1. 74
  1.  

  2. 13

    I don’t believe the logic behind the EARN IT act adds up. If we ban things because unsavory people use them then why does the US allow guns, for example?

    This excerpt summarizes a majority of the article, and I think it exemplifies a particularly weak line of argument. People will be more likely to be convinced a law is right or not by you elaborating on what it does and how that effects them than they would be because you’ve moralized the pretenses under which it was passed. Case in point since you mention them just after that, the NRA has been pushing the “most gun owners are good guys!” angle for a very long time and it’s done little but intensify the ire of people they might be trying to sway. Saying “we shouldn’t ban encryption because not everyone that uses encryption is a pedophile” doesn’t exactly make the strongest case.

    1. 8

      the NRA has been pushing the “most gun owners are good guys!” angle for a very long time and it’s done little but intensify the ire of people they might be trying to sway.

      I think part of the issue is that the NRA isn’t always trying to sway the other side with this line. They’re often trying to rally support on their side. As such, I see using the same line of argument as useful in helping people on the right who may not normally identify with a tech issue to see it in the same way they view their gun rights.

      1. 3

        While I agree with most of what you’re saying, there just has to be a better way to combat illegal sexual exploitation than this. As much as I don’t like that it is still a big thing on the internet, removing encryption is not the solution.

        1. 5

          Sexual exploitation of kids was a thing before the internet was a consumer thing. Those who partake in such despicable acts will just find another way to do what they do if online transit is no longer practical or safe. And then we’ll have no legitimate encryption, and still have sexual exploitation of kids.

          1. 2

            I’m not against encryption either. Maybe if you really want to confront that part of the issue I think instead of talking about how it’s “not all encryption” I would personally take on the route of not only further exploring how futile it is to try to curb these crimes by pursuing them once they’re already being shared, but also showing how much more effective things like community programs might be at trying to fight the issue at its source.

          2. 3

            Saying “we shouldn’t ban encryption because not everyone that uses encryption is a pedophile” doesn’t exactly make the strongest case.

            Maybe it does, if one poses it as “encryption is the tool that allows you safely exchange, say, intimate pics with your partner, and financial information with your family members; if we ban it, your next-door neighbor could creep into your personal stuff”.

            1. 3

              That’s my point.

          3. 5

            The war against encryption is a red herring. Since encryption can be re-implemented even if illegal, this may be actually a war against general-purpose computing.

            1. 6

              This is such a contentious issue with overwrought rhetoric on both sides. Just to cut to the chase, my understanding is that the EARN-IT act will allow the US government to revoke Section 230 protection for websites/social media companies that do not allow for lawful communications intercept (i.e., they provide end-to-end encryption for users).

              Is this a fair summary?

              1. 4

                Hi, yes, I’m a privacy expert and have been following this issue. Your understanding is correct. This essay is a more detailed explanation.

                1. 4

                  Something I’ve been wondering for a while now: would Section 230 still apply to a service that doesn’t even route the communication? I’m thinking specifically of two cases:

                  1. I am distributing peer to peer communication software. I can’t intercept communications because I don’t even have servers.
                  2. The software I’m distributing is not exactly peer to peer, but it uses my servers to establish a peer to peer link (using dirty tricks such as hole punching as necessary). My servers may know of the handshakes, but it sees no data at all.

                  Oh, and say I’m an ISP, and my customers use my service to send lots of data that to me is indistinguishable from random (they use software provided by (1) or (2) above). Could I be liable if this random data turned out to be encrypted child porn?

                  1. 2

                    That’s the rub. Would Signal be affected? AFAIK there’s nothing “published” in the Section 230 sense there.

                    1. 2

                      Signal “publishes” nothing, but it does transfer, and temporarily stores, messages. So I’d say it’s in an even more precarious situation than my two examples.

                      1. 1

                        IANAL, but the entire point of Section 230 protection is that your users can publish on your platform, and you are not legally responsible for objectionable stuff - or rather, you can act after they’ve posted, not before. If Signal never reveals anything publically, how can anyone even find out what’s there?

                        1. 1

                          Right. OTOH, Facebook owns Whatsapp, and about a billion people are sending e2e-encrypted messages through it.

