Blockchain Technology Counters US Anti-Message Encryption Bill, AKA EARN IT Act (#GotBitcoin?)
The Electronic Frontier Foundation (EFF) is attempting to alert the public to a bill that seeks to end the encryption of online messages and prevent it from being enacted by the United States Congress. Blockchain Technology Counters US Anti-Message Encryption Bill, AKA EARN IT Act (#GotBitcoin?)
The so-called EARN IT bill proposes that digital messages should first pass through government-approved scanning software in order to monitor for malicious criminal activity. The bill is sponsored by Senators Lindsey Graham and Richard Blumenthal.
Blockchain As A Measure Against Government Surveillance
The bill’s disregard for privacy presents an open-ended use case for technology like blockchain. By offering transparency and traceability alongside security, blockchain-based communications may be a way to avoid governmental prying.
An example is blockchain’s use by journalists and activists to circumnavigate censorship measures by governments worldwide.
As Cointelegraph previously reported, Sarah Zheng, a journalist for the South China Morning Post, had leaned on the Ethereum blockchain to publish a censored interview with a Wuhan doctor who alerted the public about the coronavirus outbreak.
According to Zheng, blockchain made it possible to encrypt the information with QR codes, morse code, and deliberate typos it could be shared on social networks. The original piece could not be disseminated via WeChat.
Specifics Of The EARN IT Bill
The EARN IT bill features a series of “best practices” that online entities would be expected to follow.
The EFF claims that Section 230 protections would be withdrawn from any website which fails to uphold these guidelines. If enacted, this list will be created by a government commission led by the U.S. Attorney General, William Barr.
The foundation says Barr has made it clear he would fully ban the encryption of all digital messages. If this bill is passed, it would give law enforcement legal access to any communications sent between individuals online. The EFF clarifies the following about Barr’s influence on the bill:
“Not only will those groups have a majority of votes on the commission, but the bill gives Attorney General Barr the power to veto or approve the list of best practices. Even if other commission members do disagree with law enforcement, Barr’s veto power will put him in a position to strongarm them.”
Propaganda Against Encryption?
Although Senator Blumenthal correctly notes that the word “encryption” has not been included anywhere in the bill, the EFF maintains that the proposal is an “all-out assault” on encryption.
The Electronic Frontier Foundation Adds The Following Regarding The EARN IT Bill:
“You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys.”
EARN IT Act Threatens End-To-End Encryption. Bitcoin Developers Seek To Restore It
Bitcoin Messenger Explores Censorship Resistance During Coronavirus Crisis
A new bitcoin privacy technology was born this week, inspired by the politics of the “Great Lockdown.”
On Monday, software engineer John Cantrell released a messenger application called Juggernaut. It’s built entirely on top of bitcoin’s scaling layer, the Lightning Network, and offers end-to-end encrypted, onion-routed, peer-to-peer messages.
In some ways, Juggernaut offers a more secure and primitive version of the Ethereum-based Status messaging app or the bitcoin-friendly mobile app Sphinx Chat. But everything comes with tradeoffs and Juggernaut prioritizes privacy.
While it’s now in early beta stages, Cantrell said the idea was inspired by censorship concerns, such as those we’ve already seen during the coronavirus crisis, from WeChat and Facebook deleting posts about the pandemic to Google suspending an Idaho church app for allegedly violating Google Play’s new events policies.
For just one more example, bitcoin advocate Knut Svanholm said Amazon forced him to remove a brief mention of the coronavirus from his self-published book in order to distribute it through Kindle.
“It seems like maybe we’re heading toward a type of world where the government may shut down communication channels, you can’t say these things on Twitter, etc.,” Cantrell said. “If I want to use some service with an API to, say, send emails or text messages or pretty much any API, I have to create an account with that website and use my credit card or bank account.”
This messaging app doesn’t rely on a commercial server. Instead, the app runs on a Lightning node, from homemade Raspberry Pi devices to Casa models, so that bitcoiners can send messages directly between nodes by using their node public keys like usernames.
This primitive beta allows users to open channels with a small amount of bitcoin, that can be sent back and forth without actually requiring payment, or pay small routing and transaction fees to the network if the user doesn’t use a direct channel. Either way, it would cost less than a dollar to send millions of private messages without relying on an external service.
“In these LSAT or micro-payment-enabled APIs,” Cantrell said, referring to how Juggernaut plans to use Lightning Lab’s LSAT standard, “it allows for global access to almost any service. That’s the grand vision here. How do we allow someone to use any service without needing to go through the traditional route.”
