U.S. - Draft bill could penalize companies for using end-to-end encryption
#1
Politicians may be looking for a roundabout way to thwart end-to-end encryption. Senator Lindsey Graham is drafting a bill, the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, that would modify the Communications Decency Act's Section 230 to make companies liable in state criminal cases and civil lawsuits over child abuse and exploitation if they don't follow practices set by a national commission. Some of these would be relatively uncontroversial, such as offering parental controls and setting age limits with disclosures. However, the bill also includes requirements to "preserve, remove from view, and report" material as well as retain evidence, and there's a concern these could be used as pretexts for punishing the use of end-to-end encryption that would make some of this data inaccessible.

The draft does ask the commission to consider issues like privacy and security when establishing the practices. However, the 15-person commission would be led by the Attorney General, and current AG William Barr has been a vocal opponent of end-to-end encryption. As the draft law would let Barr modify the rules without a consensus, it wouldn't take much for him to require a backdoor and thus weaken encryption for everyone by creating a hacker-friendly vulnerability.



https://sg.news.yahoo.com/2020-01-31-ear...ption.html



-----------------------------------------------------------------------------------------------------------------------------------------------------------



Reported December 10, 2019:


Congress warns tech companies: Take action on encryption, or we will



Congress sent a warning to tech giants on Tuesday, telling companies including Apple and Facebook that it intends to pass legislation to regulate encryption if Silicon Valley can't reach an acceptable compromise with law enforcement agencies.

Tech companies and privacy advocates have long supported encryption, noting that the privacy and security technology protects people from hackers, crooks and authoritarian governments. Law enforcement officials, however, argue that encryption blocks criminal investigations by preventing access to suspects' devices and to their communications on messaging apps.

The argument over encryption resurfaced in October after the Justice Department called on Facebook to pause its plans for encrypting all its messaging services.

Law enforcement officials worried that encrypting messages on Facebook would cripple investigative efforts against child predators.


At a Senate Judiciary Committee hearing on Tuesday, Apple's manager of user privacy, Erik Neuenschwander, stated:

Quote:"At this time, we've been unable to identify any way to create a backdoor that would work only for the good guys," Neuenschwander told senators. "In fact, our experience is the opposite. When we have weaknesses in our system, they're exploited by nefarious entities as well."


Among the witnesses was Manhattan District Attorney Cy Vance Jr., who has argued that encryption prevented his office from accessing evidence on hundreds of phones. He noted that while his team uses lawful hacking methods, it pays "hundreds of thousands of dollars" for these tools and they're successful only half the time. "There are many serious cases where we can't access the device in the time period where it is most important for us to access it," Vance told the senators. "Without moving toward legislation, we're not going to solve this problem."


Several lawmakers at the hearing warned Apple's and Facebook's representatives that Congress would look into legislation if the companies couldn't provide data to law enforcement agencies.

There was a bipartisan warning. Both Democrats and Republicans argued that investigating crimes is more important than overall privacy and security on devices.

Quote:"My advice to you is to get on with it," said Sen. Lindsey Graham, a Republican from South Carolina and the Senate Judiciary Committee chairman. "This time next year, if you haven't found a way that you can live with it [weaker encryption], we will impose our will on you."


Sen. Richard Blumenthal, a Democrat from Connecticut, called out big tech's distancing itself from legal responsibility and warned that lawmakers would soon take action. 

Quote:"That will end, because the American people are losing patience," Blumenthal said. "I hope you take that message back. That kind of immunity will be short-lived if big tech isn't able to do better."


Quote:"If it doesn't happen by you, it will happen by Congress," said Sen. Joni Ernst, a Republican from Iowa. "I think you'd rather find the solution than have Congress do it for you."


Quote:"You all have got to get your act together, or we will gladly get your act together for you," said Sen. Marsha Blackburn, a Republican from Tennessee. "This is not going to continue." 



https://www.cnet.com/news/congress-warns...r-we-will/ 



------------------------------------------------------------------------------------------------------------------------------------------------------------



Reported July 23, 2019:


U.S. Attorney General William Barr says Americans should accept security risks of encryption backdoors



U.S. attorney general William Barr has said consumers should accept the risks that encryption backdoors pose to their personal cybersecurity to ensure law enforcement can access encrypted communications.

In a speech Tuesday in New York, the U.S. attorney general parroted much of the same rhetoric from his predecessors and other senior staff at the Justice Department, calling on tech companies to do more to assist federal authorities to gain access to devices with a lawful order.

Encrypted messaging has taken off in recent years, making its way to Apple products, Facebook, Instagram and WhatsApp, a response from Silicon Valley to the abuse of access by the intelligence services in the wake of the Edward Snowden revelations in 2013. But law enforcement says encryption thwarts their access to communications they claim they need to prosecute criminals.

The government calls this “going dark” because they cannot see into encrypted communications, and it remains a key talking point by the authorities. Critics — including lawmakers — and security experts have long said there is no secure way to create “backdoor” access to encrypted communications for law enforcement without potentially allowing malicious hackers to also gain access to people’s private communications.

In remarks, Barr said the “significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society.”

He suggested that the “residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product.”

“Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” he said.

Quote:The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”


The attorney general said it was “untenable” that devices offer uncrackable encryption while offering zero access to law enforcement.

Barr is the latest in a stream of attorneys general to decry an inability by law enforcement to access encrypted communications, despite pushback from the tech companies.

The U.S. is far from alone in calling on tech companies to give law enforcement access.

Earlier this year U.K. authorities proposed a new backdoor mechanism, the so-called “ghost protocol,” which would give law enforcement access to encrypted communications as though they were part of a private conversation. Apple, Google, Microsoft and WhatsApp rejected the proposal.

The FBI inadvertently undermined its “going dark” argument last year when it admitted the number of encrypted devices it claimed it couldn’t gain access to was overestimated by thousands.

FBI director Christopher Wray said the number of devices it couldn’t gain access to was less than a quarter of the claimed 7,800 phones and tablets.

Barr did not rule out pushing legislation to force tech companies to build backdoors.



https://techcrunch.com/2019/07/23/willia...backdoors/



------------------------------------------------------------------------------------------------------------------------------------------------------------



Reported July 23, 2019:


US attorney general says encryption creates security risk



Attorney General William Barr said Tuesday that increased encryption of data on phones and computers and encrypted messaging apps are putting American security at risk.

Barr’s comments at a cybersecurity conference mark a continuing effort by the Justice Department to push tech companies to provide law enforcement with access to encrypted devices and applications during investigations.

“There have been enough dogmatic pronouncements that lawful access simply cannot be done,” Barr said. “It can be, and it must be.”






https://apnews.com/7423e1ef65a144e6a47e4da63683b3c1
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  European states routinely using spyware, EU Parliament report warns Resurgence 0 9,291 Nov 10, 2022, 13:50 pm
Last Post: Resurgence
  US: Cryptocurrency surveillance provision buried in the infrastructure bill Resurgence 0 14,386 Aug 03, 2021, 21:18 pm
Last Post: Resurgence
  India's draconian rules for internet platforms threaten user privacy and encryption Resurgence 0 16,406 Jul 21, 2021, 20:05 pm
Last Post: Resurgence
  Question about using VPN and browsers JGD85 17 46,076 Feb 14, 2021, 12:40 pm
Last Post: TheBeard
  Ubuntu fixes bugs that standard users could use to become root Resurgence 0 15,994 Nov 12, 2020, 00:35 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)