Issue 63

Anti-Big Tech sentiment

In what should come as a surprise to no one, the United States government is trying to use anti-Big Tech sentiment to achieve its decade+ long goal of banning encryption:

Remember, CALEA makes it perfectly legal for providers of “information services” (such as Apple and Facebook) to design encryption that is not law enforcement-friendly. And even telco carriers can encrypt calls and throw away the decryption key. End-to-end encryption is legal under current federal law. Yet the EARN IT Act would allow an unelected, unaccountable commission to write “best practices” (not actual laws or regulations, yet liability would result from failing to abide by them) which, make no mistake, will condemn end-to-end encryption. The commission, after all, would be acting in the shadow of an Attorney General who despises encryption. For Barr, encryption can only be a “worst practice.” By engaging in that “worst practice,” companies would risk facing the potentially ruinous tide of litigation that Section 230 presently bars. That is: the EARN IT Act would use one law -- a narrowed Section 230 -- to penalize providers for exercising their rights under a different law -- CALEA. Providers would be held legally liable for doing exactly what federal law permits them to do.
...
In short: This bill takes popular rage at social media companies’ immunity under Section 230 for public speech on their platforms, and twists it into a backhanded way of punishing messaging service providers’ use of encryption for private conversations. That’s the deeper bait-and-switch.

I've discussed the current US Attorney General, William Barr, in this newsletter before. He detests encryption and will not stop until companies are forbidden from using it. If he gets his wish then millions of people the world over who passively rely on the encryption implemented by Big Tech will become more vulnerable to malicious actors. Banning encryption won't stop criminals from using it - you can't ban away the technology itself - but Barr doesn't care, so long as the US government can better spy on its own citizens.

Do read the rest of the article.

Enjoy the rest of this week's issue. Cheers,

— Justin

Other bits of interest

Pavel Durov on WhatsApp

In their marketing, WhatsApp uses the words “end-to-end encryption” as some magic incantation that alone is supposed to automatically make all communications secure. However, this technology is not a silver bullet that can guarantee you absolute privacy by itself.

First, there are backups. Users don’t want to lose their chats when they change devices, so they back up the chats in services like iCloud – often without realizing their backups are not encrypted. The fact that Apple was forced by the FBI to abandon encryption plans for iCloud is telling.

Second, there are backdoors. Enforcement agencies are not too happy with encryption, forcing app developers to secretly plant vulnerabilities in their apps. I know that because we’ve been approached by some of them – and refused to cooperate. As a result, Telegram is banned in some countries where WhatsApp has no issues with authorities, most suspiciously in Russia and Iran.

Pavel (the co-founder of Telegram) has a vested interest here but it doesn't mean he's wrong: from a privacy perspective, WhatsApp is bad news. It's also legal in Russia. Make of that what you wish.

Learn more:

The supposed Huawei threat

Scott Sumner repeats what I've been saying since day one: if your network is properly managed then there is no Huawei threat.

The UK is considered a trusted ally of the US, part of the so-called “five eyes” security system. In theory, the US is supposed to be willing to share important security information with the UK. But the US refuses to provide British intelligence with the evidence that it claims it has regarding the threat posed by Huawei.

That makes me think this is not really about national security; it’s part of the Trump administration’s goal of preventing China from becoming a great power. That might well be a valid objective, but if that’s what this is all about then we should say so.
...
I do see why people would be opposed to using Huawei infrastructure in military-related facilities. Beyond that, I’m having trouble understanding the risk.

Does anyone seriously think the Chinese would try to use Huawei devices to sabotage the British oil and gas sector? Think about that from the Chinese perspective. What are the costs and benefits of that sort of action? The potential benefit would be trivial, whereas the costs to China could be utterly catastrophic.

Yep. Governments need to spend less time worrying about Huawei and more time worrying about improperly implemented technology, such as the internet of things (IoT).

Learn more:

That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 63: Anti-Big Tech sentiment was compiled by Justin Pyvis and delivered on 04 February 2020. Join the conversation on the fediverse at Detrended.net.