EFF: EARN IT Bill to Scan Every Online Message

From digital civil liberties champion Electronic Frontier Foundation, The EARN IT Bill Is the Government’s Plan to Scan Every Message Online

Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn’t be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate.

That’s what the Senate Judiciary Committee has proposed and hopes to pass into law. The so-called EARN IT bill, sponsored by Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT), will strip Section 230 protections away from any website that doesn’t follow a list of “best practices,” meaning those sites can be sued into bankruptcy. The “best practices” list will be created by a government commission, headed by Attorney General Barr, who has made it very clear he would like to ban encryption, and guarantee law enforcement “legal access” to any digital message.

The EARN IT bill had its first hearing today, and its supporters’ strategy is clear. Because they didn’t put the word “encryption” in the bill, they’re going to insist it doesn’t affect encryption.

“This bill says nothing about encryption,” co-sponsor Sen. Blumenthal said at today’s hearing. “Have you found a word in this bill about encryption?” he asked one witness.

It’s true that the bill’s authors avoided using that word. But they did propose legislation that enables an all-out assault on encryption. It would create a 19-person commission that’s completely controlled by the Attorney General and law enforcement agencies. And, at the hearing, a Vice-President at the National Center for Missing and Exploited Children (NCMEC) made it clear [PDF] what he wants the best practices to be. NCMEC believes online services should be made to screen their messages for material that NCMEC considers abusive; use screening technology approved by NCMEC and law enforcement; report what they find in the messages to NCMEC; and be held legally responsible for the content of messages sent by others.

You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like “client-side scanning” aren’t a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others…

Click here to read the entire article at EFF.org.

Rutherford Institute: Federal Courts Rule That Individuals Shot by Police but Not Immediately Arrested May Not Sue Police for Wrongdoing Under the Fourth Amendment

From the Rutherford Institute:

In a case before the U.S. Supreme Court that could determine how far the courts may go in shielding police from being held accountable for wrongdoing, The Rutherford Institute is challenging a lower court ruling that prevents victims of police shootings for suing police for violations of their civil rights if the shooting did not result in an immediate arrest.

In an amicus brief filed jointly with the National Association of Criminal Defense Lawyers (NACDL) in Torres v. Madrid, Rutherford Institute attorneys argue that lower courts erred in ruling police did not violate the Fourth Amendment rights of a woman who, mistaking police officers for carjackers, fled from police, was pursued and shot twice in the back. The lower courts reasoned that because the woman was not arrested, she had not technically been “seized” by the police and, thus, could not sue police for “unreasonable searches and seizures” in violation of the Fourth Amendment.

Affiliate attorneys Jeffrey T. Green and John L. Gibbons of Sidley Austin, LLP, and Sarah O’Rourke Schrup of the Northwestern Supreme Court Law Clinic assisted The Rutherford Institute and the NACDL in advancing the arguments in Torres.

“This particular case underscores the unfortunate reality that we live in an age of hollow justice,” said constitutional attorney John W. Whitehead, president of The Rutherford Institute and author of Battlefield America: The War on the American People. “With every ruling handed down, it becomes apparent that the courts are more inclined to render narrow rulings that protect government interests than they are committed to upholding the rights of the people enshrined in the U.S. Constitution.”

Early in the morning of July 15, 2014, Roxanne Torres dropped a friend off at an apartment complex in Albuquerque, N.M.  After parking and exiting her car, Torres reentered and remained in the car with the engine running and the car doors locked. At that same time, four New Mexico State Police officers arrived at the complex intending to arrest a woman who was not related to Torres. Two of the officers approached Torres’s car and, with guns drawn, attempted to open the driver side door. Because the officers wore indistinguishable dark clothing and Torres did not hear what they shouted at her, Torres mistook them for carjackers and attempted to drive away. After the car moved forward mere inches, the police opened fire on Torres and she accelerated away. The officers continued shooting at Torres, firing 13 shots in all, two of which struck Torres in the back, paralyzing her right arm. Torres drove a short distance before she was forced by her injuries to stop. When a bystander refused to call police on her behalf, she found another car and drove it to a hospital, where she was airlifted to another hospital due to the seriousness of her injuries. She was subsequently arrested on charges related to fleeing the police.

Torres, in turn, sued the police for using excessive force in violation of the Fourth Amendment’s prohibition on “unreasonable searches and seizures.”  However, the trial and appeals courts ruled that because Torres was able to escape after being shot, she had not technically been “seized” by the police. In their amicus brief before the U.S. Supreme Court, which has agreed to hear the case, The Rutherford Institute and the NACDL argue that all uses of unreasonable and excessive force by police merit review under the Fourth Amendment, whether or not the victims of police brutality are arrested or temporarily elude capture.

