US It’s Back: Senators Want EARN IT Bill to Scan All Online Messages

  • 🏰 The Fediverse is up. If you know, you know.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account

It’s Back: Senators Want EARN IT Bill to Scan All Online Messages​

DEEPLINKS BLOG
BY JOE MULLIN
FEBRUARY 3, 2022


Share on TwitterShare on Facebook

The Graham-Blumenthal bill is anti-speech, anti-security, and anti-innovation.



People don’t want outsiders reading their private messages —not their physical mail, not their texts, not their DMs, nothing. It’s a clear and obvious point, but one place it doesn’t seem to have reached is the U.S. Senate.
A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition. Let’s be clear: the new EARN IT Act would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe. It’s a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online—backups, websites, cloud photos, and more—is scanned.
TAKE ACTION
TELL CONGRESS TO REJECT THE EARN IT ACT

New Internet Rules, From Juneau to Jackson​

The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all—specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse.
The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. We know that EARN IT aims to spread the use of tools to scan against law enforcement databases because the bill’s sponsors have said so. In a “Myths and Facts” document distributed by the bill’s proponents, it even names the government-approved software that they could mandate (PhotoDNA, a Microsoft program with an API that reports directly to law enforcement databases).
The document also attacks Amazon for not scanning enough of its content. Since Amazon is the home of Amazon Web Services, host of a huge number of websites, that implies the bill’s aim is to ensure that anything hosted online gets scanned.
Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary “best practices” for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill’s sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites—the government will already have access to the user data, through the platform.
A provision of the bill that purports to protect services using encryption (Section 5, Page 16) doesn’t come close to getting the job done. State prosecutors or private attorneys would be able to drag an online service provider into court over accusations that their users committed crimes, then use the fact that the service chose to use encryption as evidence against them—a strategy that’s specifically allowed under EARN IT.
It’s hard to imagine anyone daring to use this supposed defense of encryption. Instead, they’ll simply do what the bill sponsors are demanding—break end-to-end encryption and use the government-approved scanning software. Just as bad, providers of services like backup and cloud storage who don’t currently offer user-controlled encryption are even less likely to protect their users by introducing new security features, because they will risk liability under EARN IT.

A Lot of Scanning, Not A Lot of Protection​

Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.
Possessing, viewing, or distributing CSAM is already written into law as an extremely serious crime, with a broad framework of existing laws seeking to eradicate it. Online service providers that have actual knowledge of an apparent or imminent violation of current laws around CSAM are required to make a report to the National Center for Missing and Exploited Children (NCMEC), a government entity which forwards reports to law enforcement agencies.
Section 230 already does not protect online service providers from prosecutions over CSAM—in fact, it doesn’t protect online services from prosecution under any federal criminal law at all.
Internet companies are already required to report suspected CSAM if they come across it, and they report on a massive scale. That scale already comes with a lot of mistakes. In particular, new scanning techniques used by Facebook have produced many millions of reports to law enforcement, most of them apparently inaccurate. Federal law enforcement has used the massive number of reports produced by this low-quality scanning to suggest there has been a huge uptick in CSAM images. Then, armed with misleading statistics, the same law enforcement groups make new demands to break encryption or, as with EARN IT, hold companies liable if they don’t scan user content.
Independent child protection experts aren’t asking for systems to read everyone’s private messages. Rather, they recognize that children—particularly children who might be abused or exploited—need encrypted and private messaging just as much as, if not more than, the rest of us. No one, including the most vulnerable among us, can have privacy or security online without strong encryption.

Senate to U.S. Public: Can We Please Have a Surveillance State Now?​

In their “Myths and Facts” sheet, the bill’s supporters have said the quiet part out loud. Some of the document’s falsehoods are breathtaking, such as the statement that internet businesses are provided “blanket and unqualified immunity for sexual crimes against children.” It (falsely) reassures small business owners who dare to have websites that the government-ordered scanning they will be subject to will come “without hindering their operations or creating significant costs.” And it says that using automated tools that submit images and videos to law enforcement databases is “not at odds with preserving online privacy.”
The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That’s completely false, no matter whether it’s called “client side scanning” or another misleading new phrase.
The EARN IT Act doesn’t target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies—from the largest ones to the very smallest ones—as its tools.
The strategy is to get private companies to do the dirty work of mass surveillance. This is the same tactic that the U.S. government used last year, when law enforcement agencies tried to convince Apple to subvert its own encryption and scan users’ photos for them. (That plan has stalled out after overwhelming opposition.) It’s the same strategy that U.K. law enforcement is using to convince the British public to give up its privacy, having spent public money on a laughable publicity campaign that demonizes companies that use encryption.
We won’t waver in our support for privacy and security for all, and the encryption tools that support those values. This bill may be voted on by the Senate Judiciary Committee in just a few days. We’ve told the U.S. Senate that we will not back down in our opposition to EARN IT. We need you to speak up as well.
TAKE ACTION
TELL CONGRESS TO REJECT THE EARN IT ACT

www.eff.org

It’s Back: Senators Want EARN IT Bill to Scan All Online Messages

People don’t want outsiders reading their private messages —not their physical mail, not their texts, not their DMs, nothing. It’s a clear and obvious point, but one place it doesn’t seem to have reached is the U.S. Senate.A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen...
www.eff.org www.eff.org
 
