Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 06 March 2020 08:33

US bid to ban encryption without actually banning it

US bid to ban encryption without actually banning it Pixabay

In Australia, the government is using the increasing incidence of online child sexual exploitation to give the military intelligence agency, the Australian Signals Directorate, a domestic role. It claims this role will be restricted only to cases of child sexual abuse.

In the United States, the same crime is being used to try and push through a bill that will restrict the freedom of Americans to use encryption for their data and communications.

Australia's intentions were made clear on 19 February when Australian Federal Police commissioner Reece Kershaw, Australian Criminal Intelligence Commission chief executive Michael Phelan and Australian Transaction Reports and Analysis Centre chief executive Nicole Rose made presentations at the National Press Club, claiming that current laws had been overtaken by technology and needed to be changed.

None of them mentioned that Australia already has a law in place to force companies to break encryption, this legislation having been passed in December 2018. Like Oliver Twist, they all asked for more. The mainstream media, and indeed even smaller publications, have kept mum about the possibility that the ASD would be allowed a role in domestic cases.

The UK was the first to pass a law that would enable officials to force the breaking of encryption, but in the US it would be somewhat more difficult to get such legislation passed. So the Americans are taking a circuitous route.

As American cryptography fellow Dr Riana Pfefferkorn, who works with the Stanford Centre for Internet and Society, put it, the US is trying to ban encryption without actually banning it.

The tussle between Apple and the FBI in 2016, over the latter's demand that the company provide a means for it to gain access to data on a terrorist's iPhone, showed that tech outlets would not accede to demands that they felt would impact on any selling point of their products. That case ended with the FBI using the services of a third party to gain access to the data in question.

But after that, following the 2016 US presidential election, and the allegations of Russian interference, public suspicion of companies like Facebook has grown. Increasing data leaks have not helped either and the government now feels the public mood is right to act.

The US assistant attorney-general for national security John Demers went on the record late last month saying that the Department of Justice had given up hopes that tech companies would voluntarily backdoor their own encryption.

Instead, said Demers, the DoJ was focused on passing legislation that forces companies to co-operate – "and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States".

The law that is sought to be passed is called the EARN IT Act. Currently, section 230 of the Communications Decency Act allows online platforms to escape liability for things their users say and do; for example, you can sue the person who defamed you on a platform like Twitter, but not the platform itself. An amendment to this section in 2018 has made platforms liable for publishing information “designed to facilitate sex trafficking”.

The other law that is relevant to this discussion is the Communications Assistance for Law Enforcement Act of 1994 which mandates that telecommunications carriers must open their networks to tapping by law enforcement when served with a warrant. Information services are not covered, though. Additionally, CALEA places no restrictions on encryption.

US politicians are not happy with this, but have shown no appetite for amending CALEA. Enter the EARN IT Act which aims to force online platforms to adhere to any practices laid down by a federal commission to combat child sexual abuse material online. The stick is that any platform that does not adhere to the mandated practices will lose the immunity to lawsuits that is guaranteed by Section 230.

There is another US federal law that governs the behaviour of online platforms with regard to child sexual abuse material; when they find any such material, they have to report it to the authorities. But they are not required to monitor or filter content on their sites to look for such material. If platforms report abuse material when they find it, they cannot be penalised either by federal or state courts. However, criminal cases can still be brought against platforms for intentional misconduct.

The new bill makes it necessary for platforms to earn the immunity that Section 230 has afforded so far. And one of the conditions for earning that immunity could well be the ditching of end-to-end encryption. That would, incidentally, also achieve the task of modifying the cover that CALEA affords to information services as it makes no requirement from them on encryption.

That the bill is being put forward at a time when there is a hue and cry about the privacy of individuals — which can be ensured only through strong encryption — has not gone unnoticed. Senator Lindsay Graham, one of the Republican senators putting forward the bill, has admitted that this does not make much sense.

But like all government initiatives, when the spectre of child sexual abuse is raised, people hesitate to say anything, and stand idly by while more and more draconian legislation is shoved onto the law books.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News