Issue 63

Anti-Big Tech sentiment

In what should come as a surprise to no one, the United States government is trying to use anti-Big Tech sentiment to achieve its decade+ long goal of banning encryption:

Remember,  CALEA makes it perfectly legal for providers of “information services”  (such as Apple and Facebook) to design encryption that is not law  enforcement-friendly. And even telco carriers can encrypt calls and  throw away the decryption key. End-to-end encryption is legal under current federal law.  Yet the EARN IT Act would allow an unelected, unaccountable commission  to write “best practices” (not actual laws or regulations, yet liability  would result from failing to abide by them) which, make no mistake,  will condemn end-to-end encryption. The commission, after all, would be  acting in the shadow of an Attorney General who despises encryption. For  Barr, encryption can only be a “worst practice.” By engaging in that  “worst practice,” companies would risk facing the potentially ruinous  tide of litigation that Section 230 presently bars. That is: the EARN IT  Act would use one law -- a narrowed Section 230 -- to penalize  providers for exercising their rights under a different law -- CALEA.  Providers would be held legally liable for doing exactly what federal  law permits them to do.

...

In short: This bill  takes popular rage at social media companies’ immunity under Section 230  for public speech on their platforms, and twists it into a backhanded  way of punishing messaging service providers’ use of encryption for  private conversations. That’s the deeper bait-and-switch.

I've discussed the current US Attorney General, William Barr, in this newsletter before. He detests encryption and will not stop until companies are forbidden from using it. If he  gets his wish then millions of people the world over who passively rely  on the encryption implemented by Big Tech will become more vulnerable to  malicious actors. Banning encryption won't stop criminals from using it  - you can't ban away the technology itself - but Barr doesn't care, so  long as the US government can better spy on its own citizens.

Do read the rest of the article.

Enjoy the rest of this week's issue. Cheers,

— Justin


Other bits of interest

Pavel Durov on WhatsApp

In  their marketing, WhatsApp uses the words “end-to-end encryption” as  some magic incantation that alone is supposed to automatically make all  communications secure. However, this technology is not a silver bullet  that can guarantee you absolute privacy by itself.

First, there  are backups. Users don’t want to lose their chats when they change  devices, so they back up the chats in services like iCloud – often  without realizing their backups are not encrypted. The fact that Apple  was forced by the FBI to abandon encryption plans for iCloud is telling.

Second,  there are backdoors. Enforcement agencies are not too happy with  encryption, forcing app developers to secretly plant vulnerabilities in  their apps. I know that because we’ve been approached by some of them –  and refused to cooperate. As a result, Telegram is banned in some  countries where WhatsApp has no issues with authorities, most  suspiciously in Russia and Iran.

Pavel  (the co-founder of Telegram) has a vested interest here but it doesn't  mean he's wrong: from a privacy perspective, WhatsApp is bad news. It's  also legal in Russia. Make of that what you wish.

Learn more:


The supposed Huawei threat

Scott Sumner repeats what I've been saying since day one: if your network is properly managed then there is no Huawei threat.

The  UK is considered a trusted ally of the US, part of the so-called “five  eyes” security system. In theory, the US is supposed to be willing to  share important security information with the UK. But the US refuses to  provide British intelligence with the evidence that it claims it has  regarding the threat posed by Huawei.

That makes me think this is  not really about national security; it’s part of the Trump  administration’s goal of preventing China from becoming a great power.  That might well be a valid objective, but if that’s what this is all  about then we should say so.

...

I do see why people would  be opposed to using Huawei infrastructure in military-related  facilities. Beyond that, I’m having trouble understanding the risk.

Does  anyone seriously think the Chinese would try to use Huawei devices to  sabotage the British oil and gas sector? Think about that from the  Chinese perspective. What are the costs and benefits of that sort of  action? The potential benefit would be trivial, whereas the costs to  China could be utterly catastrophic.

Yep.  Governments need to spend less time worrying about Huawei and more time  worrying about improperly implemented technology, such as the internet  of things (IoT).

Learn more:

That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 63: Anti-Big Tech sentiment was compiled by Justin Pyvis and delivered on 04 February 2020. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to their Keybase or Riot.im account.