EFF: Dangers to Privacy in EARN IT Act

The EARN IT Act introduced by Senator Lindsay Graham purports to be for the prevention of online child exploitation “and other purposes.” It’s those other purposes that we need to watch. The EFF, an organization fighting for your digital civil liberties, writes the article Congress Must Stop the Graham-Blumenthal Anti-Security Bill, expounding upon the many dangers lurking inside this bill.

There’s a new and serious threat to both free speech and security online. Under a draft bill that Bloomberg recently leaked, the Attorney General could unilaterally dictate how online platforms and services must operate. If those companies don’t follow the Attorney General’s rules, they could be on the hook for millions of dollars in civil damages and even state criminal penalties.

The bill, known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, grants sweeping powers to the Executive Branch. It opens the door for the government to require new measures to screen users’ speech and even backdoors to read your private communications—a stated goal of one of the bill’s authors.

Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT) have been quietly circulating a draft version of EARN IT. Congress must forcefully reject this dangerous bill before it is introduced.

EARN IT Is an Attack on Speech

EARN IT undermines Section 230, the most important law protecting free speech online. Section 230 enforces the common-sense principle that if you say something illegal online, you should be the one held responsible, not the website or platform where you said it (with some important exceptions)…

EARN IT is a direct threat to constitutional protections for free speech and expression. To pass constitutional muster, a law that regulates the content of speech must be as narrowly tailored as possible so as not to chill legitimate, lawful speech. Rather than being narrowly tailored, EARN IT is absurdly broad: under EARN IT, the Commission would effectively have the power to change and broaden the law however it saw fit, as long as it could claim that its recommendations somehow aided in the prevention of child exploitation. Those laws could change and expand unpredictably, especially after changes in the presidential administration…

Throughout his term as Attorney General, William Barr has frequently and vocally demanded “lawful access” to encrypted communications, ignoring the bedrock technical consensus that it is impossible to build a backdoor that is only available to law enforcement. Barr is far from the first administration official to make impossible demands of encryption providers: he joins a long history of government officials from both parties demanding that encryption providers compromise their users’ security.

We know how Barr is going to use his power on the “best practices” panel: to break encryption. He’s said, over and over, that he thinks the “best practice” is to always give law enforcement extraordinary access. So it’s easy to predict that Barr would use EARN IT to demand that providers of end-to-end encrypted communication give law enforcement officers a way to access users’ encrypted messages. This could take the form of straight-up mandated backdoors, or subtler but no less dangerous “solutions” such as client-side scanning. These demands would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their own users’ security, making all of us more vulnerable to criminals…

Weakening Section 230 makes it much more difficult for a startup to compete with the likes of Facebook or Google. Giving platforms a legal requirement to screen or filter users’ posts makes it extremely difficult for a platform without the resources of the big five tech companies to grow its user base (and of course, if a startup can’t grow its user base, it can’t get the investment necessary to compete)…

Click here to read the entire article at EFF

 

EFF: US-UK Agreement to Allow Warrantless Access to US Internet Servers

This article is from the Electronic Frontier Foundation, which fights for your digital freedoms, about an agreement between the US and the UK which would allow the UK police access to data held by American companies without following US privacy laws or the 4th Amendment.

Congress, Remember the 4th Amendment? It’s Time to Stop the U.S.-UK Agreement.

Unless Congress stops it, foreign police will soon be able to collect and search data on the servers of U.S. Internet companies. They’ll be able to do it without a probable cause warrant, or any oversight from a U.S. judge. This is all happening because of a new law enforcement deal between the U.S. and the United Kingdom. And while it seeks to exclude purely domestic correspondence between U.S. citizens and residents, plenty of Americans’ data will get swept up when they communicate with targeted individuals located abroad.

This is all happening because, for the first time, the U.S. executive branch is flexing its power to enter into law enforcement agreements under the CLOUD Act. We’ve been strongly opposed to this law since it was introduced last year. The recently signed deal between the U.S. Department of Justice and the U.K. Home Office will allow U.K. police easy access to data held by American companies, regardless of where the data is stored. These U.K. data requests, including demands to collect real-time communications, do not need to meet the standards set by U.S. privacy laws or the 4th Amendment. Similarly, the deal will allow U.S. police to grab information held by British companies without following U.K. privacy laws.