Censorship isn’t strictly a pandemic issue, pending legislation could jeopardize legal protections for technologists and service providers long after coronavirus fades into memory.
The Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, a bill sponsored by South Carolina Republican Senator Lindsey Graham and Connecticut Democratic Senator Richard Blumenthal may soon force tech companies to abide by new online child protection laws or risk lawsuits for unmoderated content.
Riana Pfefferkorn, the associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, called the EARN IT Act a “stalking horse for banning end-to-end encryption,” supported by President Donald Trump.
Eugen Rochko, founder of the decentralized social network Mastodon, which runs on federated servers, believes bills like the EARN IT Act could further entrench tech monopolies. On the other hand, he said decentralized platforms can still address moderation concerns without government censorship.
“One benefit is that there’s just, like, more moderation,” Rochko said of grassroots networks. “The other benefit is that the moderation is more flexible to global needs because there is not a predefined set of rules that come from a specific place.”
From the perspective of Juggernaut’s Cantrell, creating a privacy tool for more decentralized social messaging felt like a “revolutionary” moment, discovering a radically different way to use bitcoin software. The Lightning Network could be used for anything from an “unstoppable poker room” to complex software services, he said.
“The messages are being routed over the Lightning Network. They’re not just simple messages, they’re server requests,” Cantrell said, adding the server requests could be configured to automate a wide range of computer functions. “I can access a paid API and pay for exactly what I use. It would allow for easier onboarding and global access.”
Andreas Antonopoulos: “EARN IT Act Could Be Called: ‘F*ck You Zuckerberg'”
Andreas Antonopoulos believes that a proposed bill will f*ck Mark Zuckerberg and violate civil rights.
In a recent YouTube stream, Andreas Antolopoulos said that the controversial EARN IT Act might as well be called “Fuck you, Zuckerberg”.
The bi-partisan bill was written by Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), and if passed, it would:
“Create incentives for companies to “earn” liability protection for violations of laws related to online child sexual abuse material”.
Antonopoulos: Civil Rights Aren’t EARNed
Talking To Cointelegraph, Antonopoulos Disagreed With That Premise:
“The EARN IT act is a backdoor encryption ban disguised as a modification of the DMCA act [Digital Millennium Copyright Act]. Civil rights aren’t “EARNed”, they are inalienable.”
He Believes That The Proposed Bill Would Infringe On Civil Rights:
“The old trope “Won’t somebody think of the children” is used constantly to degrade freedoms. I think the children will not like living under totalitarian government control.”
Furthermore, he contends that the real target of the bill are not criminals, who will have access to encryption regardless, but regular citizens:
“Criminals will always have access to encryption that is strong and without backdoors. The only question here is whether law abiding citizens will. The rest is just manipulative propaganda without a shred of truth.”
The Eliminating Abusive And Rampant Neglect of Interactive Technologies Act
The bill’s goal is to combat the sexual exploitation of children. It contends that the criminals are hiding behind the veil of encryption provided by the tech platforms to conduct their heinous business. However, many privacy advocates have voiced concerns that under the lofty pretext, it curtails personal freedoms.
Section 230 of the Communications Decency Act has exempted tech platforms, like Facebook and Google, from being held liable for the content posted by its users. EARN IT Act would alter the status quo by making tech companies earn exemptions for good behavior. A recent Wired article speculates that tech companies might have to abandon end-to-end encryption altogether:
“If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services.”
Facebook Stands To Lose The Most
Predictably, Antonopoulos, Who Is Known As A Privacy Advocate, Had Strong Words Of Condemnation For The Bill:
“Now, the EARN IT ACt could be called ‘Fuck you, Zuckerberg’. You’re going to give us backdoors because that’s effectively what it is. This is a very, very directed law that affects the largest content providers. It’s not just Zuckerberg, of course, but certainly Facebook has the most to lose from this, especially because of one application that they offer, which is called WhatsApp.”
Zero-knowledge Transactions Are In Danger
Discussing the possible ramifications for the crypto space, Antonopoulos opined that the companies that “engage in zero-knowledge transactions” may be affected. He speculates that they will no longer be afforded protection from the liability posed by their users. At the same time, he believes that if passed, the EARN IT Act could accelerate decentralization:
“[It will] arguably, encourage more decentralization. So if a company has no control over its users transactions, then this doesn’t really apply. I think these types of regulations are really aimed at centralized organizations and platforms and in the long term, undermining end-to-end encryption and undermining freedoms that we consider necessary to encourage free speech and expression and encourage the growth of independent media platforms.”
