Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Electronic Frontier Foundation Encryption Government The Internet

It's Back: Senators Want 'EARN IT' Bill To Scan All Online Messages (eff.org) 212

A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that "would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe," writes Joe Mullin via the Electronic Frontier Foundation. "It's a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online -- backups, websites, cloud photos, and more -- is scanned." From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all -- specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. [...]

Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.

The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.

This discussion has been archived. No new comments can be posted.

It's Back: Senators Want 'EARN IT' Bill To Scan All Online Messages

Comments Filter:
  • all the (Score:5, Informative)

    by blackomegax ( 807080 ) on Thursday February 03, 2022 @08:35PM (#62235515) Journal
    All the major players already do this..

    You don't think facebook and whatsapp E2E is *really* safe from the prying eyes of the relentless advertising engine that runs them, do you? Tell me you aren't that naive.

    Even Moxie Marlinspike of Signal fame is a government spook these days.
    • They have no legal shield if they use it for advertising, one disgruntled employee and they are fucked for breach of contract.

      Of course if FBI comes with a NSL and tells them and Google/Apple to upload a backdoor'd version to the appstore it's a different matter.

    • by AmiMoJo ( 196126 )

      It depends who your adversary is.

      The police in the UK regularly complain that they can't access WhatsApp messages and phones that are encrypted and locked with a strong password. So clearly those things do protect you if your adversary is the cops, even if they get GCHQ involved.

      In the US the FBI is known to rely on Israeli tools to unlock phones and access WhatsApp messages that way. So we know that the E2E encryption is preventing them intercepting messages.

      Sure, if you are high on some secret government

      • The US does not have to have secret trails any more. Obama made that obsolete and every administration since him has agreed with keeping it that way. Indefinite incarceration is legal in the US now. With a simple gag order and a flight of stars to fall down, anyone can be secretly kidnapped by the US government and assassinated.

    • The only even remotely secure messaging app is Signal because they simply don't gather the data in the first place and never store keys anywhere expect on the users' devices. Surveilling someone on Signal is possible but it requires the targeted actions of a powerful, usually state, actor. Your data is secured from casual inspection or a general trawl.
    • You don't think facebook and whatsapp E2E is *really* safe from the prying eyes of the relentless advertising engine that runs them, do you?

      Your own computer is already doing it if you use Microsoft products. And it is for far more than "CSAM". CSAM is the excuse, not the reason.

    • This bill was hugely, visibly unpopular with voters and a large slab of industry. It should never come up again. Yet here it is: Congress repeatedly floating extremely unpopular legislation that not only doesnâ(TM)t come from their constituents, but is ACTIVELY OPPOSED by them. It is being pushed, behind the scenes, by a powerful well-funded minority. Tells you all you need to know about the functioning of our Legislature.
  • As has been said... (Score:5, Interesting)

    by sconeu ( 64226 ) on Thursday February 03, 2022 @08:36PM (#62235517) Homepage Journal

    Kiddie Porn is the root password to the Constitution.

    • Kiddie Porn is the root password to the Constitution.

      Or they'll use their own passwords: sudo make me a surveillance state

      (Hope this generates the expected error results...)

      ... scan every message sent online ...

      Can't imagine US Florida Congressman Matt Gaetz would on board with this ...

  • Big ol’ “meh” (Score:3, Informative)

    by hdyoung ( 5182939 ) on Thursday February 03, 2022 @08:38PM (#62235527)
    This bill is a bad idea, but this day and age, anyone who thinks their internet stuff is private has been napping for 20 years at least. There’s always that guy who comes back and says “but I use tor and always break my burner phone after every call”. Sorry buddy, if the government wants your info, the government gets your info. The government is a 600 pound gorilla and you’re the little old lady stepping into the ring. Outcome: gorilla wins. If you do your work on paper and an old-timey typewriter, maybe you can keep your info under control. Meh who am I kidding - even the CIA/NSA/FBI leak info on a regular basis. Anyone who thinks they can do better than those organizations has a serious case of Dunning Kruger.
    • by _0x0nyadesu ( 7184652 ) on Thursday February 03, 2022 @09:02PM (#62235585)

      A state actor could get into anything. Keyword being _could_. If it's on their radar and only if they care. They aren't gonna come after your self hosted chat server unless they suspect you.

      • Bingo.
        _could_ is the operative word.
        There are currently zero lawful-intercepts happening in my network.
        Doesn't mean they don't happen, but it's not like the CIA has a secret tap in my core somehow snooping on all 260 of my AS peers.
        • You might have thought that if you worked at a certain AT&T intercontinental exchange in the early 2000s, too.

