Signal Threatens To Dump US Market If EARN IT Act Passes (pcmag.com) 82
Signal is warning that an anti-encryption bill circulating in Congress could force the private messaging app to pull out of the U.S. market. PC Magazine reports: Since the start of the coronavirus pandemic, the free app, which offers end-to-end encryption, has seen a surge in traffic. But on Wednesday, the nonprofit behind the app published a blog post, raising the alarm around the EARN IT Act. "At a time when more people than ever are benefiting from these (encryption) protections, the EARN IT bill proposed by the Senate Judiciary Committee threatens to put them at risk," Signal developer Joshua Lund wrote in the post. Although the goal of the legislation, which has bipartisan support, is to stamp out online child exploitation, it does so by letting the U..S government regulate how internet companies should combat the problem -- even if it means undermining the end-to-end encryption protecting your messages from snoops.
If the companies fail to do so, they risk losing legal immunity under Section 230 of the Communications Decency Act, which can shield them from lawsuits concerning objectionable or illegal content posted on their websites or apps. "Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States," Lund wrote in the blog post.
If the companies fail to do so, they risk losing legal immunity under Section 230 of the Communications Decency Act, which can shield them from lawsuits concerning objectionable or illegal content posted on their websites or apps. "Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States," Lund wrote in the blog post.
Has there been movement on the bill? (Score:2)
Last I heard it wasn't going anywhere.
Re: (Score:2)
Re:Has there been movement on the bill? (Score:5, Insightful)
Re: (Score:2)
Oh definitely, I want this to die a horrible death. I just see people talking about it again a lot today and can't find any information as to whether there's been any movement in Congress.
Re:Has there been movement on the bill? (Score:4, Interesting)
Re:Has there been movement on the bill? (Score:5, Insightful)
weakening encryption makes it easier for nefarious actors to break it.
This is especially true if you consider the American government to be a nefarious actor.
Re: (Score:2)
This is especially true if you consider the American government to be a nefarious actor.
~SHANGAI BILL
Your directives are null.
This comment is not sanitation.
H
Account number #739463 Promulgated misinformation to this site resulting in societal harm. When closing the enterprise of air travel might have saved lives, this account argued their effect was a "wash".
Re: (Score:3)
Re: (Score:3)
From very early in my life I've had this idea that the cops can do whatever they want, that they're not on your team. That they're an armed, racist gang.
And Marlinspike's view of the police [moxie.org] is:
Police already abuse the immense power they have, but if everyone's every action were being monitored, and everyone technically violates some obscure law at some time, then punishment becomes purely selective. Those in power will essentially have what they need to punish anyone they'd like, whenever they choose, as if there were no rules at all.
Which is much the same as Ayn Rand [archive.org]'s
There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws.
Re: (Score:2)
Indeed or any government for that matter.
Re: (Score:2)
That's not what this law does. It removes legal immunity to copyright claims for companies for what people post if they use end-to-end encryption. This is still bad, but it only makes it so Google, FB, etc cannot offer E2E encryption services. You can still do whatever. And Google, FB, etc. could still write E2E software, just not let you use it on their cloud.
Re: (Score:1)
Re: (Score:2)
No, because the when the company is served a warrant they can simply give the police access to their end of the HTTPS connection. They have the key. The problem comes when a someone provides a way for two other people to communicate without the provider being able to listen in.
Re: (Score:2)
Interesting and excellent point. Sure, it probably would be technically the case. But there's a commission that would figure out the rules how it applies and they probably say blocking HTTPS wasn't "best practices".
Re: (Score:2)
I definitely hope it dies because weakening encryption makes it easier for nefarious actors to break it.
Domestic law enforcement agencies including the DEA and FBI are not nefarious actors. Ask them.
Re: (Score:2)
Last I heard it wasn't going anywhere.
That's why it's stalling on when the second reading for it will happen. Political whips are out drumming support with exchange. Senators can trade out their top list item for a vote on this in the Republican whip side and Democrat whip side is trading up for moderate judges for it. However, it doesn't look like the far left and moderate right are up for trades with the whips. But moderate lefts and far rights seem on board to get some of their to-do list done with this bill. However, the Class 2's that
EARN IT? (Score:3, Interesting)
Re: (Score:2)
Re: (Score:1)
Not just legislation.
Re: (Score:2)
Re: (Score:2, Flamebait)
Citizen credit score is working well for China. The more you do for the state, the better your credit score is. Or rather, that's how it's sold. In reality, you must make working for the state free just to keep your head above water. It's bell curve grading.
~DigiShaman
What do you know of normative and criterion-based measures? What you know of policy defending its responsbility to govern a multi-cultural domain versus military policy rationalizing the maintenance of preferred margins of profit across the globe is poorly supported with a rhetorical usage of "In reality,".
