What does any of this have to do with the EARN-IT act? This all appears to be just claims about possible uses of encryption with no particular relation to the subject of the article. If these other uses of encryption you're discussing wouldn't be affected by the EARN-IT act, then they aren't relevant here.
I'm not sure how much this answers your question, but Congress put out a "EARN IT Act Myths and Facts" documents that contains the following text:
> MYTH: The EARN IT Act is simply an attempt to ban encryption.
> FACT: The EARN IT Act does not target, limit, or create liability for encryption or privacy services. In fact, in order to ensure the EARN IT Act would not be misconstrued as limiting encryption, specific protections were included in the bill to explicitly state that a court should not consider offering encryption or privacy services as an independent basis for legal liability.
The EARN IT Act continues to be pushed thru the US lawmaking gang. It wants to remove anti liability protections from platforms. It is also purportedly attempting to stop encryption.
But we must be vigilant - Professor Dan Bernstein delivered us some of the best cryptographic algorithms, amazing DNS software, unarguably the best email daemon and more, but he also delivered us a case law ruling that encryption is protected free speech[1].
Let’s not forget that. Our Bill of Rights is very strong. Thanks Professor Bernstein for proving that!
I think the impact is certainly concerning, but I doubt that it's likely that most sources are currently even using E2E encryption in the first place I'm not trying to minimize this, either: the EARN IT act is a huge problem. I suppose my point is that you can't get rid of good encryption, but you can prevent US companies from using good encryption which is simply going to push people offshore.
This could even have totally perverse impacts: suppose that China can read your messages, but all you care about is that your provider is not hosted in the US?
While I fully support strong privacy & encryption, there is absolutely no logic in this argument because it tries to build upon an unrelated hypothetical.
A stronger argument should have tried to explain how this violates the constitution:
There's been a lot of question about the motivation for this feature. Am I the only one that thinks this could be related to things like the EARN IT (or something similar).
Here's an article from a year ago on EARN IT:
> Theoretically, a system that uses client-side scanning could still send messages encrypted end to end, and so the Leahy amendment would not offer any protection, but many of the same confidentiality concerns with backdoored “e2ee” systems would continue to apply.
EFF Deeplinks overstates as usual, harming their credibility.
EARN IT doesn't let the government scan every message (just like right now your non e2e encrypted data says isn't subject to mass scanning by government, but guarded by a warrant or your hosting provider's government bootlickiness), but merely (as the article admits) doesn't prevent the government from passing such a law in the future.
That is probably why the FSF has published an article with the title "EARN-IT threatens encryption and therefore user freedom".
But the point that the FSF needs to focus on is that EARN-IT is bad because it limits user freedom. The fact that users may choose to use that freedom to protect themselves from criminals isn't the issue. There might be an obvious and compelling reason users need freedom or there might not be. The FSF doesn't need to care and should be against the bill regardless.
Much like how the FSF doesn't care about whether the GPL is economic or not - they think software projects should all be licensed under it (or an equivalently free license). The point isn't whether freedom is good or necessary. That is taken as a priori truth. The point the FSF advocates is whether users have it.
Don't forget the section that requires companies doing business with the government to share data about any possible bad actors.. hence anyone using encryption.
Almost certainly not. EARN IT doesn't technically forbid encryption, it just lets an unelected board decide the legal requirements for communication without being sued into oblivion. But the unelected board will be under the control of those who object to encryption they can't break.
It would probably be legal if the program also sent the crypto keys somewhere for later use.
you have to wonder just how much such rulings help anyone.
- practically nobody uses the service in the country (especially when dealing with hundreds of millions connected on the internet), and for some this might have a streissand effect.
- those using such services for nefarious reasons would have little to no reason to abide by it. IT law enforcement is already very ineffective as it is, and would only be used as a lever when dealing with cases the administration has special interest in.
- this is not really a matter of encryption but about data sharing arrangements with other countries (as correctly pointed out in the comments). funnily enough it is against the law to refuse decryption (https://en.wikipedia.org/wiki/Information_Technology_Act%2C_...).
The relevant quotes from the article (my emphasis):
"The NSW government will introduce laws to confiscate unexplained wealth from criminal gangs and ban the use of encrypted devices as part of long-waited reforms to combat money laundering and organised crime."
...
“These reforms will make it an offence to possess these kinds of devices and allow us to better target high-risk individuals from using them to orchestrate crime.”
That's a good point that I hadn't realized. If this were to pass, they can get you on using encryption without actually charging you with any other crime. That's scary.
Let's say a service builds a system with end-to-end encryption, such that the service provider itself is unable to decrypt and read any messages sent using the service.
How would the third party doctrine apply to that scenario? I haven't voluntarily given any decrypted information to the service provider. Instead, I specifically avoided voluntarily giving them that information.
So, at least in the context that the EARN IT act may threaten end-to-end encryption (or may attach significant civil liability to adopting end-to-end encryption) I'm not sure I understand how the third party doctrine applies. Can you expand on that?
That sounds like a reasonable explanation for the reason behind the law, but vague wordings are still problematic, more so when it comes to any complex technology. You don't want a vague law that could be reinterpreted as making it illegal to provide end-to-end encryption for non-financial or other legally protected data (the argument being that if there is no need for it from a business or legal perspective, then it must be encouraging illegal activities as why else would it need to be encrypted).
reply