Antonopoulos has no doubts that the bill will pass. Considering the bi-partizan nature of the proposed legislation and the guise of protecting children from molesters, he may be right.
Senate Approves Measure To Renew Some Lapsed Domestic Spying Powers
Bill extends protections to surveillance targets beyond version passed by House.
The Senate voted to renew a set of domestic surveillance powers that lapsed two months ago, approving a package that goes further in extending some legal protections to targets of court-approved surveillance than a version passed by the House.
In an 80-16 vote Thursday, the Senate passed the measure, which would extend until December 2023 a handful of surveillance authorities that are based in part on the Foreign Intelligence Surveillance Act. Those authorities expired in March, when Congress was busy addressing the early stages of the coronavirus outbreak. The bill passed with bipartisan support.
The vote came even as Washington has yet to fully resolve a fractious and prolonged debate about the proper scope of the government’s domestic surveillance capabilities, an issue that has repeatedly been stirred by President Trump as he has claimed such tools were improperly used against his 2016 presidential campaign.
The bill voted on Thursday for the most part doesn’t directly concern some of the surveillance issues Mr. Trump and allies have complained about or that were detailed in a recent Justice Department watchdog report. But the need to address the expiration of some surveillance powers served as a springboard for lawmakers in both political parties to open up a broader debate over whether to overhaul the FISA process.
Different factions of officials within Mr. Trump’s administration have inconsistently supported or rejected legislation offered in Congress to renew the expiring authorities. It remains unclear whether Mr. Trump would sign the Senate bill if the House also approves it. The White House didn’t immediately respond to a request for comment.
The spying tools, adopted originally in the USA Patriot Act passed in the aftermath of the Sept. 11, 2001, terrorist attacks, allow the FBI to obtain certain wiretaps and to file requests to obtain a variety of business records from companies in connection with national security investigations.
Senior Justice Department officials have said their ability to pursue some investigations during the two-month lapse of the tools has impeded their work, but privacy advocates have said the tools are overly broad and lack sufficient oversight and have challenged claims that the expiration of the tools jeopardizes national security.
Other less controversial expired powers allow investigators to easily wiretap a suspect who has switched phones and surveil a so-called lone wolf terrorist who doesn’t possess any discernible ties to a foreign terrorist organization.
The bill passed by the Senate, like the measure that easily cleared the House, also would statutorily terminate a program that allows the National Security Agency to obtain numbers and time stamps of U.S. calls or text messages from phone companies after getting judicial approval. That program was created by Congress in 2015 as a scaled-down version of the bulk phone metadata surveillance tool exposed by former intelligence contractor Edward Snowden two years earlier.
Though the new system was shut down last year by the NSA amid repeated compliance issues and is widely seen to lack significant national security value, its termination by lawmakers would represent a dramatic conclusion to a controversial and once-secret program that U.S. intelligence officials once strenuously defended.
The Senate bill will now be sent back to the House for consideration. The upper chamber on Wednesday also approved an amendment to the bill that expands the ability of outside experts to provide guidance to the Foreign Intelligence Surveillance Court when it considers applications for surveillance. The amendment, sponsored by Sens. Mike Lee (R., Utah) and Patrick Leahy (D., Vt.), was a long-sought victory for privacy advocates.
Both the Senate and House bills also impose criminal penalties for making misstatements to the Foreign Intelligence Surveillance Court, the secret court that approves wiretaps of people suspected of spying and terrorism. The recent Justice Department watchdog report found that the FBI had withheld exculpatory material about Carter Page, a former Trump campaign adviser, and made misleading statements about his relationship with another government agency when it sought court approval to wiretap him.
How To Keep Data Private With Google And Apple’s Contact Tracing App
Tokenized technological solutions would be a better option for identity verification at scale without sacrificing people’s data and their privacy.
In a rare instance of cooperation, Google and Apple, two pillars of the global tech industry, announced a joint effort to create a COVID-19 exposure tracing application for mobile phones in conjunction with world governments. The app, which is set to be available on both Android and iOS phones, relies on Bluetooth technology to warn against potential exposure to a person infected with COVID-19.
Due to its participating organizations, all three of which have shoddy track-records on privacy, the application immediately raised the suspicions of privacy proponents. The Electronic Frontier Foundation, a staunch supporter of digital privacy, posed questions to developers and implored them to question the cybersecurity and privacy implications of the joint contact-tracing app.
Google and Apple responded by tinkering with the tracing keys and encryption of the application to improve privacy, but questions still linger.
