Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Wednesday June 22, @07:19PM   Printer-friendly
from the how-the-sausage-is-made dept.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills - Schneier on Security:

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to "fix" the Internet than any other single action, and I am generally in favor of them both. (The Center for American Progress wrote a good summary and evaluation of them. I have written in support of the bill that would force Google and Apple to give up their monopolies on their phone app stores.)

There is a significant problem, though. Both bills have provisions that could be used to break end-to-end encryption.

Let's start with S. 2992. Sec. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers "have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks." That language is far too broad. [...]

Sec. 3(c)(7)(A)(vi) states that there shall be no liability for a platform "solely" because it offers "end-to-end encryption." This language is too narrow. The word "solely" suggests that offering end-to-end encryption could be a factor in determining liability, provided that it is not the only reason. [...]

In Sec. 2(a)(2), the definition of business user excludes any person who "is a clear national security risk." This term is undefined, and as such far too broad. It can easily be interpreted to cover any company that offers an end-to-end encrypted alternative, or a service offered in a country whose privacy laws forbid disclosing data in response to US court-ordered surveillance. [...]

Finally, under Sec. 3(b)(2)(B), platforms have an affirmative defense for conduct that would otherwise violate the Act if they do so in order to "protect safety, user privacy, the security of nonpublic data, or the security of the covered platform." This language is too vague, and could be used to deny users the ability to use competing services that offer better security/privacy than the incumbent platform—particularly where the platform offers subpar security in the name of "public safety." [...]

S. 2710 has similar problems. Sec 7. (6)(B) contains language specifying that the bill does not "require a covered company to interoperate or share data with persons or business users that...have been identified by the Federal Government as national security, intelligence, or law enforcement risks." This would mean that Apple could ignore the prohibition against private APIs, and deny access to otherwise private APIs, for developers of encryption products that have been publicly identified by the FBI. That is, end-to-end encryption products.

I want those bills to pass, but I want those provisions cleared up so we don't lose strong end-to-end encryption in our attempt to reign in the tech monopolies.

If you are a US citizen, just in case you want to express your opinion, don't forget that Senators love to hear from their constituents.


Original Submission

 
Display Options Threshold/Breakthrough Reply to Comment Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by rpnx on Wednesday June 22, @09:33PM (5 children)

    by rpnx (13892) on Wednesday June 22, @09:33PM (#1255457) Journal

    Fix the real problems. Patent abuse created these monopolies and hardware restrictions facilitate them.

    1. Restore net neutrality.
    2. Require hardware manufacturers to document their hardware.
    3. Reduce technology patents to 10 years and increase fees to file a patent by 10x, with 80% refunded if your patent is accepted.
    4. Require ISP to give symmetric speeds so people can host servers in their houses again. (this is HUGE)
    5. Make it unlawful to be an ISP and content/information provider simultaneously, this is a huge conflict of interest between the needs of ISP customers/the public and the cable companies.
    6. Make it unlawful for mobile service providers to enter into contracts with hardware providers, cell phone brands, etc (again, ISP conflict of interest).
    7. Make it unlawful to treat laptops/hotspot data different from other mobile data (except emergency calls).
    8. Subsidize FCC testing.
    9. Allow a locked bootloader/os if the user can disable it. Like most android do. Otherwise disallow.
    10. Since people can now choose an OS, don't restrict how the OS operates except according to existing antitrust law.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=2, Interesting=2, Total=4
    Extra 'Interesting' Modifier   0  

    Total Score:   5  
  • (Score: 1) by rpnx on Wednesday June 22, @09:54PM (2 children)

    by rpnx (13892) on Wednesday June 22, @09:54PM (#1255463) Journal

    I don't like them because they don't fix the real issues. And there needs to be carve outs for curated app stores. The fact is, app curation is important. I'm totally down for requiring the hardware to be open though. While I think Apple shouldn't be able to shut down app store competitors, allowing Apple to curate the App Store is a good thing.

    Now, when Google, for example, pays companies to exclude other app stores, or Apple makes it impossible to sideload other apps or App Stores, THAT is anticompetitive IMO. Normally the solution to that would be "roll your own OS", but the cozy relationship between the established OS companies and their hardware vendors and cellular providers has made that pretty impossible.

    Require hardware vendors to document their shit and and mobile providers not to discriminate against certain devices, and the other problems will resolve themselves.

    • (Score: 1) by rpnx on Wednesday June 22, @09:57PM (1 child)

      by rpnx (13892) on Wednesday June 22, @09:57PM (#1255464) Journal

      Example: Why nobody uses Manjaro/Ubuntu Touch: "We're still working on getting Wifi working on this phone, the hardware vendor wont share documentation with us". Or "sleep doesn't work on X cpu". Or "MMS on this phone doesn't work on Sprint with our OS, we can't fix it because Sprint requires blob X".

      That is why there are no competitors.

      • (Score: 0) by Anonymous Coward on Saturday June 25, @05:54PM

        by Anonymous Coward on Saturday June 25, @05:54PM (#1256101)
        But there are competitors. Plenty of different android phone vendors out there. Some even have their own app stores.
  • (Score: 0) by Anonymous Coward on Thursday June 23, @02:17AM

    by Anonymous Coward on Thursday June 23, @02:17AM (#1255500)

    Two words, Common Carrier

  • (Score: 2) by loonycyborg on Thursday June 23, @11:55AM

    by loonycyborg (6905) on Thursday June 23, @11:55AM (#1255562)

    4. Require ISP to give symmetric speeds so people can host servers in their houses again. (this is HUGE)

    Not so huge if you only want to host a simple website. In fact, it's mostly about having a public IP.