          Until one day you removed some mystery splitter that was stealing enough photons to cause link malfunctions, and immediately a bunch of gorillas came out from an always-locked door and pointed a gun at you and ordered you to put it back in.
          • Nope.
            I'm not AT&T, I don't have 10,000 POPs, and not enough people to always have eyes on them.

            I know that shit happened to the big guys- but they're the most vulnerable to that kind of shit.
      • NSA was scanning everything as far back as the Bush years. It doesnt matter that the government totally pinky swears that they dont do this anymore. Anyone who believes they stopped should buy massive amounts of my recently minted cryptocurrency TotallyNotARugPullCoin(tm). They were certainly running automated searches for various red flags. And I wouldn’t be surprised at all if they had even farmed that crap out to trusted companies.

        This bill is a bad idea, but all it would do is legitimize so
      • This act appears to be a tool to *put* you on the radar?

        What bothers me is the "checked against a government database" part. What kinds of controls would be in place to manage the contents of the database? How hard would it be to put into the database "The president is a scumbag" and now the president and his/her allies have all the people who feel strongly negative about him/her in the crosshairs? Not very eloquent but you get the gist. Any political language could be put into the database if the pro
      • 'unless they suspect you'

        True, they aren't coming 'unless they suspect you'

        It's *what* they suspect you of that is the problem. Theft, child abuse, sure, I get that. 'Misinformation'? Not so much. They will come for you for anything they want to.

      • As long as you are not infringing on the wealth and power of the elites, you are fine. If you are, nothing can save you. Imagine if during the American Revolution, George III could read all the Foundersâ(TM) mail, eavesdrop on all their conversations, knew everyone they had spoken with and there whereabouts at all times. I hope our government never goes bad. /s
    • by Dutch Gun ( 899105 ) on Thursday February 03, 2022 @10:18PM (#62235791)

      At the moment, it's perfectly possible to use end-to-end encryption to hide your message content from ANY spying eyes, unless you're claiming that our government has secretly broken the world's most advanced encryption algorithms. That would be a hell of a claim to make, and would require extraordinary proof, not a hand-wavy assertion about how the NSA can do anything. Currently, you'll notice that the only way to get at targeted individuals who use such encryption is to use local exploits pre-encryption, and those exploits are *very* expensive to obtain and use. For the rest of us, that's a very good thing.

      A bill like this might make such end-to-end encryption illegal, requiring any such technology to provide a set of backdoor keys. That's a very big deal, and is worth fighting. At the moment, the only thing that can be done is on closed platforms and closed services (like iOS nanny-scanning your phone, which gives users no choice). For everything else, they can only gather and track metadata that's not encrypted.

      It's a terrible idea to just admit defeat from the get go without vigorously defending what little privacy we have left. There's a huge, huge difference between the occasional targeting of high-stakes individual and opening the door to mass surveillance of ALL private messages.

      • Re:Big ol' "meh" (Score:5, Informative)

        by sconeu ( 64226 ) on Friday February 04, 2022 @12:12AM (#62236019) Homepage Journal

        I literally (and yes, I mean literally) just wrote a term paper for a law school class where I discussed this issue. My analysis (which I recognize may be biased) was that the courts would rule this a First, Fourth, and Fifth amendment violation, along with potential for Second, and Fourteenth.

        The main issue is, of course, the First Amendment. Any ban on end-to-end would almost certainly be considered prior restraint. Under current jurisprudence, any restraint on speech has to show it is the LEAST intrusive way to achieve its goals.

        Then there's all the due process, etc... issues. And for the Second Amendment argument, remember that crypto has been classed as a munition (I can't remember if it's still under ITAR, even though enforcement has has been moved to Commerce). That way you can get both Free Speech advocates and the Gun Rights advocates together on the same page.

        • Have you looked up from your books and actually observed the US court system nowadays? This law doesnt threaten unborn babies or impact your right to shoot up a school. Itll pass with flying colors. Those appear to be the only rights that matter nowadays. Yes, im being sarcastic and a bit superlative, but if you think this Supreme Court is going to take a principled stance on anything but guns or abortionâ¦..
      • At the moment, it's perfectly possible to use end-to-end encryption to hide your message content from ANY spying eyes

        Fascinating. So you assume that they are not watching you encrypt it to begin with? I guess if that assumption holds true, it is, in theory, possible to encrypt in such a way as that they can not break it. I suspect that anything you do manually (using OpenSSL on the command line) might let you semi-escape some amount of surveillance; but all of the apps are essentially pre-bugged. That means they don't have to break the encryption, they just decrypt it with the key that was used when it was encrypted. Do y

    • even the CIA/NSA/FBI leak info on a regular basis. Anyone who thinks they can do better than those organizations has a serious case of Dunning Kruger.