In particular, many of the benefits of the contact-tracing app are stifled by simple logistical problems like Bluetooth not being designed for contact-tracing (can’t delineate between disease and distance); many people don’t carry Bluetooth-compatible cell phones; and most people won’t voluntarily download the app.
If we weigh the potential benefits vs. the privacy threat, is the app really worth it? Probably not, but a tokenized version would be much more palatable. Let’s explore why.
The Feint Of Privacy
The Google and Apple tracing application relies on rolling proximity identifiers, or RPIDs, that are used to ping other Bluetooth devices. RPIDs are changed every few minutes, and users who believe they are infected can share their previous RPIDs with a public registry that verifies whether the user is infected, and subsequently, alerts any recently connected “pings” to that user’s device.
Apple and Google, admittedly, made an effort to reduce centralization by allocating most of the encryption keys to users’ devices rather than central servers, but some key problems persist. For example, as detailed by the EFF:
“A well-resourced adversary could collect RPIDs from many different places at once by setting up static Bluetooth beacons in public places, or by convincing thousands of users to install an app. […] But once a user uploads their daily diagnosis keys to the public registry, the tracker can use them to link together all of that person’s RPIDs from a single day.”
Consequently, the hacker could map out every movement of a user’s life, trivially determining who that person it. It’s the equivalent of having a real-time lens into a person’s daily movements. The EFF goes on to elaborate that the problem is not explicitly limited to Bluetooth but that Bluetooth is largely unsecured, and its attack surface needs to be reduced to a minimum.
Additionally, the government and police could have direct access to proximity tracking metrics for users, extracting pertinent information about their whereabouts and activities, should they choose. None of these concerns even take into account the security of the public registry or data leaked to Apple and Google’s servers.
We can boil down the inherent problem of the Google and Apple tracking system to trust.
Trust in the government and tech companies not to abuse the data, trust that the RPIDs uploaded to the registry are not spam (they have no way of authenticating real uploads form individuals), and trust that third-party developers won’t wield the system for surveillance purposes.
The entire system is based on trust, and what are decentralized cryptocurrency tokens good for? Rapid verification — e.g., auditability — and trust-minimization.
The Advantages Of Tokenization
First, it’s hard to ignore that Apple and Google could’ve turned to open-source cryptography and its accompanying class of willing privacy-oriented startups and activists right out of the gate. People would feel much more comfortable. But they didn’t — no surprise.
Much of the terminology used by the two companies has also been nebulous. There are also concerns about aspects of the application that these companies would have direct control over, such as turning off notifications and proximity tracking, even after the crisis is over.
Such powers should be entirely removed from the hands of these centralized, profit-oriented corporate entities. An ideal way to do that would be tokenized and encrypted verification of infected proximity RPIDs.
For example, using customized parameters for the proximity tracking could be baked into each token. Tokens are not under the development auspices of any single entity, and the tokens can be burned by the token users once the token’s utility is finished. There’s no umbrella switch under the control of a company that keeps the application running — it’s entirely decentralized and retains permissionless access.
Each specific user would have a token allocated to them, with RPIDs encrypted and managed solely on that user’s device. If users believe they are COVID-19 positive, they can send an attestation to the public registry. An accredited clinic or hospital can, therefore, issue a certificate denoting a positive diagnosis for those users. As no public identifiable data needs to be submitted, the burdensome process of government service is replaced by much quicker technology.
From there, the actual location data of the individual can be baked within the token while the pertinent details — e.g., de-identified COVID-19 swap — for authenticating the status of infection could be released. TokenScript acts as the point of communication between services that need the data and the actual data that never leaves the mobile phone. This severs the propensity of both governments and base third-party developers to wield location data for unethical means.
Relevant details for confirming diagnoses, not paired with location data, could be sent to third-party organizations, like the World Health Organization, without fears of them abusing privacy. In practice, this can be done by the patient visiting the WHO website, which will request either multi-party computation or a zero-knowledge proof of relevant data. The security enclave in TokenScript ensures that the website does not learn the original data but only the computational results.
The entire medical industry should rely on de-identified patient data to guard against the ethical violations of pharmaceutical companies. This solution we have proposed also anonymizes patient data, just locally on the user’s cell phone, without assuming the organization to be honest and secure. However, it would be censor-resistant and quicker — so quick that the website can instantly update its statistics and reporting as users use their tokens to participate in the computation of new reports on the website.
For example, a person named Michael wishes to know if he has ever crossed paths with a COVID-19-positive person. He could initiate a round of multi-party computations that identifies other users of the app who have been identified as positive. The mobile devices of those who have been identified as COVID-19 positive could participate in MPC, thereby helping Michael to learn if he has been in contact with them without letting exposing sensitive information to that person, such as when and where the possible transmission occurred.