                          Facebook are definitely not going to give up their section 230 protection. If this passes, it can safely be assumed that they will break the crypto there.

                          Apple have app store reviews. Losing section 230 protection there would be a huge liability, so iMessage e2e crypto is also likely gone.

                          1. 1

                            OK, if the legislation is “transitive”, i.e. if any part of your business relies on Section 230, and another part uses E2E, that is indeed very bad.

                            1. 1

                              That’s my reading of it, yes. Any provider large enough to be ‘interesting’ from a dragnet perspective would own at least one high-value S230-protected property.

                              Signal might be the only widely-used holdout on that front.

                    2. 2

                      You’re asking a legal question, and I’m not a lawyer, so I’ll avoid speculating. It is in general very challenging to know how proposed legislation will play out in practice. It’s about precedents and about how courts and regulatory bodies will interpret things, not just about the text of the bill. Also, I’ve gotten the impression that lawyers whose income comes from something other than public policy advocacy or corporate compliance can’t mostly afford the time to read the bill. I would love it if the non-profit I work for could afford to pay somebody full-time to read these things and explain them to us, but we aren’t there yet.

                      I think that you are describing a possible consequence of this bill, and from the statements of Congressional leaders who are pushing for it I think that what you’re describing may be within the intent of its authors. I will note though that intent isn’t the only thing to consider. It’s not really possible to give a firm yes-or-no answer right now; I apologize for that.

                  2. 3

                    That’s my understanding of the law, but maybe others can shed more light. I found this article more informative, along with the articles linked from that one. edit: I found this post to have a really good explanation

                    To understand both sides of the issue though, I found it also helpful to review some of the background that is prompting this law to be passed, such as the New York Time’s reporting on the child sexual abuse imagery on the internet. The Daily also has a good podcast episode about this.

                    I’m not taking a side here, just trying to share some articles I found helpful in understanding the issue. I think encryption is of fundamental importance to having a working democracy. At the same time, I also find child sexual abuse imagery abhorrent, and as a society we need to keep it from being more and more prevalent on the internet. I’m not really sure what the right solution is.

                  3. 2

                    Big brother has a big part to play in this, as they’ve always wanted “encryption for me but not for thee” - but at least half the blame needs to be pointed at traditional media; as Facebook and YouTube eat their lunch, they will grow ever more shrill in their disingenuous “won’t somebody think of the children” attacks on the companies who can still pay their employees, and the platforms they use to do so.

                    1. 2

                      Sometimes I talk when I sleep, and according to my wife we had a funny conversation relating to this

                      Me: You can stop people from using encryption

                      Her: Why not?

                      Me: What are you going to do, make math illegal?

                      Her: Can’t I?

                      Me: Silly americans

                      In all seriousness, I’d wager that most SaaS companies are already in the backpockets of the US government. You really think that if the fed comes knocking for the keys, the companies won’t relinquish everything?

                      1. 4

                        I’d wager that most SaaS companies are already in the backpockets of the US government. You really think that if the fed comes knocking for the keys, the companies won’t relinquish everything?

                        If this were completely true, passing a new law wouldn’t be necessary.

                        1. 6

                          It is necessary if you don’t want the extent of your intercept abilities to be introduced as evidence in a court of law.

                          1. 5

                            I know the FBI has dropped criminal cases from Tor hidden sites to avoid divulging this information. So that’s not too far beyond the realm of belief.

                      2. 1

                        It’s funny (to me) that people are surprised that Feinstein is so willing to trample over Constitutional protections while blithely ignoring the objections of the citizens she (in theory) represents.

                        For years, this has been her approach to the 2nd amendment, and to be honest, most geeks have either remained silent, or applauded her actions.

                        Now she’s coming for the 4th amendment, and geeks are up in arms (humour intentional).

                        1. 1

                          I’m sure I’m just cross-eyed right now, but would someone that understands this explain the mechanism for a commercial company getting hit financially; if they don’t get on board with EARN IT? Is it a fee? THANKS in advance!!

                          1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                            1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                              1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                  1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                    1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                      1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                        1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                          1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                            1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                              1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                                1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                      2. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                        1. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]

                                    2. [Comment removed by moderator pushcx: 9/11 conspiracy theories are way off topic.]