E2EE - Max Fang's Notes

# End-to-End Encryption Links: [[Mass Surveillance]] ### [[Attorny General]] [[William P. Barr]] leaned on [[Facebook]] cease its use of [[E2EE]] https://www.justice.gov/opa/pr/attorney-general-barr-signs-letter-facebook-us-uk-and-australian-leaders-regarding-use-end ## Setback in the outback https://signal.org/blog/setback-in-the-outback/ [[Signal Blog]] [[2018-12-13]] *Like many others, we have been following the latest developments in Australia related to the “Assistance and Access” bill with a growing sense of frustration. The widespread adoption of strong cryptography and end-to-end encryption has given people around the world the ability to protect their personal information and communicate securely. Life is increasingly lived online, and the everyday actions of billions of people depend on this foundation remaining strong.* *Attempting to roll back the clock on security improvements which have massively benefited Australia and the entire global community is a disappointing development.* ## 230, or not 230? That is the EARN IT question. https://signal.org/blog/earn-it/ [[Signal Blog]] [[2020-04-08]] *At a time when more people than ever are benefiting from these protections, the EARN IT bill proposed by the Senate Judiciary Committee threatens to put them at risk. COVID-19 has us sheltering in place, but we cannot quarantine our concerns.* ### Protection needs protection Broadly speaking, Section 230 of the Communications Decency Act protects online platforms in the United States from legal liability for the behavior of their users. In the absence of this protection, many of the apps and services that are critical to the way the internet functions today may have never been created in the first place – or they couldn’t have been created in America. The EARN IT act turns Section 230 protection into a hypocritical bargaining chip. At a high level, what the bill proposes is a system where companies have to _earn_ Section 230 protection by following a set of designed-by-committee “best practices” that are extraordinarily unlikely to allow end-to-end encryption. Anyone who doesn’t comply with these recommendations will lose their Section 230 protection. Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States. Tech companies and organizations may be forced to relocate, and new startups may choose to begin in other countries instead. For a political body that devotes a lot of attention to national security, the implicit threat of revoking Section 230 protection from organizations that implement end-to-end encryption is both troubling and confusing. Signal is [recommended by the United States military](https://www.militarytimes.com/flashpoints/2020/01/23/deployed-82nd-airborne-unit-told-to-use-these-encrypted-messaging-apps-on-government-cellphones/). It is routinely [used by senators and their staff](https://www.engadget.com/2017-05-17-us-senate-approves-signal-for-staff-use.html). American allies in the EU Commission [are Signal users too](https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/). End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide. ### The letter of the law is haunted by the spirit of past behavior Proponents of this bill are quick to claim that end-to-end encryption isn’t the target. These arguments are disingenuous both because of the way that the bill is structured and the people who are involved. Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, [wrote a detailed breakdown](https://cyberlaw.stanford.edu/blog/2020/03/earn-it-act-here-surprise-it%E2%80%99s-still-bad-news) of some of the myriad problems with this bill. She also astutely points out that the bill would give unprecedented power to Attorney General William Barr, [a vocal critic of end-to-end encryption](https://arstechnica.com/tech-policy/2019/10/the-broken-record-why-barrs-call-against-end-to-end-encryption-is-nuts/), who would become the arbiter of any recommendations from the “best practices” commission that the EARN IT bill would create. It is as though the Big Bad Wolf, after years of unsuccessfully trying to blow the brick house down, has instead introduced a legal framework that allows him to hold the three little pigs criminally responsible for being delicious and destroy the house anyway. When he is asked about this behavior, the Big Bad Wolf can credibly claim that nothing in the bill mentions “huffing” or “puffing” or “the application of forceful breath to a brick-based domicile” at all, but the end goal is still pretty clear to any outside observer.