This deal, negotiated by American and British law enforcement behind closed doors and without public input, will deal a hammer blow to the legal rights of citizens and residents of both countries. And the damage won’t stop there. The U.S.-U.K. Cloud Act Agreement may well become a model for further bilateral deals with other foreign governments and the United States. Earlier this month, Australian law enforcement agencies began negotiating their own deal to directly access private information held by U.S. Internet companies.

There’s still one possible path to put the brakes on this disastrous U.S.-UK deal: Congress can introduce a joint resolution of disapproval of the agreement within 180 days. This week, EFF has joined 19 other privacy, civil liberties, and human rights organizations to publish a joint letter explaining why Congress must take action to resist this deal.

No Prior Judicial Authorization

In the U.S., the standard for when law enforcement can collect stored communications content is clear: police need to get a warrant, based on probable cause. If police want to wiretap an active conversation, they have to satisfy an even higher standard, sometimes called a “super warrant,” that limits both the timing and use of a wiretap. Perhaps most importantly, stored communications warrants and wiretap warrants have to be signed by a U.S. judge, which adds an extra layer of review to whether privacy standards are met. At EFF, a core part of our work is insisting on the importance of a warrant in many different scenarios.

Judicial authorization is a critical step in the U.S. warrant process. When police search people’s private homes, offices, or devices, they must justify why the search for specific evidence outweighs the presumption that individuals remain free from government intrusion. Judicial authorization acts as a safeguard between citizens and law enforcement. Further, history has shown that police can and will abuse their powers for intimidation, or even personal gain. In colonial times, the British military used general warrants to search through colonists’ houses and seize property—actions that helped fuel a revolution, and formed the basis for the 4th Amendment to the U.S. Constitution.

Incredibly, the DOJ has just thrown those rights away. Instead of relying on probable cause, the new agreement uses an untested privacy standard that says that orders must be based on a “reasonable justification based on articulable and credible facts, particularity, legality, and severity.” No judge in any country has decided what this means. Continue reading “EFF: US-UK Agreement to Allow Warrantless Access to US Internet Servers”

Liberty Blitzkrieg: AG Barr Wants to Kill Privacy and Security

Michael Krieger of Liberty Blitzkrieg has written a post about US Attorney General William Barr who has come out very much against the use of encryption by anyone but the government in recent weeks. The government wants full access to everything that you do and say wherever you are doing it, no matter how personal or private. As usual, it must be done “to save the children.”

William Barr Wants to Kill Privacy and Security…’For the Children’

U.S. Attorney General William Barr, along with co-conspirators in the UK and Australia, recently wrote a letter to Mark Zuckerberg requesting he not move forward with a plan to implement end-to-end encryption across Facebook’s messaging services. A draft of the letter was published earlier this month by Buzzfeed, and it’s worth examining in some detail.

What immediately strikes you is the letter’s emphasis on “protecting the children,” a talking point universally used by authoritarians throughout history to justify both a reduction of public liberty and a transfer of increased power to the state. Though this tactic is transparent and well understood by those paying attention, it’s nevertheless disturbing to observe Barr’s disingenuous and shameless use of it (the words ‘child’ and ‘children’ appear 17 times in the course of this brief letter).

Here’s just one example from the letter:

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

Barr and the U.S. government feign deep concern regarding the ability of bad people to “identify and groom our children,” yet this is the same guy and government who allowed Jeffrey Epstein to be suicided in a Department of Justice prison just a few months ago. It’s the same guy and government who can’t find or doesn’t want to find Ghislaine Maxwell. And it’s same guy and government that can’t be bothered to raid Epstein’s New Mexico ranch despite known instances of child abuse there…

Click here to read the entire article at Liberty Blitzkrieg.

More Anti-Gun Crazy from New York

From RochesterFirst.com, more proof that the inmates are running the asylum – Proposed law would let State search gun owner’s social media and internet history. The privacy invasions involved in this bill are a new level of crazy. Look for more of this mental diarrhea coming to a state near you.

A new act introduced in the New York State Assembly this month would require pistol owners to submit to a “social media review.”

Anyone applying for, or renewing a pistol permit would have to give up all login information, including passwords, for any social media sites they’re a part of.

Posts from the past three years on site like Facebook, Twitter and Snapchat would be reviewed for language containing slurs, racial/gender bias, threats and terrorism.

One year of search history on Google/Yahoo/Bing would also be reviewed.

Related:

Conservative Firing Line: New York Senate Bill 9191 – Destroying the Bill of Rights