people who drafted Section 230 knew that, it's why the law exists. And the people attacking it know that, it's why they want the law gone.
Along with Net Neutrality the end of Section 230 means the end of the Internet. What scares me is how few people realize the threat this poses...
One more point I forgot to make (Score:2, Insightful)
Re: (Score:2)
I still think the public Internet will be good (Score:2)
Re: (Score:2)
Wong. TCP/IP was designed to assure packets got delivered regardless of loss of usual or abnormal routing. DARPA did an excellent job of assuring the network was resistant, and to this day still is.
That basis alone assures the standards for network cooperation that is and has been ultimately redundant and extremely hard to control, alter or moderate.
It's the abortions above that are being tested. But the lower level is like a torrent swarm, kinda hard to put that cat back in the bag.
Re: One more point I forgot to make (Score:1)
Re: (Score:3, Insightful)
I agree, but websites aren't being threatened by this, are they? This looks like an attempt to regulate software, except that it tries to pressure developers by revoking something a website needs but an app developer doesn't need.
Your websites/services and your software shouldn't be single source anyway. One of the basic rules of computers is this: never get hardware, software and servi
Websites are software (Score:3)
Re: (Score:2)
There's a huge anti-Establishment media (Score:2)
Re: (Score:2)
Re: (Score:1)
Well, the Internet is more than US-America. (Score:2)
I'm not under US law. So I wouldn't have to give two shits about that. I only do, because I care about you guys. :)
But the Internet would live on, even without the USA.
If push comes to shove, I'll set up a few VPNs for you guys, like I do for others in other countries. (I can do and have done steganographically hidden VPNs via big websites. Bandwith sucks there though.
Re: (Score:2)
Then you've never bothered to educate yourself on the difference between having rights in theory and having rights in practice.
Because if America falls, the international practice of unfettered encryption will take a massive gut short, and whatever picayune legal regime you presently operate under will become 50% more theoretical rather than actual.
Last person to proudly post about not having to give two shits: Well, I live in the Liberta
It's every man for himself from now on (Score:1, Flamebait)
Re: (Score:3)
Wrong! The Senate is only shouting your betters' philosophy for the past 10000 years or so: Laws are for little people.
Sounds fine (Score:5, Insightful)
The makers of any decent user-to-user direct communication software don't need Section 230 protection, because they're not involved anyway. They just make the software that the users are using, but wouldn't be hosting or involved in the communication any more than a manufacturer of pens and pencils are. (Think of it this way: even without any protections at all, is the Mozilla foundation liable for what you post in a Salshdot textarea using Firefox?)
The only entities that would be touched by this, are the ones who make unusually shitty software which puts the company in between the users, needlessly getting involved in the communication (probably for ad purposes). Nobody should be using these types of apps, both for that reason and also because they're always proprietary so you don't even know if they encrypt competently, and also since they can't ever interoperate with one another.
This is profoundly unthreatening, and if it were to have the force of law, it would probably overall increase security and quality. I support Graham's idea (which probably means he shouldn't be supporting it).
Re: (Score:2)
Re: (Score:2)
The makers of any decent user-to-user direct communication software don't need Section 230 protection, because they're not involved anyway.
You seem to not be aware of how encryption works. Namely, for end-to-end encryption to work there needs to be an exchange of keys. If you’re not doing it via back channels or in-person, which very few people are, you need to rely on a company to facilitate the key exchange. In the interest of a decent user experience, nearly every decent company that provides end-to-end encryption facilitates that exchange.
So, yes, they are involved and do need to be worried. It isn’t just the slime balls that a
Re: (Score:2)
They just make the software that the users are using, but wouldn't be hosting or involved in the communication
Well, that's not true of a lot of modern communication software, including end-to-end encrypted apps like Signal & Telegram, but stripping liability protections is just as bad for everything else.
All messages must be stored somewhere until it can be delivered. Everything from instant messaging clients to email and IRC down to texts on your phone has to do this - and all communication server owners could be liable for messages that were temporarily hosted on their servers, regardless of where the messag
Comment removed (Score:4, Interesting)
Re: Like WhatsApp... LOL (Score:2)
Whatsapp is end-to-end encrypted. (Score:2)
It got the same protocol as Signal, because Moxie decided it was more important than stupid partisanship.
Of course it is rather pointless, since it is equivalent to if the allies in WWII had hired Nazis as personal communication assistants. :)
What does it matter how good their encrytion protocol is, when you first have to give it to the enemy, for him to encrypt it, forward it to another enemy, who will then decrypt it and give it to the recipient.
And "independent" audit my ass. If the source isn't open, it
You gotta love how these sorts of bills... (Score:3)
Did any of them ever stop to think that there's an actual reason for that?
And no, it's not because programmers are lazy. It's because you can't actually effectively legislate what kinds of things people can do with numbers.