      This VASTLY over-estimates the skill of these agencies.

    • Sorry buddy, if the government wants your info, the government gets your info.

      Yes, but by using tools like signal and applying sane security measures, you can make it very expensive for them and not scalable.

  • by Sebby ( 238625 ) on Thursday February 03, 2022 @08:43PM (#62235539)

    A group of lawmakers have re-introduced the EARN IT Act

    There's a way to describe this group of 'people': it's "Privacy Rapists".

  • so we are nazi germany now?

    • by PPH ( 736903 )

      No. More like Democratic Kampuchea [wikipedia.org].

  • So.... (Score:5, Interesting)

    by bjdevil66 ( 583941 ) on Thursday February 03, 2022 @09:03PM (#62235589)

    Who's lobbying for this bill - and patiently standing in line, waiting for the fat, billion-dollar contracts for the IT side of the work?

  • How come the government always wants to treat me like a criminal slave?
  • by alispguru ( 72689 ) <<moc.em> <ta> <enab.bob>> on Thursday February 03, 2022 @09:03PM (#62235593) Journal

    Whatever scanning they want for America as a whole should be required to be tested first on a representative sample of the public - all the members of Congress, their offices, their homes, and their smartphones.

  • by RossCWilliams ( 5513152 ) on Thursday February 03, 2022 @09:05PM (#62235603)
    The answer is hardly anyone. Most people figure since they don't do anything the government has any interest in they have nothing to worry about. And for the most part they are right. So they are more than willing to trade away any privacy they have left for more security or just a amusing free Web site. The future is China.
    • Your last comment is interesting. Are you saying the future for the US is to emulate China? Or more literally that China has already beat us to where we will enviably be and thus has already won?

      • There is a possibility that one day a billion Chinese will turn to Beijing and say âoewhy are you in charge, again?â Change in Chinese society comes seldom but is always dramatic. China could embrace democracy the way the U.S. no longer does, and kicks our ass; or embraces American-style crony capitalism, and still kick our ass.
    • Wasn't there some people from the 3 letter agencies charged recently for abusing already available tools to spy on their family, friends, etc?

      Ah, found it :

      https://www.washingtonpost.com... [washingtonpost.com]

      LoveInt they call it. Catchy. So just the availability of such tools may get people tempted to use them, even without any legal reasons.

    • "Give me twelve lines written by the most honest of men, and I shall find something (within) to hang them."

      Just because *you* don't think you have anything to hide, doesn't mean "they" won't come trying to find a way to hang you anyway. Thanks but no thanks, I'll keep trying to keep my stuff private...

  • No surprise there. This guy also thinks we should increase defense spending by 35%.
  • There is a popular technique against this. Just spam the channels with words they are looking for from fake accounts.

  • by djp2204 ( 713741 ) on Thursday February 03, 2022 @09:12PM (#62235623)

    If you are in the USA, then your ISP, cellular provider, VPN provider, smart phone manufacturer, smart tv manufacturer, "smart speaker", late model car, computer manufacturer, social media provider, email provider, grocery store, pharmacy, e-commerce sites, and any other website you visit is monetizing your behavior by violating your "privacy" with impunity. True, some advanced users will work out ways around most of these things. But the majority does not care about "privacy" because it's simply too abstract of a concept for them to think about.

    • by DamnOregonian ( 963763 ) on Thursday February 03, 2022 @09:53PM (#62235711)
      Wrong answer.

      I'm sure there's tons of only-technically-consensual monetization happening, don't get me wrong.
      But I work at a very high level in one of those industries, and we don't monetize our customers past their monthly bill. Period. If we did it, I'd be the one who had to implement it.
      • Just because you don't doesn't mean your competitors aren't trying to boost their profits by doing it. The relentless pressure to increase profits even in a mature market will make sure you all do eventually.
        • Just because you don't doesn't mean your competitors aren't trying to boost their profits by doing it. The relentless pressure to increase profits even in a mature market will make sure you all do eventually.

          Just because someone does, doesn't mean all their competitors will too.
          There are many ways to increase profits.

