It's Back: Senators Want 'EARN IT' Bill To Scan All Online Messages (eff.org) 212
A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that "would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe," writes Joe Mullin via the Electronic Frontier Foundation. "It's a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online -- backups, websites, cloud photos, and more -- is scanned." From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all -- specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. [...]
Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.
The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.
Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.
The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.
all the (Score:5, Informative)
You don't think facebook and whatsapp E2E is *really* safe from the prying eyes of the relentless advertising engine that runs them, do you? Tell me you aren't that naive.
Even Moxie Marlinspike of Signal fame is a government spook these days.
Re: all the (Score:2)
They have no legal shield if they use it for advertising, one disgruntled employee and they are fucked for breach of contract.
Of course if FBI comes with a NSL and tells them and Google/Apple to upload a backdoor'd version to the appstore it's a different matter.
Re: (Score:2)
It depends who your adversary is.
The police in the UK regularly complain that they can't access WhatsApp messages and phones that are encrypted and locked with a strong password. So clearly those things do protect you if your adversary is the cops, even if they get GCHQ involved.
In the US the FBI is known to rely on Israeli tools to unlock phones and access WhatsApp messages that way. So we know that the E2E encryption is preventing them intercepting messages.
Sure, if you are high on some secret government
Re: (Score:3)
The US does not have to have secret trails any more. Obama made that obsolete and every administration since him has agreed with keeping it that way. Indefinite incarceration is legal in the US now. With a simple gag order and a flight of stars to fall down, anyone can be secretly kidnapped by the US government and assassinated.
Re: (Score:2)
Re: (Score:2)
You don't think facebook and whatsapp E2E is *really* safe from the prying eyes of the relentless advertising engine that runs them, do you?
Your own computer is already doing it if you use Microsoft products. And it is for far more than "CSAM". CSAM is the excuse, not the reason.
Re: all the (Score:2)
As has been said... (Score:5, Interesting)
Kiddie Porn is the root password to the Constitution.
Re: (Score:2)
Kiddie Porn is the root password to the Constitution.
Or they'll use their own passwords: sudo make me a surveillance state
(Hope this generates the expected error results...)
Can't imagine US Florida Congressman Matt Gaetz would on board with this ...
Re: (Score:2)
I think you've been watching too much shitty Netflix SciFi movies/series.
Didn't you know the Nazis already have a secret base on the dark side of the Moon?
Re: (Score:2)
"There is no dark side of the moon, really....
-Pink
Big ol’ “meh” (Score:3, Informative)
Re:Big ol’ “meh” (Score:5, Insightful)
A state actor could get into anything. Keyword being _could_. If it's on their radar and only if they care. They aren't gonna come after your self hosted chat server unless they suspect you.
Re: (Score:2)
_could_ is the operative word.
There are currently zero lawful-intercepts happening in my network.
Doesn't mean they don't happen, but it's not like the CIA has a secret tap in my core somehow snooping on all 260 of my AS peers.
Re: (Score:3)
Until one day you removed some mystery splitter that was stealing enough photons to cause link malfunctions, and immediately a bunch of gorillas came out from an always-locked door and pointed a gun at you and ordered you to put it back in.
Re: (Score:2)
I'm not AT&T, I don't have 10,000 POPs, and not enough people to always have eyes on them.
I know that shit happened to the big guys- but they're the most vulnerable to that kind of shit.
Re: (Score:3)
This bill is a bad idea, but all it would do is legitimize so
Re: (Score:2)
What bothers me is the "checked against a government database" part. What kinds of controls would be in place to manage the contents of the database? How hard would it be to put into the database "The president is a scumbag" and now the president and his/her allies have all the people who feel strongly negative about him/her in the crosshairs? Not very eloquent but you get the gist. Any political language could be put into the database if the pro
Re: (Score:2)
'unless they suspect you'
True, they aren't coming 'unless they suspect you'
It's *what* they suspect you of that is the problem. Theft, child abuse, sure, I get that. 'Misinformation'? Not so much. They will come for you for anything they want to.
Re: Big ol’ “meh” (Score:2)
Re:Big ol’ “meh” (Score:5, Insightful)
At the moment, it's perfectly possible to use end-to-end encryption to hide your message content from ANY spying eyes, unless you're claiming that our government has secretly broken the world's most advanced encryption algorithms. That would be a hell of a claim to make, and would require extraordinary proof, not a hand-wavy assertion about how the NSA can do anything. Currently, you'll notice that the only way to get at targeted individuals who use such encryption is to use local exploits pre-encryption, and those exploits are *very* expensive to obtain and use. For the rest of us, that's a very good thing.
A bill like this might make such end-to-end encryption illegal, requiring any such technology to provide a set of backdoor keys. That's a very big deal, and is worth fighting. At the moment, the only thing that can be done is on closed platforms and closed services (like iOS nanny-scanning your phone, which gives users no choice). For everything else, they can only gather and track metadata that's not encrypted.