Because that's all computing is. Any appearance that something useful is happening is only the product of an illusion that we happen to associate with obtaining some desired outcome.
Re:You gotta love how these sorts of bills... (Score:5, Interesting)
What do you expect? Sen. Lindsey Graham is the same clueless schmuck who sits on the Internet Policy Subcommittee but has never sent an email.
**Facepalm**
-- :-)
If progress is forward, then what is congress ?
Re: (Score:2)
"you can't actually effectively legislate what kinds of things people can do with numbers"
well, i mean, yeah sorry but you sorta can. you can't stop people from doing things with numbers, but you can slow them down by a factor of, uh, like several billion. at least insofar as you can legislate anything at all.
Fuck em.... (Score:2, Interesting)
I moved my web and mail server to Switzerland a few months ago. They can ban everything under the Sun and I'll continue to enjoy strong encryption.
Re: Fuck em.... (Score:1)
Think about the Teens' Rights... (Score:2)
Teens want to be able to communicate with police about abuse from their parents.
Teens want to be able to talk about their love of a schoolmate without their parents knowing.
Teens want to be able to go out at night without their parents following.
Teens want to be able to access their bank account without letting their parents see their balances.
Teens want to be able to invest in stocks without their parents selling everything.
Teens want to be able to play poker without their parents disconnecting their bandw
Let's see if I can explain this in terms Graham... (Score:5, Interesting)
I make no promises here, but let's just give it a go.
Let's suppose that I know that you have the ability to listen in on a phone conversation I am having, but I don't want you to know what I'm saying.
If, say, you only understood English, but both I and the person I wanted to talk to could speak, say, Mandarin, then we could effectively confound your listening attempts.
But what if I didn't know what languages you knew?
Well, I could get together with my friend, and we could create a coded system together, and we could exchange confidential messages that way, secure in the knowledge that even if the messages were intercepted, they would not be understood. The phone company is not involved in the encryption mechanism, so they have no ability to help you decrypt it.
Because of the nature of how encryption works, it might even be literally *impossible* for anyone to decrypt the message without knowing exactly how it was actually encrypted in the first place. While numerous standard encryption algorithms do exist, the actual search space for how a message can be encrypted is unimaginably vast, and no amount of increased computing power can actually make decryption of such messages into a tractable problem.
So... leaving aside that it is effectively trying to legislate what people are even allowed to think, I ask.... how does Graham intend to enforce this sort of thing?
Re: (Score:2)
Every time a bad guy is arrested we seem to get the story "The FBI wants to look at his iPhone, but can't!" I wonder what percentage has some other phone...
Re: (Score:1)
Every time a bad guy is arrested we seem to get the story "The FBI wants to look at his iPhone, but can't!" I wonder what percentage has some other phone...
All criminals use the iPhone because if you're going to steal a phone you steal the most expensive one. You also steal from richer people who are most likely owners of iPhones because they are expensive.
Re: (Score:2)
I ask.... how does Graham intend to enforce this sort of thing?
To use your example, by forcing them to use a known language like Mandarin. While it's not intelligible directly to most people here, it can be recorded and decoded later. That's exactly the kind of encryption they want - keys held by both the corporation and the government.
Re: (Score:2)
Which is why I gave a second example, of using some encoding to send and receive messages. Without knowing the structure of the mapping, unless it is very rudimentary such as a cryptographic key, you could have a very hard time decrypting it.
And of course, a one-time pad would make any attempts at decryption impossible.
Finally, with a suitable encryption technique, you may not even realize that the message was actually encrypted in the first place.
Learning to read is an art (Score:5, Informative)
All the bill does is establish a commission that is tasked to protect children. There is nothing in the bill about encryption or even hinting at introducing any regulation.
It's possible the commission eventually suggests that encryption is evil, but thus far, the only people introducing anti-encryption suggestions has been the DOJ and FBI, agencies not very beloved at this point by the Republicans, there is actually a bill introduced by Ted Lieu and Jim Jordan (ENCRYPT act) that if Congress ever got back to doing its job could actually get to the floor. That act is introduced "To preempt State data security vulnerability mandates and decryption requirements."
Does it occur that this is just ... (Score:1)
... abusing child abuse for attacking encryption?
This is about PROTECTING child rapists. (Score:2)
Note how it says removing child abuse CONTENT. Not attching the actual rapists! Merely hiding them!
I'd investigate Graham for being part of a child rape ring right now! And for trying to protect child rapists, in any case.
-5 Author is a troll, headline is misleading (Score:1)
The Jokes Write Themselves (Score:1)
God help us. (Score:1)
Reports from Bloomberg and The Information say that Sen. Lindsey Graham (R-SC) is behind the bill,
But the committee -- which would be chaired by the Attorney General
Fucking shithead Republicans.