back to article Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we'll shut US ops

Secure messaging app developer Signal says its US operation hangs in the balance due to a proposed law in America. In a blog post on Thursday, the non-profit said it will have to shut down it stateside presence should the EARN IT Act be passed and signed into law. Legal and liability concerns would make it impossible to …

  1. quattroprorocked

    EARN IT

    Would be a huge foot self shoot by the American Gvt.

    So, it'll probably happen :-)

    1. HildyJ Silver badge
      Flame

      Re: EARN IT

      They've tried terrorism, drugs, and now child porn. If this bogeyman doesn't work I would predict that they will try to use COVID-19. And they includes all governments, not just the US. They will never give up.

      1. alain williams Silver badge

        Re: EARN IT

        They've tried terrorism, drugs, and now child porn.

        It is nothing new, they are the Four Horsemen of the Infocalypse a term coined in 1988.

        The USA shouts 'repression' when this happens in China, Egypt, ... but then claims that 'it is for your good' when they do it.

        1. A.P. Veening Silver badge

          Re: EARN IT

          Don't you mean the Five Horsemen of the Apocralypse?

          Obligatory PTerry reference.

      2. Anonymous Coward
        Anonymous Coward

        Re: EARN IT

        "If this bogeyman doesn't work I would predict that they will try to use COVID-19"

        Both Google and Apple were happy to announce that tracking of anyone nearby via Bluetooth will be integrated into operating system and reports sent to mothership *every 15 minutes*.

        You can bet you can't turn that *feature* off and another way of spying, not only you, but *everyone* around you*.

        Also it was very depressing to read the colossal stupidity The Verge published as article:

        "Apple and Google are building a coronavirus tracking system into iOS and Android"

        *People* tracking system it is and these morons have no clue at all. And as it's bolted to the OS, there's no way to remove or disable it. *More data to sell*, in reality and even less privacy for everyone.

        https://www.theverge.com/2020/4/10/21216484/google-apple-coronavirus-contract-tracing-bluetooth-location-tracking-data-app

        "While the app regularly sends information out over Bluetooth, it broadcasts an anonymous key rather than a static identity, and those keys cycle every 15 minutes to preserve privacy."

        Irrelevant when *OS* (not the application as article tries to claim) sends the key and IMEI to mothership at the same time. Or it uses key generated in mothership (which keeps track on them).

        This thing has 0 privacy from the start and all the talk about keys is just bullshit trying to hide it.

        They could as well use IMEI directly: OS knows it, any application knows it, so Google knows it *and* it knows the "private key". Smoke and mirrors.

        1. Anonymous Coward
          Anonymous Coward

          Re: EARN IT

          While I wholly understand the thinking and necessity for trying to do these simple things to slow the spread of a disease, I have to question:

          -If Android and iOS are going to track me without my consent, is there a lawsuit waiting to happen there?

          -Doesn't the US Constitution include something about a right of assembly? I can't believe someone hasn't tried to kick up a fuss about that yet. (Yes, they'd be pigheaded and idiotic to do so, but there's quite a lot of those people not just in the US but in the world as a whole.)

          1. This post has been deleted by a moderator

            1. Tom Paine Silver badge

              Re: EARN IT

              It's _supposedly_ anonymous; there's no central database listing who is in contact with who, and who's got / had Covid-19.

              1. Fatman
                Headmaster

                Re: EARN IT

                <quote>there's no central database listing who is in contact with who, and who's got / had Covid-19.</quote>

                YET!!!

          2. HellDeskJockey
            Big Brother

            Re: EARN IT

            Actually there is a pretty huge fight brewing on this. Our Attorney General issued a warning this weekend State and local governments cannot harass citizens for attending Church at Easter as long as the church is practicing social distancing safety. Several local and state government agencies were trying to ban drive in Easter Services. For those who don't know a drive in service is where people stay in their cars 6 ft (2 m) apart much like an old time drive through movie theater. This was lost on these officials who decided that there must be NO gatherings. Though it is perfectly ok to go to the grocery store, liquor store, pot dispensary etc. They were also trying to go after Gun Stores also but again they were shut down.

        2. Tom Paine Silver badge

          Re: EARN IT

          As I understand it, the contact tracing app's supposed to use Bluetooth to sense proximity to other users, so presumably you can turn that off -- in the unlikely event they try to force-install the thing, which I really can't see. They wouldn't need to: simple social pressure would do it. Especially if the thing had a way of alerting you that there's a phone in your vicinity that's NOT running the app...)