The larger the size of both groups (normal users and identified positive cases), the higher the level of privacy will be. With some future advancements in cryptography, we can even look forward to the day when this can be done without the patient’s mobile phone being online to participate in the computation and merely through obfuscated data submitted to a public registry.
Many of the problems that flow from proximity-based applications are privacy-oriented. And while tokens today do not provide perfect privacy without being exceptionally cumbersome, there is room for improvement. There’s no precedent for a wide-scale surveillance app like the one being built, and the nebulous descriptions about some of its characteristics is concerning.
Probably aware of the backlash they would receive, Apple and Google have made an effort to distribute much of the data, but the security and privacy leaks are plentiful — primarily via the transfer of authentication between the public registry and individual.
A tokenized version of the authentication certificate, RPID cross-referencing, and use across multiple systems would be a better option for verification at scale without sacrificing privacy or control over the data to a third-party. As data is computed locally, an advisory has little to gain by going after Google or Apple. It may not be a panacea, but exploring how tokenization works in the case of disease tracing should become a notable area of research and development — lest we forfeit privacy for safety at the whims of governments.
Or, perhaps considering the limitations and uncertainty of Bluetooth, simply avoiding surveillance applications issued by a joint government and big tech initiative altogether is much simpler.
House Cancels Vote to Renew Surveillance Powers After Trump Threatens Veto
Some Democratic progressives also express a lack of support, citing inadequate privacy amendments.
The House of Representatives scrapped a planned vote Thursday on major national security legislation to renew a set of expired domestic surveillance powers after support for the bill eroded following a veto threat by President Trump.
The canceled vote cast further doubt over the fate of key portions of the Foreign Intelligence Surveillance Act, considered a cornerstone of expanded U.S. counterterrorism tools adopted after the Sept. 11, 2001, terrorist attacks. The spy powers expired more than two months ago, and their chances of restoration appeared unlikely in the immediate future.
Some progressive Democrats who were frustrated that more privacy amendments weren’t included had also expressed disapproval, raising the prospect that the House didn’t have enough votes to pass the bill. House Speaker Nancy Pelosi (D., Calif.) blamed Republicans for turning against legislation they had previously backed after Mr. Trump issued a veto threat Wednesday on Twitter.
“The Administration—particularly some in the Justice Department—would like nothing better than to not have a bill,” Mrs. Pelosi wrote in a letter to lawmakers announcing that there would be no vote. “Clearly, because House Republicans have prioritized politics over our national security, we will no longer have a bipartisan veto-proof majority.”
While some Republicans said it was pointless to pass a bill that would be vetoed, others argued the legislation didn’t do enough to address alleged abuses of FISA that Mr. Trump has complained about.
“The FISA process was abused, and those people that abused it haven’t been held accountable,” Minority Whip Steve Scalise (R., La.), said Wednesday.
Mr. Trump has pointed to a watchdog report detailing several misrepresentations made by the Federal Bureau of Investigation in its applications for surveillance of his campaign adviser Carter Page. In response, the FBI and Justice Department have rolled out a series of changes to how they seek applications for FISA surveillance.
Having abandoned the planned vote on the bill, most Democrats and some Republicans voted Thursday to instead convene a conference committee with the GOP-controlled Senate in an attempt to hammer out a compromise bill. But even if the two chambers can come to an agreement, Mr. Trump may continue to reject what lawmakers offer him.
Beyond the concerns expressed by Mr. Trump and his allies, a coalition of progressive Democrats and libertarian-leaning Republicans have long held concerns over FISA.
Those lawmakers have questioned whether the FBI and U.S. intelligence agencies are afforded too much power to use the FISA process in a way that violates civil-liberties protections of unsuspecting Americans. The differing factions have sought to leverage the debate over the lapsed authorities to achieve broader goals concerning national-security surveillance.
The FISA system was established as one of several post-Watergate reforms and requires that the Justice Department obtain approval from a secretive court when officials want to conduct domestic surveillance in relation to national-security investigations.
The legislation would extend until December 2023 the handful of surveillance powers based in part on FISA, including what is known as Section 215. National-security officials view Section 215 as a critical tool that allows the FBI to obtain a variety of business records from companies if they are believed to be relevant to a counterterrorism or counterintelligence investigation.
The expired powers also allowed investigators to easily wiretap a suspect who has switched phones and surveil a so-called lone-wolf terrorist who doesn’t possess any discernible ties to a foreign terrorist organization. Both of those authorities are broadly viewed as noncontroversial.