It's a terrible idea to just admit defeat from the get go without vigorously defending what little privacy we have left. There's a huge, huge difference between the occasional targeting of high-stakes individual and opening the door to mass surveillance of ALL private messages.
Re:Big ol' "meh" (Score:5, Informative)
I literally (and yes, I mean literally) just wrote a term paper for a law school class where I discussed this issue. My analysis (which I recognize may be biased) was that the courts would rule this a First, Fourth, and Fifth amendment violation, along with potential for Second, and Fourteenth.
The main issue is, of course, the First Amendment. Any ban on end-to-end would almost certainly be considered prior restraint. Under current jurisprudence, any restraint on speech has to show it is the LEAST intrusive way to achieve its goals.
Then there's all the due process, etc... issues. And for the Second Amendment argument, remember that crypto has been classed as a munition (I can't remember if it's still under ITAR, even though enforcement has has been moved to Commerce). That way you can get both Free Speech advocates and the Gun Rights advocates together on the same page.
Re: Big ol' "meh" (Score:2)
Re: (Score:2)
Did you even see the bit about "Second Amendment"?
Re: (Score:3)
We know the FBI, CIA, and NSA are violating those amendments constantly, and we know (or should know) they are doing so for illegal purposes beyond the mere collection. Is that being addressed? How could it be addressed.
With cryptography. sconeu's point is that banning cryptography wouldn't pass constitutional muster, therefore it will continue to be available.
Re: (Score:2)
At the moment, it's perfectly possible to use end-to-end encryption to hide your message content from ANY spying eyes
Fascinating. So you assume that they are not watching you encrypt it to begin with? I guess if that assumption holds true, it is, in theory, possible to encrypt in such a way as that they can not break it. I suspect that anything you do manually (using OpenSSL on the command line) might let you semi-escape some amount of surveillance; but all of the apps are essentially pre-bugged. That means they don't have to break the encryption, they just decrypt it with the key that was used when it was encrypted. Do y
Re: (Score:2)
even the CIA/NSA/FBI leak info on a regular basis. Anyone who thinks they can do better than those organizations has a serious case of Dunning Kruger.
This VASTLY over-estimates the skill of these agencies.
Re: (Score:2)
Sorry buddy, if the government wants your info, the government gets your info.
Yes, but by using tools like signal and applying sane security measures, you can make it very expensive for them and not scalable.
aka "Privacy Rapists" (Score:5, Interesting)
A group of lawmakers have re-introduced the EARN IT Act
There's a way to describe this group of 'people': it's "Privacy Rapists".
Re: aka "Privacy Rapists" (Score:3)
Re: (Score:2)
Re: (Score:2)
It would force websites like Slashdot to reveal info about any posts - so you could kiss that “post anonymously” checkbox goodbye.
so we are nazi germany now? (Score:2)
so we are nazi germany now?
Re: (Score:2)
No. More like Democratic Kampuchea [wikipedia.org].
Re: (Score:2)
Far from both - agree, but it doesn't mean we cannot become one.
Just a reminder for everybody, Hitler was democratically elected - the same was Palpatine, for those who don't follow history much.
Re: (Score:2)
The Weimar republic was begging for what happened to it.
Re: (Score:3, Insightful)
You can take the motivations, perspectives, and leaders' talking points from 1930s Germany, run them through a few simple regexp replacement filters, and get back Trumpist motivations, perspectives, appeals and talking points almost verbatim. Including a certain 1930s election slogan: "Make Germany Great Again."
To someone who wishes to remain ignorant and believe simple answers about complex problems, this sort of cr
So.... (Score:5, Interesting)
Who's lobbying for this bill - and patiently standing in line, waiting for the fat, billion-dollar contracts for the IT side of the work?
Re: So.... (Score:2)
How come... (Score:2)
Re: How come... (Score:2)
Because there's no way to rule an innocent man.
Congresscritters first (Score:5, Insightful)
Whatever scanning they want for America as a whole should be required to be tested first on a representative sample of the public - all the members of Congress, their offices, their homes, and their smartphones.
Re: Congresscritters first (Score:3)
Yeah, that's not how this works. The people leading the witchhunt always make sure to exempt themselves from the pool of potential witches.
Let's face it, Evil has won here in America.
Privacy? Who Cares? (Score:5, Insightful)
Re: (Score:2)
Your last comment is interesting. Are you saying the future for the US is to emulate China? Or more literally that China has already beat us to where we will enviably be and thus has already won?
Re: Privacy? Who Cares? (Score:2)
Re: (Score:2)
Wasn't there some people from the 3 letter agencies charged recently for abusing already available tools to spy on their family, friends, etc?
