I think politicians must win prizes or something for showing who is the stupidest:<p>> The bill also allows the attorney general to create a competition with a prize for anyone who can come up with a way to access encrypted data while protecting privacy and security. Security experts have long noted that this is an impossible request.<p>Why they're at in, why don't they push a bill for permanent rainbows.<p>Also, the article states "The proposed legislation stops short of requiring tech companies to create a backdoor", so if end-to-end encryption is still available, this legislation does nothing. And if lawmakers try to <i>ban</i> end-to-end encryption, well then "banning math" should be the name of this legislation (yes, I realize politicians have tried to do that before). Sure, large companies may comply and average joes may get less E2E encryption, but anyone who knows anything about tech will be able to get access to E2E encrypted messengers.
Here is the senate page on the Bill <a href="https://www.judiciary.senate.gov/press/rep/releases/graham-cotton-blackburn-introduce-balanced-solution-to-bolster-national-security-end-use-of-warrant-proof-encryption-that-shields-criminal-activity" rel="nofollow">https://www.judiciary.senate.gov/press/rep/releases/graham-c...</a><p>> Bad actors exploit warrant-proof encryption to shield dangerous and illegal activity —including terrorism, child sexual abuse, and international drug trafficking — from authorities.<p>Bad actors also exploit warrant proof use of their voice to send sound waves directly at other bad actors ears to shield dangerous and illegal activity —including terrorism, child sexual abuse, and international drug trafficking — from authorities.<p>I realize that end-to-end vs speaking verbally is a bit of a leap but bills like this make it seem like they don’t want US citizens to have a voice.
We in tech have to stop thinking that these politicians don't understand or know what they're proposing. Or that they would change their minds "<i>if only we could explain it right</i>". It's not a problem of information.<p>The fact of the matter is some parties (by which I mean groups, not political parties) have an abiding interest in keeping strong encryption and privacy out of the hands of the population at large. Banning E2E encryption either outright, or through the backdoor (EARN IT act) from major Internet platforms will accomplish this. Therefore, arguments like "You can't ban math" or "The real criminals will just move to platforms that use E2E encryption" don't work.<p>What's worse, they try and pass these laws using Think of the Children[1]. It's tested, and effective. It works because it's an emotional appeal and most voters are emotional creatures (including me, and you). Like a popular Internet meme says "You can't reason someone out of an opinion they didn't reason themselves into."<p>Fortunately we can (honestly) use Think of the Children to fight back. Literally every child in the US uses the Internet to chat with their friends and send pictures, write their journal, do their homework, get their grades, and communicate with their doctors or therapists. Weakening encryption therefore endangers <i>every child</i>, risking exposing their innermost thoughts and conversations to the worst sort of people online.<p>We have to start couching this issue in terms that regular people understand.<p>"Would you lock your backyard gate, where your children play, with a TSA lock?"<p>"What if your pediatrician's office told you their doors and file cabinets have a TSA lock on them? Anyone can just buy a key on Amazon, walk in, and rifle through everything they have."<p>I honestly worry about a future where my children have no privacy. Where any online predator can potentially access everything they say, send, post, or do online. That makes me anxious and frankly, a little angry.<p>1. <a href="https://en.wikipedia.org/wiki/Think_of_the_children" rel="nofollow">https://en.wikipedia.org/wiki/Think_of_the_children</a>
I'm an African. I've lived through fantastically corrupt, despotic, authoritarian rule riddled with nepotism and kleptocracy. I find GOP politics to be disturbingly familiar. And it reeks of regulatory and state capture.
We've all been shown recently how law enforcement only protects certain segments of society. This will only get worse with draconian surveillance.
Sometimes I imagine a secret meeting that happened some decades ago between Republicans and Democrats, dividing up the Bill of Rights.<p>"Well, we have to at least <i>look</i> like we're fighting for them. If we all just agree to protect the Bill of Rights, then we aren't really <i>working</i> for them. How about Democrats get 4, 5, 7, 8, and 9; and Republicans get 1, 2, 3, 6, and 10?"<p>"Hey, why do we get the Third Amendment?"<p>"It was our idea."<p>(This comment is not meant to be taken literally and I'm sure that others will have a different mapping between Amendment numbers and parties.)
They can't catch domestic terrorists who are in the USAF using their existing overreaching surveillance on non-encrypted traffic.<p>How does breaking encryption get them closer?<p><a href="https://www.washingtonpost.com/nation/2020/06/17/boogaloo-steven-carrillo/" rel="nofollow">https://www.washingtonpost.com/nation/2020/06/17/boogaloo-st...</a>
"If passed, the act would require tech companies to help investigators access encrypted data if that assistance would help carry out a warrant."<p>Isn't that already required? If someone shows up with a warrant (presumably signed by a judge and listing the particular things being searched), then basically you need to do everything you can to help them (as you should). Subpoenas are a little different and there's more room to argue about them, but are also important in general. Regardless, if it's encrypted and you don't have the key, then it's a dead end and that's the way things go.<p>So what is this law <i>really</i> doing? My guess is that it's actually asking tech companies to do something in advance of any specific criminal act, that would somehow preserve private information or prepare it so that it's easier to comply with hypothetical warrants that might be issued in the future against anyone on the platform. That's really a different kind of thing than just assisting in carrying out a warrant.
So... the legislators seem to be targeting "warrant-proof" encryption. Now... correct me if I'm wrong, but law enforcement can use due process to obtain access to a suspect's phone, and that phone will then decrypt the communication for them, right (even if the service provides true end-to-end encryption, which most don't)? So what's the problem?
If they get such a law enacted, then people who really care about end to end encryption will simply "opt out".<p>There are so many open source crypto tools out there with no backdoors that anyone savvy enough to find them and use them will do so.<p>Of course the average user probably wouldn't care enough to do that, but maybe a few privacy scandals could change all that.
Sometimes I wonder if politicians are trying to get us to not vote for them.<p>Like, what problem is this solving? Are there tons of criminals that are running wild, and if only we had their secret correspondence we could catch them?<p>And is social media not already some huge gift to law enforcement? Forget about tapping an encrypted line, just follow them on twitter.
Luckily they seem to have no concept of timing. Why they think they can get away with something like this when trust of the police and authorities is so low is beyond me.
Can't companies already be compelled to push updates to select devices adding a decrypted sidechannel to "e2e encrypted" apps, effectively providing a wiretap when a warrant is in hand?<p>There's no need to weaken the encryption at all when end-users don't actually control the software they run day-to-day. Just replace the software while they're asleep.
GOV: Is it true that your servers hold encrypted data.<p>AWS: Yes.<p>GOV: Decrypt it, please.<p>AWS: Lol all we have is the public keys, bruh.<p>GOV: Use the public key to decrypt, please.<p>AWS: Uhh...
A criminal could use a service provider which isn't located in the U.S. or peer-to-peer communications. Only stupid criminals and the general public will be hit by this.<p>Is this a last ditch effort for a Law & Order Bill prior to the election?
Do these dolts not realize that their supporters also use encrypted platforms (like signal and telegram) to communicate, especially things that are considered fringe or dissident. One might expect such cluelessness from someone like Lindsey Graham, who is a neocon's neocon, but from Tom Cotton, who is on the Right-wing's preferred side on immigration? Especially, when that position is the sort of position that can get you fired these days?<p>Madness. I wonder what would happen if the NRA started defending encryption as a second amendment issue, as encryption technology has historically fallen under munitions export control legislation.