Why engage in discourse by terms few have practical knowledge to assert...what have you asserted? Reality? The queue for that false flag is as long as your personal experience informs you.
Re: (Score:3)
Comment removed (Score:4, Insightful)
Re: (Score:1)
Re: (Score:1)
Anyone using the argument that anyone using the term "apologist" as an argument against someone or someone's opinion instantly disqualifies himself from any sort of serious discussion, instantly disqualifies himself from any sort of serious discussion.
Re: (Score:2)
Re: (Score:2)
Yes! 100%
Does anyone remember "The First Crypto War"?
SB66 comes to mind. We've been there and it still needs doing, again, and again...
Re: (Score:2)
"coded message to US citizens with regards to their freedom and privacy?'
No it's more like, we already do warrantless surveillance, it's just that it's a little harder and more expensive for us to prove that parallel construction due to information gained from the warrantless surveillance would have been obtained otherwise if we weren't such fat fucks stuffing our faces with doughnuts and actually did our job (and followed the intent of law).
Rename It! (Score:2)
This needs to be called the...
Allow Hackers and Criminal to spy on you so that the US Government can spy on you too Act.
The ONLY thing that keeps encryption even "partially" secure is because "golden keys" can be kept secure through obscurity. After this passes... that obscurity goes away and every key the Government has will go straight to the fucking hackers!
Security will become just like the TSA... mostly pointless and a waste of fucking time!
Re:Rename It! (Score:4, Informative)
This needs to be called the...
Allow Hackers and Criminal to spy on you so that the US Government can spy on you too Act.
Another good name would be the "Ship American Tech Jobs Overseas Act".
Weakening encryption is a stupid idea in more ways than can be counted. Did we learn nothing from the encryption embargo debacle of the 1990s?
It's ironic, at least to me. (Score:5, Insightful)
When I think about section 230, I think of it as an admission that a provider really has no practical way to moderate vast floods of content so we're not going to hold them accountable for something beyond their control. Law enforcement has to put on their big boy pants and go after the individual perpetrators.
End-to-end encryption makes that reality even more evident. Not only is the scale of communication too great to allow any practical moderation, now the raw data isn't even available. Thus, section 230 is even more applicable.
Re: (Score:3)
Problem is they have counter examples like Skype. Skype used to be end-to-end but when Microsoft bought it they changed it so that it uses their servers to set up the crypto on the link, conveniently allowing anyone who asks Microsoft nicely to spy on your calls.
It blew up all the arguments about it being impractical due to limited resources or bandwidth.
Re: (Score:2)
It blew up all the arguments about it being impractical due to limited resources or bandwidth.
Interesting point. Let me be clearer what I'm saying.
Microsoft or whoever certainly has the capacity to decrypt and re-encrypt the streams. Proof by demonstration they could tap a subset of calls in flight.
What I'm saying is Microsoft doesn't have the need, capacity, or duty to monitor all conversations in real time for illegal content. Even further, they have no ability to censor those conversations. Just like they don't have the ability or need to moderate text-based online conversations, which is basica
Re: (Score:2)
I find it hard to believe they could monitor everything but it's been rumored for ages that they can.
They don't generally care about monitoring everything. Storing everything works just fine. Then sifting out the interesting stuff afterwards.
"Let's have an adult discussion" (Score:5, Insightful)
"Let's have an adult discussion about this..."
That's what people at the FBI, NSA, etc. that want encryption gone tell tech companies, yet they're the ones that call out "won't someone please think of the children!!!" as a #lame counterargument anytime they get any type of pushback.
Frankly, the moment they use that as their reasoning for any arguments they're trying to make, they lose all credibility.
Re:"Let's have an adult discussion" (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
I can assure you, the FBI and NSA lost all credibility a long time ago!
True, you cannot lose something you no longer have (or never had to start with).
Re: (Score:3)
Frankly, the moment they use that as their reasoning for any arguments they're trying to make, they lose all credibility.
They lose all credibility, but somehow thy gain all the votes.
Re: (Score:2)
They lose all credibility, but somehow thy gain all the votes.
Voter suppression.
Gerrymandering.
Re:"Let's have an adult discussion" (Score:5, Insightful)
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
As an adult, it really is that simple. All of us have a right to speak freely, even if we want to do so in English, Spanish, Pig Latin, ROT-13, or AES-256.
Re: (Score:3)
"Congress shall make no law (...) abridging the freedom of speech"
As an adult, it really is that simple. All of us have a right to speak freely, even if we want to do so in English, Spanish, Pig Latin, ROT-13, or AES-256.