Ah, found it :
https://www.washingtonpost.com... [washingtonpost.com]
LoveInt they call it. Catchy. So just the availability of such tools may get people tempted to use them, even without any legal reasons.
Re: (Score:2)
"Give me twelve lines written by the most honest of men, and I shall find something (within) to hang them."
Just because *you* don't think you have anything to hide, doesn't mean "they" won't come trying to find a way to hang you anyway. Thanks but no thanks, I'll keep trying to keep my stuff private...
Re: Privacy? Who Cares? (Score:2)
Lindsey Graham is the act's sponsor (Score:2)
Re:Lindsey Graham is the act's sponsor (Score:5, Interesting)
Mass surveillance is always bipartisan.
In fact, the only bills scarier than the ones that are passed with precisely zero input from the opposing party, are the bills they both agree on.
Poison the well (Score:2)
There is a popular technique against this. Just spam the channels with words they are looking for from fake accounts.
Re: (Score:2)
There is no online privacy (Score:3)
If you are in the USA, then your ISP, cellular provider, VPN provider, smart phone manufacturer, smart tv manufacturer, "smart speaker", late model car, computer manufacturer, social media provider, email provider, grocery store, pharmacy, e-commerce sites, and any other website you visit is monetizing your behavior by violating your "privacy" with impunity. True, some advanced users will work out ways around most of these things. But the majority does not care about "privacy" because it's simply too abstract of a concept for them to think about.
Re:There is no online privacy (Score:4, Interesting)
I'm sure there's tons of only-technically-consensual monetization happening, don't get me wrong.
But I work at a very high level in one of those industries, and we don't monetize our customers past their monthly bill. Period. If we did it, I'd be the one who had to implement it.
Re: (Score:2)
Re: (Score:2)
Just because you don't doesn't mean your competitors aren't trying to boost their profits by doing it. The relentless pressure to increase profits even in a mature market will make sure you all do eventually.
Just because someone does, doesn't mean all their competitors will too.
There are many ways to increase profits.
At the largest level (the national ISPs) I imagine the corporate hierarchy there, and the ability to separate the operations side from the business side, does pretty much guarantee that some corporate shit-for-brains will monetize their customer base like that, but at the level I work at- large regional ISPs, that shit just isn't going to happen. The revolt against the C-suites would be capable
Re: (Score:2)
Re: (Score:2)
Maybe shit like that happens at the big ILECs, but definitely not down at our level.
Re: (Score:3)
Graham and Blumenthal (Score:3)
privacy invasion is a threat to democracy (Score:5, Insightful)
How can you have a democracy if those in power can spy on potential opponents and make public every little peccadillo? Here's your senator taking a dump. Here's your congressman picking his nose. Here's a dumb email she wrote when she was 18.
Lots of people don't really grow up until they are about 30. But that won't stop those in power from digging up the dirt on the silly things their opponents did in their twenties and showing them off for all to see. Lets face it, we all did dumb things in our twenties. No privacy, no democracy, it's that simple.
Possible the single best protection for children is an affluent functioning democracy. The US is throwing away democracy and the affluence will follow.
Re: (Score:2)
You don't have to do privacy invasions to get to the stupid emails and pics that they do as a kid now a days.
They are all sharing it to the world in social media as it is. And if they stand for election as an adult, am sure alot of them will find that the stuff they posted publicly as a kid will come back to bite them in the ass.
Re: (Score:2)
Possible the single best protection for children is an affluent functioning democracy. The US is throwing away democracy and the affluence will follow.
The US has always been operated as an oligarchy, and it still is. It's never actually run as a democracy, although it does have some democratic elements. Those affluent people get the best government their money can buy.
Sounds great! (Score:2)
You only "think" the D's and R's (Score:2)
Re: (Score:2)
Re: (Score:2)
The "senate document" is a proposed law, and will make everything in your link wrong.
Seems like campaigns are in order. (Score:3)
Re: (Score:2)
If everyone from Facebook to bank websites loaded to a banner "THIS SITE IS NO LONGER SECURE DUE TO US FEDERAL LAW" the public would take notice.
Remember that scene in Tommy Boy where he gets on the evening news for strapping a "bomb" to himself, and one of the guys Tommy sold to says, "Oh, yeah, I buy parts from that guy," and then turns the channel? That's the "notice" the public would take for something like this. I get it; you get it; but John Q. Public does not.
Re: (Score:2)
Seems like we need a round of high profile campaigns, especially from big tech. If everyone from Facebook to bank websites loaded to a banner "THIS SITE IS NO LONGER SECURE DUE TO US FEDERAL LAW" the public would take notice.
They already tried that in Europe. Pretty much every single website has a GDPR pop-up that says something along the lines of "we use cookies to spy on you". It's just one more thing to click through.
