Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by hubie on Wednesday June 22 2022, @07:19PM   Printer-friendly
from the how-the-sausage-is-made dept.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills - Schneier on Security:

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to "fix" the Internet than any other single action, and I am generally in favor of them both. (The Center for American Progress wrote a good summary and evaluation of them. I have written in support of the bill that would force Google and Apple to give up their monopolies on their phone app stores.)

There is a significant problem, though. Both bills have provisions that could be used to break end-to-end encryption.

Let's start with S. 2992. Sec. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers "have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks." That language is far too broad. [...]

Sec. 3(c)(7)(A)(vi) states that there shall be no liability for a platform "solely" because it offers "end-to-end encryption." This language is too narrow. The word "solely" suggests that offering end-to-end encryption could be a factor in determining liability, provided that it is not the only reason. [...]

In Sec. 2(a)(2), the definition of business user excludes any person who "is a clear national security risk." This term is undefined, and as such far too broad. It can easily be interpreted to cover any company that offers an end-to-end encrypted alternative, or a service offered in a country whose privacy laws forbid disclosing data in response to US court-ordered surveillance. [...]

Finally, under Sec. 3(b)(2)(B), platforms have an affirmative defense for conduct that would otherwise violate the Act if they do so in order to "protect safety, user privacy, the security of nonpublic data, or the security of the covered platform." This language is too vague, and could be used to deny users the ability to use competing services that offer better security/privacy than the incumbent platform—particularly where the platform offers subpar security in the name of "public safety." [...]

S. 2710 has similar problems. Sec 7. (6)(B) contains language specifying that the bill does not "require a covered company to interoperate or share data with persons or business users that...have been identified by the Federal Government as national security, intelligence, or law enforcement risks." This would mean that Apple could ignore the prohibition against private APIs, and deny access to otherwise private APIs, for developers of encryption products that have been publicly identified by the FBI. That is, end-to-end encryption products.

I want those bills to pass, but I want those provisions cleared up so we don't lose strong end-to-end encryption in our attempt to reign in the tech monopolies.

If you are a US citizen, just in case you want to express your opinion, don't forget that Senators love to hear from their constituents.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tangomargarine on Thursday June 23 2022, @02:56AM (2 children)

    by tangomargarine (667) on Thursday June 23 2022, @02:56AM (#1255503)

    I'm kind of tempted to suggest the response to this constant practice of attaching complete horseshit riders to actually useful legislation in order to ram it down our throats ("oh, we can't actually use any of our shenanigans to prevent you getting this law you actually want? okay, just let us attach 3 things you hate to it in the process to make ourselves feel better about it") of just voting down any law they do the practice with. (Obviously would be a judgment call how odious any given rider is.) We'll just stay here until you can behave reasonably.

    ...But now I'm picturing politicians just purposely attaching such a rider to any bill they don't want to see passed in order to get it shot down.

    Man, fuck politicians.

    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2, Interesting) by Anonymous Coward on Thursday June 23 2022, @03:49AM

    by Anonymous Coward on Thursday June 23 2022, @03:49AM (#1255518)

    ..But now I'm picturing politicians just purposely attaching such a rider to any bill they don't want to see passed in order to get it shot down.

    Already SOP. They even do it with their own bills that they know their constituents want but that Wall Street or the three-letter-soup doesn't. That way they can get up and beat their chests about how they supported Bill X but the evil $OTHER PARTY threw it out. Both sides do it, but you only ever hear about the poison pills if you watch the other side's 'news'.

  • (Score: 0) by Anonymous Coward on Saturday June 25 2022, @06:01PM

    by Anonymous Coward on Saturday June 25 2022, @06:01PM (#1256105)
    With all those people shooting up schools it's a wonder why so few have managed to shoot up congress yet. And so many keep saying the 2nd amendment is to help the people defend themselves from the government.

    I guess the truth is only a tiny/near nonexistent minority really hate the bills and the congress critters that much. There are more who hate school kids and teachers.

    Guess the "education" system/culture is that bad...