Senior Justice Department officials have said that their ability to pursue some investigations has been hindered without the surveillance powers in place. Privacy advocates have countered that the tools are overly broad and lack sufficient oversight and have challenged claims that the expiration of the tools jeopardizes national security.
The bill would also have formally ended a program that allows the National Security Agency to obtain numbers and time stamps of U.S. calls or text messages from phone companies after getting judicial approval. Congress created that program in 2015 as a scaled-down version of the bulk phone metadata surveillance tool exposed by former intelligence contractor Edward Snowden two years earlier. The program was shut down last year by the NSA amid repeated compliance issues.
One provision in the bill added by the Senate earlier this month would expand the ability of outside experts to provide guidance to the Foreign Intelligence Surveillance Court when it considers certain applications for domestic surveillance. The Senate passed the bill the House was considering on an 80-16 vote with strong bipartisan support.
But support in the House quickly crumbled Wednesday. Following Mr. Trump’s objections, House GOP leadership on Wednesday encouraged Republicans to oppose the FISA bill. The Congressional Progressive Caucus, which represents the left-flank of the House Democrats, also encouraged its roughly 95 members to oppose the FISA bill, arguing privacy protections didn’t go far enough. The vote was postponed late Wednesday and then called off Thursday.
The House Republican whip effort against the bill amounted to an about-face by the party two months after 126 of them voted for a version of the bill that contained fewer privacy provisions than the current package.
Further complicating matters is that Mr. Trump’s position hasn’t directly aligned with his own administration, which previously had pushed for a permanent renewal of the lapsed spy powers without any changes. More recently, the Justice Department has said the bill would impede the ability of investigators to pursue terrorism and espionage cases, not that it did too little to protect against privacy violations.
The Justice Department, despite its concerns over the lapsed surveillance powers, cited “significant problems” with the legislation and urged Mr. Trump on Wednesday to veto the measure if passed. The Justice Department had supported the bill in March, but pointed to the addition of the amendment concerning the FISA Court as a reason for its newfound objections—a shift that invited criticism.
“It’s utter hypocrisy that the president has threatened to veto the bill for not being strong enough, while his own Justice Department urges opposition to reforms that directly address the Carter Page surveillance abuses,” Neema Guliani, senior legislative counsel for the American Civil Liberties Union, said.
New Bill to Outlaw Encryption Without Gov’t Backdoor in US Senate
A bill that would outlaw end-to-end encryption for technology companies was proposed by three Republican senators; meanwhile, Ava and Cardano would not yield.
Three Republican senators introduced a bill to end “warrant-proof” encryption on June 23. It invokes national security as a pretext for requiring device manufacturers and service providers to assist law enforcement by providing access to encrypted data.
Pedophiles & National Security
The Lawful Access to Encrypted Data Act is sponsored by Lindsey Graham (R-SC), Tom Cotton (R-AR) and Marsha Blackburn (R-TN).
According to GovTrack, all three senators score high on the conservativeness scale, with Blackburn receiving a perfect 1.00.
Graham is also one of the sponsors of the EARN IT Act, which many privacy advocates heavily criticized for what they perceived as encroaching on personal freedoms under the guise of protecting children from sexual abuse.
It is not clear why Graham and his colleagues felt the need to propose a bill that, on the surface, seems to have similar goals to the EARN IT Act — stripping the individuals of the right to use privacy-preserving technology while forcing technology companies to become even more responsive to the state’s whims. Perhaps the idea is that at least one of the cards that the bill plays — national security or child welfare — will get the job done.
End To ‘Warrant-Proof’ Encryption
The press release says that the proposed legislation “would bring an end to warrant-proof encryption in devices, platforms, and systems,” a debate that has raged for years. Also, it stresses that companies would be required to cooperate with the authorities only after a warrant is issued by the court:
“The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary — but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.”
If this bill ever gets passed, the crypto industry might be especially affected. Cryptographic algorithms are at the core of Bitcoin (BTC) and other cryptocurrencies. On the other hand, the decentralized nature of many projects in this space, may make the industry better prepared.
Ava & Cardano Would Not Yield
Cointelegraph reached out to some of the prominent members of the crypto community for commentary.
Cornell University professor and Ava co-founder Emin Gün Sirer, answering whether Ava would implement a backdoor for government access, said “Absolutely not!” He added that if the bill is passed and law enforcement comes knocking on the door, he would sooner move his project overseas than succumb to pressure. Sirer believes that such lawmaking initiatives hamper national security rather than fostering it:
“Countless experts have made it clear, time and time again, that these ideas are misguided: these backdoors represent potential vulnerabilities, and they hate American companies and American competitiveness. At the same time, they force the use of technologies, such as VPNs, that cause communication that poses a national security threat in aggregate to move overseas.”
