Another stupid piece of legislation has been introduced into the U.S. Senate that proposes to cripple all encryption methods used by the American public.
The misnamed EARN IT Act — which is sponsored by Judiciary Committee Chairman Lindsey Graham (R-S.C.) and ranking Democrat Dianne Feinstein (Calif.) plus eight other sponsors and co-sponsors — doesn’t actually target encryption directly. Instead, it claims to fight child pornography. The legislators sponsoring this bill might believe it will effectively force companies to give law enforcement special access to encrypted communications in order to track what users are sharing. They’re calling it a “backdoor to a backdoor” that reportedly will compromise the cybersecurity of everyone who uses the technology.
While fighting child pornography is an admirable goal, the sponsors of the bill apparently are all non-techies who have no concept of the drawbacks, technical limitations, and the ridiculousness of this proposed legislation.
It reminds me of an old fairy tale about “throwing the baby out with the bath water.”
First, if this proposed legislation actually passes, a lot more than child pornography will become visible to law enforcement, foreign governments, hackers, credit card thieves, and other miscreants alike. Would you want your credit card numbers and bank account numbers to become visible to hundreds or even thousands of people?
In theory, the proposed legislation would make the original file contents visible only to law enforcement officials but the same proposed legislation offers no clue as to how such access would be limited. Historically, weakened encryption methods are soon “cracked” by worldwide governments, hackers, credit card thieves, and other people with evil intentions. In addition, law enforcement officials have occasionally been known to use access to “secret information” for purposes other than the intended uses. The number of dishonest law enforcement officials probably is small but is not zero.
Next, the legislators sponsoring this bill seem to assume that outlawing high-quality encryption in the USA will instantly make high-quality encryption disappear worldwide. Of course, such an assumption is naive.
The internet ignores national boundaries. Even if the proposed legislation manages to eliminate high-quality encryption products created by American companies, the fact is that the internet ignores national boundaries. High-quality encryption software will still be available from non-US sources and can be downloaded by Americans and others and installed within seconds.
In fact, there is a strong likelihood that adoption of this legislation will result in INCREASED ADOPTION of high-quality encryption software. Once thieves and honest citizens alike realize that their most private thoughts and information will become visible to thousands of other people, they are more likely to understand the issues involved and will then seek other, often foreign, products that will block anyone and everyone from decrypting files without knowledge of the required encryption key(s).
There is a strong possibility that passage of this legislation will INCREASE the use strong encryption methods rather than decrease it, the exact opposite of the bill’s proposed “solutions.”
“The EARN IT Act would fail to meaningfully tackle exploitative content beyond current tools and laws and contains fatal flaws that would undermine cybersecurity, privacy and free speech,” said Jason Oxman, president of the Information Technology Industry Council trade association, which includes Apple, Google and Twitter among its members.
Let’s fight ignorance wherever it is found, even amongst the legislators who are charged with protecting the interests of the citizens they represent.
- Privacy-focused DuckDuckGo Launches New Effort to Block Online Tracking
- At Least 20 VPN and Ad-Blocking Apps With 35 Million Downloads Actually Monitored Users’ Phones
Categories: Email Security, Encryption, Online Privacy & Security
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Privacy Blog 