But with a warrant they can wiretap your phone calls. It's not something the phone company can do if they please, it's a service they're compelled to provide. And "it's the customer's telephone" has never been a valid excuse for them. This is the same in the 21st century, you provide a chat app? Then you will also build in wiretap capability. You can throw around words like unconstitutional but I very strongly doubt the Supreme Court would agree. In fact the prosecutors looked very hard for a way to hang Ph
Re: (Score:1)
That was the PRISM way.
Re: (Score:2)
But after the Snowden leaks Apple and Google feared they'd become stooges for the NSA and threatened to lock themselves out completely, meaning they couldn't answer normal warrants either.
You're so very poorly misinformed about the nature of US IT corporations. Many of them were started &/or supported with CIA seed money (In-Q-Tel) & they have very close, reciprocal relationships with US intelligence agencies, the military, & the US Department of State. In fact, Google is making handsome profits & gaining a lot of political capital out of help US allies spy on & suppress dissent from their countries' populations.
And, of course, what goes around comes around. What Google a
Re: (Score:1)
Re: "Let's have an adult discussion" (Score:2)
I don't know about the FBI, but the NSA most definitely does not want encryption gone. They answer to Congress and the president. But the NSA absolutely recognizes that it's the global dominant force in breaking encryption. Encryption is a bigger impediment to all of their rivals than it is to the NSA. And the NSA has a mandate to secure our communications.
Re: (Score:2)
I don't know about the FBI, but the NSA most definitely does not want encryption gone.
You're right; the NSA doesn't want it gone - they want it weakened so that they're able to break in, but not their FBI buddies.
Just another law that should be..... (Score:2)
ignored and violated as often as possible. Congress and the White house both have abandoned the Bill of Rights and the rest of the Constitution decades ago in their unholy pursuit of total power.
Their KGB and Stasi agencies ( FBI, NSA, DHS, etc) are licking their chops at a bill like this...
The goal?? (Score:5, Informative)
"the goal of the legislation, which has bipartisan support, is to stamp out online child exploitation"
No, the real goal is to make law enforcement easier, to allow them the option of making private communication transparent.
Whereas, Signal provides an easy method for people to utilize math, even if they are forced to stop marketing their product stateside, we have others able to vet applications that employ the same math to assure communication stays private (or makes decryption too expensive or too stale once decrypted).
What they really should be doing is grow a pair and read how those before them dealt with this issue https://en.wikipedia.org/wiki/... [wikipedia.org] instead of whining like bitches.
Wait....... (Score:3)
This is a privacy concerning app???....
Considering it won't work on Android until it has full permission to root through all your contacts, I wouldn't call this a privacy focused company.....
Re: Wait....... (Score:3, Interesting)
Signal does not require root, but nice of you to choose that word anyway.
And, had you actually looked into it, then you'd know what it uses that contacts list for. (The one you probably synced with Google or Apple anyway.) You can even look at the source code!
(It uses it, to 1. display the names and such when you get a message from a contact. And 2. to create hashes to ask the server if those can recieve messages, so it can determine who it can send a Signal message, and who can only receive insecure texts,
Re: (Score:2)
Re: (Score:1)
And this is literally the only messaging app that needs this.
Facebook isn't equivalent... you are either messaging existing friends within Facebook or people from their post. You do have the option to upload contacts to Facebook to add friends that way, which is then part of your account, which FB messenger uses. Which is a roundabout way of saying that FB Messenger wouldn't mind if you uploaded your contacts to Facebook.
Whatsapp.... it asks for your contacts
Telegram.... same
Snapchat.... oh yeah
Nimses... these guys too
LinkedIn.....of course (to be fair, not specifica
Re: (Score:3)
Re: (Score:3)
Erm, you can refuse to give Signal access to your contacts and it will still work. I just tried it.
You will see phone numbers instead of names, and starting a new conversation is a bit tricky, just like when you don't give WhatsApp your contacts. But it works.
Facebook Messenger doesn't need your phone contacts because it operates on the basis of Facebook contacts and Facebook already has all your Facebook contacts.
Re: (Score:1)
You're really thick aren't you? Stick to Facebook, where they don't need your permissions because they've already slurped up all your data and have backdoor access in their closed app.
Notable fact (Score:5, Insightful)
One of the sponsors of the bill recently blasted Zoom for NOT having end-to-end encryption. As if he wasn't the sponsor of a bill that would all but outlaw it.
Also notable, https is end to end encryption, so no more banking on the net for Americans. I guess it's a good thing it didn't pass before COVID came to town or we'd REALLY be isolated now and nobody would be teleworking. Speaking of thinking of the children, there wouldn't be any online learning happening either. Ironically in part because it would be too easy for creeps to intercept the video streams and perve on the kids.
Re:Notable fact (Score:5, Informative)
https is not end-to-end encryption, as its commonly described. Its transport encryption, a.k.a. client-to-server encryption.