          At the largest level (the national ISPs) I imagine the corporate hierarchy there, and the ability to separate the operations side from the business side, does pretty much guarantee that some corporate shit-for-brains will monetize their customer base like that, but at the level I work at- large regional ISPs, that shit just isn't going to happen. The revolt against the C-suites would be capable

      • Comment removed based on user account deletion
    • Comment removed based on user account deletion
  • by rsilvergun ( 571051 ) on Thursday February 03, 2022 @09:34PM (#62235671)
    Why am I not surprised? Vote in your primary elections folks. They're a good candidates in the primary but they keep losing to bad candidates. And never listen to what a politician says. The bad ones use good speech to trick you. All you want is a list of either what they did when they were in office or if this is their first rodeo a big list of their specific policy positions. No more pretty little lies and no more voting for candidates that make us feel good about being American.
  • by caviare ( 830421 ) on Thursday February 03, 2022 @09:47PM (#62235699)

    How can you have a democracy if those in power can spy on potential opponents and make public every little peccadillo? Here's your senator taking a dump. Here's your congressman picking his nose. Here's a dumb email she wrote when she was 18.

    Lots of people don't really grow up until they are about 30. But that won't stop those in power from digging up the dirt on the silly things their opponents did in their twenties and showing them off for all to see. Lets face it, we all did dumb things in our twenties. No privacy, no democracy, it's that simple.

    Possible the single best protection for children is an affluent functioning democracy. The US is throwing away democracy and the affluence will follow.

    • You don't have to do privacy invasions to get to the stupid emails and pics that they do as a kid now a days.

      They are all sharing it to the world in social media as it is. And if they stand for election as an adult, am sure alot of them will find that the stuff they posted publicly as a kid will come back to bite them in the ass.

    • Possible the single best protection for children is an affluent functioning democracy. The US is throwing away democracy and the affluence will follow.

      The US has always been operated as an oligarchy, and it still is. It's never actually run as a democracy, although it does have some democratic elements. Those affluent people get the best government their money can buy.

  • Sounds great! After all, some piece of "misinformation" might slip through if we aren't ever vigilant.
  • stand for something different. They don't! corruption comes in all shapes, sizes and political affiliations.
  • Comment removed based on user account deletion
  • by Frobnicator ( 565869 ) on Thursday February 03, 2022 @11:04PM (#62235915) Journal
    Seems like we need a round of high profile campaigns, especially from big tech. If everyone from Facebook to bank websites loaded to a banner "THIS SITE IS NO LONGER SECURE DUE TO US FEDERAL LAW" the public would take notice.
    • If everyone from Facebook to bank websites loaded to a banner "THIS SITE IS NO LONGER SECURE DUE TO US FEDERAL LAW" the public would take notice.

      Remember that scene in Tommy Boy where he gets on the evening news for strapping a "bomb" to himself, and one of the guys Tommy sold to says, "Oh, yeah, I buy parts from that guy," and then turns the channel? That's the "notice" the public would take for something like this. I get it; you get it; but John Q. Public does not.

    • Seems like we need a round of high profile campaigns, especially from big tech. If everyone from Facebook to bank websites loaded to a banner "THIS SITE IS NO LONGER SECURE DUE TO US FEDERAL LAW" the public would take notice.

      They already tried that in Europe. Pretty much every single website has a GDPR pop-up that says something along the lines of "we use cookies to spy on you". It's just one more thing to click through.

      • There is a difference between "We use cookies to properly identify your user session so that your user account credentials can be unique when using our service. You know, so people cant post as you, and vise versa." and "LISTEN HUMAN SLAVE. YOU WILL CONSUME THE ADVERTS AND LIKE THEM. IF YOU FAIL TO DO SO, THERE WILL BE CONSEQUENCES."
        The issue, is that the people that REALLY REALLY want to say the latter, INSIST that their reason for tracking is the former.

        Rather than do what really needs to be done (watchdo

  • Clearly and objectively unconstitutional.
  • ... laughs in GDPR.

  • "Sorry, was that Buttle or Tuttle that our algorithms just sent to enhanced interrogation?" - "I dunno. Too unprofitable to find out. Exposing issues with our proprietary, top secret AI system might affect our share price."
  • Go on, complain about GDPR.
  • One of the scarier quotes [msn.com] is ""To me, just being great at game building gives us the permission to build this next platform, which is essentially the next internet: the embodied presence."

    He doesn't mention the W3C anywhere in this.

  • The country with "the most freedom". Hah what a joke!

There are new messages.

Working...