He Further Noted That Privacy-Preserving Technology Is The Essence Of Blockchain:
“Emerging technologies, such as blockchains, provide strong privacy guarantees, built into their very fabric. At the forefront of these systems, Ava will reject every effort to build abuse-prone backdoors into its software.”
Cardano (ADA) Founder Charles Hoskinson Expressed A Similar Sentiment:
“No. I will stop working on these systems if legally forced to do so”.
Roger Ver Expressed Skepticism That Political Laws Have The Power To Solve What Essentially Is A Math Problem:
“No amount of violence can solve a math problem. And I think that’s a great way of looking at it. Right. So politicians can pass all the bills they want, but it doesn’t change the way math works. So no amount of political law making or violence can solve a math problem”
Meanwhile, attorney general William P. Barr issued a statement strongly supporting the act, pointing out that warrant-proof encryption allows “criminals to operate with impunity,” and that, given the COVID-19 lockdown, it could not be timelier:
“The danger is particularly great for children who are targeted online for sexual exploitation, especially during this time of coronavirus lockdowns. Survivors of child sexual abuse and their families have pleaded with technology companies to do more to prevent predators from exploiting their platforms to harm children. We cannot allow these companies to elevate their profits and the privacy rights of these abusers over the safety and security of children.”
The likelihood of this bill passing will be greatly impacted by November elections.
The IRS Wants to Know More About Privacy-Enhancing Crypto Coins, Tools
The Internal Revenue Service (IRS) is laying the groundwork for a possible assault on privacy-enhancing cryptocurrency technologies.
- IRS-CI Cyber Crimes Unit challenged its “industry partners” to explain where the crypto tracing community stands on privacy coins, Layer 2 protocols, sidechains and the Schnorr signature algorithm in a June 30 Request for Information (RFI), as first reported by The Block.
- “There are few investigative resources for tracing transactions” that move across these privacy-enhancing vectors, the IRS said, noting a recent spike in illicit privacy coin use. “The CI Cyber Crimes program is working to get in front of this trend.”
- The IRS singled out the monero, zcash, dash, grin, komodo, verge and horizen privacy coins, sidechains Plasma and OmiseGo, and Layer 2 protocol networks Lightning, Raiden and Celer.
- What’s good for user privacy is bad for investigative efficacy: The IRS bemoaned the Bitcoin blockchain’s apparent plans to integrate Schnorr signatures, writing that such a move will undercut IRS agents’ current tracing techniques.
- The tax agency seeks estimates of how much it would cost to “support this initiative” as well as return on investment estimates.
Cryptocurrencies Have ‘No Way’ To Comply With US Anti-Encryption Bills
Multiple bills that threaten encryption are moving through the U.S. Senate and could pose a threat to technology that protects users’ privacy, industry pros say.
These bills include the Lawful Access to Encrypted Data (LAED) Act and the Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act. While the LAED was only recently introduced to the Senate, the EARN IT act has been in the works for months, and has been amended a number of times.
Privacy advocates and product designers say such legislation would also curtail people’s privacy to a huge degree, fundamentally change existing technology and have an impact on everything from messaging and file sharing to privacy coins.
“The government basically would have mass surveillance powers into all of our communications,“ said Zcoin Project Steward Reuben Yap, referring to the LAED Act. “It’s saying, ‘Let’s drop the pretense and let’s just go for it.’ I think it’s really scary. It’s not just about cryptocurrencies as a whole though, it’s really about freedom.”
The Bills In Question
Sponsored by three Republicans, the LAED Act seeks to end encrypted communications by building in a backdoor for law enforcement to use. The bill lays out a legal framework for law enforcement to access encrypted data with a court order.
The explicit goal of the EARN IT Act is to curb the spread of child exploitative content online, such as child sexual abuse imagery, though its impact could be far wider. In an initial draft, this was going to be done through stripping tech companies of liability protections for the content that is posted on their platforms. These protections currently exist in Section 230 of the Communications Decency Act, which prevents social media companies such as Facebook, Twitter and Reddit from content liability.
Under an earlier draft of the EARN IT Act, companies would lose Section 230 protections if they didn’t follow the recommendations of a federal commission on child exploitative content. This could render companies like WhatsApp, which offers end-to-end encryption, liable for communications on the platform, unless they revoked end-to-end encryption.