Click to expand...
If they want to read the insane gibberish I send to my friends via group chat, such as complaining about how not believing in the Moon landings proves people don’t believe in fairies, and talking about old Georgian farmers whining about the cold, then let them.

My friends don’t even understand half of what I‘m saying. I can keep an entire team of CIA translators busy by myself.
 
Dealing with big tech was to hard it seems, establishing a system that sounds like the NSA on steroids to scan everything the average American does is much easier I guess.
 
People don’t want outsiders reading their private messages —not their physical mail, not their texts, not their DMs, nothing. It’s a clear and obvious point, but one place it doesn’t seem to have reached is the U.S. Senate.
Click to expand...
I like the sentiment but everyone who uses Gmail, Facebook, Zoom, or Keybase says otherwise.

Yes, even Keybase, the encrypted chat service. Why would anyone trust it after it got acquired by Zoom, the chinkshit service that banned human rights activists for China and was forced to settle a privacy class action lawsuit about leaking user data to the rest of big tech?

It's not that clear that people care about privacy when you actually look at what they do...
 
Going to be a little optimistic that this will fail considering how terrible Congress has been at accomplishing anything. Still sending an email to my rep and Senator though.
 
Apparently it was Lindsey Graham, now officially considered a RINO by Trump, and that one stolen valor commie senator from Connecticut that introduced it.
 
A provision of the bill that purports to protect services using encryption (Section 5, Page 16) doesn’t come close to getting the job done. State prosecutors or private attorneys would be able to drag an online service provider into court over accusations that their users committed crimes, then use the fact that the service chose to use encryption as evidence against them—a strategy that’s specifically allowed under EARN IT.
Click to expand...
This is scaremongering, the government would never do anything bad when it comes to encryption.
 
kcbbq said:
How do you come to that bit of insight when this es exactly what the 4th Amendment covers?
Click to expand...
The 4th amendment covers the search and seizure of personal property.
Once you allow a third party service to touch it, you transfer certain rights
to that property to them, thereby relinquishing your 4th amendment protections.
 
Section 230 already does not protect online service providers from prosecutions over CSAM—in fact, it doesn’t protect online services from prosecution under any federal criminal law at all.
Internet companies are already required to report suspected CSAM if they come across it, and they report on a massive scale.
Click to expand...
This originally started being an issue because Backpage was showing wilful blindness in regard to underage sex trafficking. If a company decides that their log is going to keep almost no data with almost no moderation, as is their right under current law, then it's not really feasible to prosecute them for tacitly promoting such content unless they hired the sort of idiot who will write that down as an official business practice in an email. While that's fortunately frequent, it results in any sort of enforcement taking ages. Witness things like early era /b/ where everyone and their mother was aware that CSAM was being posted and nothing serious was done about it until moot needed to monetize.

I appreciate the EFF's work and I understand they're primarily an activist organization, but their continual attempts to pretend unfavorable things didn't happen are rather grating.

kcbbq said:
How do you come to that bit of insight when this es exactly what the 4th Amendment covers?
Click to expand...
The question isn't whether the government can obtain your private communication (they can't). The covered communications are not "private" because you're providing them to an essentially-unaffiliated third party who has no obligation to keep your communication private. Companies usually require a subpoena to avoid being swamped in vague law enforcement requests, not because they have a strong personal interest in defending your communications.

The problem is that, in the long term, the government will rapidly realize you can't usually do much with a single IP address if people have any concept of opsec whatsoever, and require a degree of KYC that no small operator will be willing to provide to qualify under Section 230. That would probably result in the use of centralized networks becoming all but mandatory.

You have no constitutional right to Section 230 protection. You have the right to anonymous free expression, but the government doesn't have to make it convenient for you to act anonymously.

I am not a lawyer.
 
Like my country, this will likely fail. It serves no purpose to have it all out in the open like this. Better to continue with it undercover so nothing gets reporting by the new age whores called journoscum.
 
You must log in or register to reply here.
Back
Top Bottom