US Anti-Encryption Bill Forces Companies To Build Security Holes In Apps/Hardware, and Some Effects Will Spill Over To The Crypto World...

No comments

It's so strange how both parties seem to magically come together for the worst things.

Apparently nothing unites a usually divided system more than when they need to vote on going to war, or to step on the right of citizens with bills like the Patriot Act, and now, the 'EARN IT Act', which has been officially submitted by Senators Lindsey Graham (R) and Richard Blumenthal (D).

They Want The Ability To See EVERYTHING...

But a bill saying that wouldn't stand a chance, so it carefully disguises itself as a way to protect children and victims of human trafficking. 

The US Government has expressed past frustration with major tech companies like Apple, when they refused to unlock a phone belonging to an accused terrorist, and Facebook for insisting that messages between users in WhatsApp remain encrypted.

Well, I'm sure they didn't think of this while writing it (sarcasm) - but this bill just happens to solve all their problems! While the bill's language focuses on protecting children, the end result is the power to decrypt encrypted data. 

press release in June from the Attorney General which pushed for tech companies to build backdoors that would allow for law enforcement to decrypt encrypted data gives us a glimpse into the true goals of these agencies.

The Bait And Switch...

The bill creates a commission comprised of the Attorney General along with law enforcement agencies that would determine a set of "best practices" or policies that a company would follow to both detect, and then provide evidence of illegal conduct happening on their devices or online platforms. 

While the bill lacks specifics on what these 'best practices' would be, it's safe to say they will not accept "we can't see what the messages contain, because they are encrypted" as an answer. 

While these backdoors will be created in the name of protecting children, once it's there, it's there.

With this major security implications are now introduced - while a backdoor may be created for law enforcement usage only, that same backdoor now exists for hackers to target and try to find their own way into. 

The Steep Cost Of Non-Compliance...

Companies risk losing protection under Section 230 of the Communications Decency Act, which states "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider".

Grasp how big this is. Companies could be charged with crimes as if they were a willing party involved in distributing the illegal content.

Headlines like "Facebook And Instagram Removed More Than 12 Million Pieces Of Child Porn" highlight how important Section 230 protection is - it's the reason they couldn't be charged with 12 million felonies.

Where Crypto Enters The Picture...

'Privacy coins' would surely be a target as they use encryption to hide wallet addresses and transaction sizes, and any exchange supporting them that does business in the US would be at risk at becoming liable for any crime that used their exchange and one of these tokens.

So in the case of crypto, how it would play out is pretty straightforward. There's no way to go back and change a blockchain to make them compliant, even if they wanted to.  Leaving only one solution - if an exchange allows US based users, they'll remove all privacy coins. An example that leads to my next point.

Reality Check: The Hidden Multibillion Dollar Price Tag, and Why They'll Get NOTHING...

It's pretty disturbing how tech-illiterate lawmakers are, but this may be the most disturbing case so far simply because their ignorance could lead to some of the countries most successful tech companies going under.

First off, the only real end result would be major damage to the US economy - because the only way to be sure there are no security holes in your software would be to avoid any developed by a US company. Expect any business dealing with sensitive information to make the move, and there's a lot of industries that value protecting client data -  accountants, doctors, lawyers, and the entire financial industry.

The Chinese government supposedly demands all access to the data of any company created within it's borders, and the US government and corporations avoid their products for this very reason - yet somehow lawmakers aren't realizing people do not want to hear that ANY government has special access to their data.

In one sentence, what they need to grasp is this simple: Companies and individuals will avoid software and hardware made by US companies for the same reason they currently avoid software and hardware made in China.

Secondly, beyond avoiding US products, users could simply continue using older versions of software made before companies had to implement these new rules, and just avoid updating it. 

So ultimately, the question is: - do US lawmakers want to force billions of dollars from US businesses, to companies in other countries? 

A huge price to pay, to gain absolutely nothing - 
simultaneously scaring away legitimate businesses, while the bad actors take simple measures to avoid it all together by using software created somewhere outside of their jurisdiction. 

Why I Fear They May Actually Do It...

The only indication of support so far is the bill receiving unanimous approval by the Senate Judiciary Committee when it was initially submitted. That sent the bill on to the next phase where it stands today - review and then debate in the Lower House. 

The Electronic Frontier Foundation has launched a signature campaign for US-based users to encourage their representatives to reject the bill, which you can find here

Author: Ross Davis 
E-Mail: Twitter:@RossFM
San Francisco News Desk / Breaking Crypto News

No comments

Spend $20, GET $40! Do it while you still can here!