Re: (Score:2)
There is a difference between "We use cookies to properly identify your user session so that your user account credentials can be unique when using our service. You know, so people cant post as you, and vise versa." and "LISTEN HUMAN SLAVE. YOU WILL CONSUME THE ADVERTS AND LIKE THEM. IF YOU FAIL TO DO SO, THERE WILL BE CONSEQUENCES."
The issue, is that the people that REALLY REALLY want to say the latter, INSIST that their reason for tracking is the former.
Rather than do what really needs to be done (watchdo
Blatant violation of the 4th Amendment (Score:2)
Meanwhile Europe... (Score:2)
... laughs in GDPR.
Re: (Score:2)
..International law disagrees, and gets very annoyed when people think this - big firms have been fined heavily for doing this
Buttle or Tuttle? (Score:2)
GDPR (Score:2)
Nadella wants new internet, next Silverlight? (Score:2)
One of the scarier quotes [msn.com] is ""To me, just being great at game building gives us the permission to build this next platform, which is essentially the next internet: the embodied presence."
He doesn't mention the W3C anywhere in this.
The country with "the most freedom" (Score:2)
Goodbye Attorney-Client Privilege (Score:4, Insightful)
and goodbye Doctor-patient confidentiality.
Everyone needs to register as church minister/priest and have all their communication be confessional-protected!
Re: Goodbye Attorney-Client Privilege (Score:4, Funny)
Re: Goodbye Attorney-Client Privilege (Score:4, Funny)
I would not include that in the header of any email being sent to the tax authorities.
Re:It's all about the children... (Score:4, Insightful)
THINK HAPPY THOUGHTS!!!
- This message is EARN IT compliant.
Doublespeak (Score:2)
What exactly is it that we're "earning" here?
Re: (Score:2)
Safety for children?
Re: (Score:2)
Re: (Score:2)
Primary everyone....no matter the party.
Re: All this from the democrats (Score:5, Informative)
Re: All this from the democrats (Score:5, Informative)
There were 9 Democratic cosponsors and 10 Republican cosponsors, this is an entirely bipartisan action:
Cosponsors List [congress.gov]
Re:All this from the democrats (Score:4, Informative)
democrat cosponsors:
Sen. Blumenthal, Richard [D-CT]
Sen. Feinstein, Dianne [D-CA]
Sen. Whitehouse, Sheldon [D-RI]
Sen. Hirono, Mazie K. [D-HI]
Sen. Casey, Robert P., Jr. [D-PA]
Sen. Cortez Masto, Catherine [D-NV]
Sen. Hassan, Margaret Wood [D-NH]
Sen. Warner, Mark R. [D-VA]
See? Bipartisan!
Re:All this from the democrats (Score:5, Informative)
See? Bipartisan!
To be fair: republican cosponsors:
Sen. Grassley, Chuck [R-IA]
Sen. Cornyn, John [R-TX]
Sen. Hawley, Josh [R-MO]
Sen. Kennedy, John [R-LA]
Sen. Blackburn, Marsha [R-TN]
Sen. Collins, Susan M. [R-ME]
Sen. Ernst, Joni [R-IA]
Sen. Hyde-Smith, Cindy [R-MS]
Sen. Murkowski, Lisa [R-AK]
Sen. Portman, Rob [R-OH]
So, a pox on both their houses.
Re: (Score:2)
What's wrong with these people?
Re: All this from the democrats (Score:2)
Re: (Score:3)
What's wrong with these people?
Maybe I'm too kind, but I think it's because they don't understand the implications, not that they're evil.
There is a strong tendency among non-technical policymakers to assume that there must be some way to have privacy while still allowing law enforcement access. They assume that because that's how it's been in the past. People could have privacy in their homes, but through a judicial process law enforcement could get a warrant to violate that privacy -- but only in a pretty controlled way. They don't g
Re: (Score:2)
Re: (Score:2)
I just... Who the hell would even want to deal with the BS of being a Senator when they're 94?
Re:All this from the democrats (Score:4, Interesting)
Re: (Score:2, Insightful)
The logical acrobatics you just want through to support your preferred party were astonishing.
Face it, Democrats suck, for very many reasons.
Re: (Score:2)
And that part is a horror show for Republicans; substantially worse than the other side (even if they're far from perfect). 'Centrists' that think both sides are the same fall into two camps;
Let me get this straight: You think that everyone who says both sides suck think that both sides suck equally? That seems like a surprisingly unsubtle view.
One group of people wants your money and self-respect, the other group of people wants your money and your freedom. Are they equally bad? That is a silly judgement call to try and make. How about both are so bad, that I would support NEITHER of them?
It is like you are saying, The Democrats aren't as bad as Republicans so you should vote for them. Umm, no
Re: (Score:2)
If only the Republicans actually believed what they believe, maybe.
There don't seem to be any conservatives in the Republican party since they went all-in for Trump, the least conservative president we've ever had. (What, you think trying to overturn an election is conservative?)