End-to-end encryption means that content is encrypted from one client endpoint to another, and any intermediary servers are unable to decrypt/read the contents.
Re:Notable fact (Score:4, Interesting)
Re: (Score:2)
"then it is end-to-end"
Not quite, you have no way of disqualifying the certificate server's ring of trust, less you deny all SSL sockets from the associated cert. How many certificate servers have been compromised?
End to end is significantly different.
Re: (Score:2)
EARN IT doesn't apply when TWO people are communicating without help. They can do whatevery they want.
EARN IT applies when a third party is involved, providing the way that the two people communicate. EARN IT says that the third party has to be able to comply with a wiretap warrant. Signal can't do that without putting spyware into the clients.
Re: Notable fact (Score:2)
The banking world has very strong "Know Your Customer" regulations, so that's a bad choice for comparison.
Re: Notable fact (Score:4, Interesting)
Consider how the DOJ likes to take a mile when given an inch. The bill is aimed at things like WhatsApp and Signal where the intermediary can't currently read the messages, but how long will it be before they come back declaring the ISP to be non-compliant because it can't read your https traffic? Of course their 'target' would be naughty web sites, but online banking would be collateral damage.
And there remains the fact that kids talk with each other using end to end encryption. Breaking that actually puts them at greater risk.
Other open questions, if I use GPG on an email and send it off, does it count as end to end encryption? Probably yes since the intermediary mail serbers can't read the body of the email. That could be a problem if I'm talking to a priest or a lawyer (or, for that matter, my banker).
Don't worry (Score:1)
Don't worry, Zoom Video Communications is perfectly positioned to provide the universal censorship demanded by the US government. Or maybe not, since its subscribers have recently learnt the cost of half-arsed 'security'.
The government doesn't want to spend money chasing actual criminals, which is good news for Americans. They can still access Signal servers via an international VPN.
NECTAR (Score:3)
Re: (Score:2)
Never Expect Congress To Advocate Rights
Nice! I'll have to steal that one.
Irony? - see article on zoom (Score:4, Interesting)
Easy solution... (Score:2)
Vote out anyone who votes for this bullshit. Sadly I'm afraid this will pass based on how Sesta and Fosta performed. Won't someone think off the kids bullshit needs to stop. Won't someone think about the privacy of everybody else?!?!
"Those willing to sacrifice liberty for security deserve neither" - Thomas Jefferson
Apple (Score:2)
Doesn't iMessage have end-to-end encryption too?
With tech companies changing their structure to work online, it will take even less bullshit than usual for them to simply establish themselves in another country.
Can you imagine Apple's headquarters moving to British Columbia, for example?
What stops anyone from using foreign software? (Score:1)
We can still go to https://signal.sometld/ [signal.sometld], and install Signal from there. Oh, wait, the TLS CAs are government lapdogs!
How do they intend to undermine... (Score:3)
Given that an end-to-end encrypted stream will just look like a stream of bits which would be indistinguishable some some proprietary data format that the person eavesdropping doesn't happen know about.
Conceptually, this is no different than outlawing speaking in public in a language that other person who might overhear it may not understand. To someone who doesn't know the language or its structure, it's going to sound like gibberish.
Re: (Score:2)
Isn't that part of what pattern analysis and entropy weakness/failure in encryption winds up exposing?
Even unknown proprietary data can be identified as such by a lack of entropy and patterns, especially given the application of statistical analysis/machine learning.
Then there's the idea that for compatibility/usability, encrypted connections often use known channels/ports to communicate.
I think what you're describing is more like some combination of stenography and encryption.
Maybe they should outlaw air (Score:1)
because it's used to carry private voice conversations between people involved in illegal acts.
Signal more than encryption (Score:2)
... Signal is a separate plane of communication thanks to its privacy technologies.
Signal EOL support for the older 4s iPhone. I used Signal to communicate with an acquaintance whose communications were State interest in-a-foreign country. It parlayed into a safety zone for personal life which provided respite in the face of hostile political realities.
Nothing replaced the safe space Signal carved out to communicate. Not Facetime, email nor WhatsApp. Exchanges thereafter took on the all too familiar gloss
Jami? (Score:2)
But I'm not sure it'll work on really old phones...
https://jami.net/ [jami.net]
From Signal to Jami? (Score:2)
Who would be able to detail a more precise comparison than me here?
I use Signal among other to communicate with people who are admin in a serious company when they are away. In case Signal use is prevented in a country they are in I also installed Jami, https://jami.net/ [jami.net] , which to me seems
- as open source as Signal,
- more difficult to install,
- providing more features (e. g. also videos on Linux, etc.),
- no need to exchange phone #s out (although I think Signal can avoid this),
- and no need for a central p