“They communicate using virtually unbreakable encryption. Predators’ supposed privacy interests should not outweigh our privacy and security,” said Attorney General William Barr at an event the day the bill was introduced.
“There is no way for Ethereum, Bitcoin and other cryptocurrencies to comply. “
Barr has long been a critic of encryption, dating back to his days in the George W. Bush Administration.
The most recent version of the bill gets rid of the commission idea, delegating power to state legislatures to bring lawsuits against companies. It also adds an amendment that explicitly protects encryption. But organizations such as the Electronic Frontier Foundation (EFF), Center for Democracy and Technology and Internet Society claim the bill might respect encryption in name, but not in practice.
Tools like client-side scanning, which could be used to check for child exploitative content, employs software to check files that are being sent against a database of “hashes,” or unique digital fingerprints. If it finds a match to certain kinds of images, they could be blocked, with the recipient notified, or the message could be forwarded to a third party without the user’s knowledge. Organizations such as EFF have said this violates encryption on a fundamental level.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity,” said Republican Sen. Tom Cotton of Arkansas and one of the sponsors (with Sens. Lindsey Graham and Marsha Blackburn) of the LAED, in a public statement.
“Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet.”
Child sexual abuse imagery is proliferating at an alarming rate on the internet. In 2019, tech companies reported nearly 70 million pieces of exploitative child content to authorities. Criminals also often use encrypted communications. EncroChat, a encrypted communications platform, protected criminals and their communications from the police, until law enforcement managed to infiltrate it.
But weakening tools that protect everyone’s privacy may not be the best solution, say privacy advocates.
The Impact On Tech And Cryptocurrency
Yap, of Zcoin, said many kinds of technology could be impacted by the bill’s broad sweep.
The LAED Act is aimed at electronic devices and operating systems. Providers of “remote computing services” are included, presumably to cover cloud computing services like Dropbox.
However, Yap said the bill’s definition of remote computing services can be stretched to include cryptocurrencies as well, because financial transactions are conceivably just another form of electronic communication.
“Given the trajectory of this legislation, people in the cryptocurrency industry, especially those like Zcoin [that] are privacy-focused, will very likely be affected,” said Yap.
“It could mean that ‘providers’ of a privacy cryptocurrency that provided service to more than 1,000,000 users in the US are required to insert a backdoor.”
“Privacy is not safe in their hands.”
Ian Dixon, a Nevada-based programmer who previously mined bitcoin and runs a validator on a privacy-oriented blockchain network, said the bills are repackaged attacks on privacy, just with different language.
“It doesn’t really seem possible to enforce, but it would essentially make blockchains illegal in general,” said Dixon. “There is no way for ethereum, bitcoin and other cryptocurrencies to comply.”
Matt Hill, the co-founder of Start9 Labs in Colorado, which develops decentralized internet tech, says he sees both pieces of legislation as falling into the same bucket, even if they are different in flavor.
“The ultimate meaning is the same, which is that if you are a service provider of privacy or encryption, you are going to be subject to the whims of politics,” said Hill.
“We hope politicians and our political system stays rational, and upholds individual rights to privacy, but if they don’t you are going to be subjected to force, whether it’s building a backdoor or handing over user data.”
Hill said that even if these bills don’t pass, the very fact they’re sitting on the table and being taken seriously should be enough of a warning sign for us to start thinking outside the political box.
“Privacy is not safe in their hands,” said Hill. “So we have to protect privacy with technology, as opposed to with laws.”
This is privacy-by-design tech, the kind that Start9 Labs develops, including a server that lets users run their own private networks and cut out middlemen who would otherwise have access to their data.
Start9 Lab’s tech is built such that it can’t hand over any user data, even if legally compelled to, because it doesn’t have it. It builds the tech but doesn’t run the services on it. Given its products are open source, they can continue to run and protect user privacy, even if the company is shut down.
Encrypted communications are regularly used by people such as dissidents and journalists, and are often a means of protecting sources or organizing in authoritarian countries. There is a risk that if the U.S., which has long held itself up as an example of freedom and democracy, moves to eliminate end-to-end encryption, other countries would also follow suit, and use such legislation to crack down on dissent.
Finally, backdoors inevitably get used by bad guys, not just law enforcement.
“There’s no such thing as a backdoor just for good guys,” said Daisy Soderberg-Rivkin, a fellow focusing on children and technology at the R Street Institute, a policy think tank in Washington, D.C. “This opens up users’ information to a whole mess of bad actors.”
Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,Blockchain Technology Counters US,