          You wouldn't need 100% coverage to get substantial benefit for the stated purpose, anyway; IDK what the curve would look like - the square of the number of users?

          Of course that's just the stated purpose of the "NHS app" -- there's already a leak in the Grauniad suggesting that they're perfectly well aware of the potential for illicit, malevolent misuse by the state:

          https://www.theguardian.com/world/2020/apr/13/nhs-coronavirus-app-memo-discussed-giving-ministers-power-to-de-anonymise-users

  2. Chris G Silver badge

    If you follow the money

    It will be the very people who promote encryption publicly who are likely to profit the most from an end to most encryption. Currently, many of those who provide encrypted platforms are the same people who make a living out of selling as much of everybody's data as possible, makes you wonder what kind of conversations their lobbyists have behind closed doors.

    1. doublelayer Silver badge

      Re: If you follow the money

      Do they? The only one that comes immediately to mind is the chat app WhatsApp, which is Facebook-owned. The rest of the big players only seem to offer end-to-end on things they get paid for, and don't bother with it for other communications they work with. Apple, for example, offers relatively good encryption for many of their things, including end-to-end on some, but to use any of those, you have to already have purchased an Apple device. Anything that is clearly mined, such as email services from Google and the like, are not encrypted and there's no pretense that they are. The clearest providers of completely encrypted communication services I can think of are all smaller nonprofits, such as Signal, Tor, or Telegram.

      1. Claverhouse Silver badge

        Re: If you follow the money

        Email services such as Proton and Tutanota ( Swiss and German respectively ) to name only 2 offer the encrypted option as standard.

        I tried to ban Gmail for users on a forum.,,

      2. e^iπ+1=0

        follow the money ... chat app WhatsApp

        Another is Messenger, same owner. What about Skype?

        1. Eddy Ito

          Re: follow the money ... chat app WhatsApp

          Skype is owned by Microsoft. Apparently it supports end to end encryption

          1. teknopaul Silver badge

            Re: follow the money ... chat app WhatsApp

            Skype supports end to end encryption because they route traffic via random users nodes on the Internet. Without end to end encryption there would be no encryption.

      3. Charlie Clark Silver badge

        Re: If you follow the money

        And WhatsApp switched to using the Signal protocol for encryption a few years ago, not least because this would leave it less open to lawsuits when its own shitty protocol was compromised. Not sure how it handles groups, not least because I don't use WhatsApp, but it seems more than happy to scrape (and leak – in a group everyone's telephone number is visible to everyone else) metadata, but zero-knowledge encryption for groups is difficult as recent reports from Signal show. I guess the NSA wants to hold the tide back before the proposed zero knowledge group code becomes generally available.

    2. Version 1.0 Silver badge
      Meh

      Re: If you follow the money

      The most likely effect of this bill will be to improve encryption methods.

  3. A.P. Veening Silver badge

    I am still waiting for the first (originally American) IT company to close its doors in the USA. The only organisation I know which did it, organized scientific HIV congresses and that happened when foreign HIV positive participants weren't allowed to enter the USA.

    1. teknopaul Silver badge

      Wasn't there an email provider that shut up shop all of a sudden and everyone presumed it was because they were asked to backdoor and not tell anyone. I forget the name.

      1. John H Woods Silver badge

        email provider who shut up shop ...

        ... not email, but you're not thinking of Truecrypt are you?

  4. Pascal Monett Silver badge
    FAIL

    "a political body that devotes a lot of attention to national security"

    No, it does not devote a lot of attention to national security, it devotes a lot of attention to the excuses that allow it to pretend that national security is its focus.

    In reality, it just wants the means to spy on everyone without bothering with the Constitution of its own country.

    Because that is so much easier than paying attention when the CIA warns them that Al Qaeda terrorists are getting flying lessons on US soil.

    1. jonathan keith Silver badge

      Re: "a political body that devotes a lot of attention to national security"

      It was actually the FBI who flagged that up. When the FBI asked the CIA if they had info in their files about any of the names on the FBI's list of arabs attending US flight schools, the CIA hid the fact that two people on the FBI's list were known al-Qaeda members.

  5. Doctor Syntax Silver badge

    "For a political body that devotes a lot of attention to national security, the implicit threat of revoking Section 230 protection from organizations that implement end-to-end encryption is both troubling and confusing,"

    Sending mixed signals.

  6. sanmigueelbeer Silver badge

    How is "moving overseas" will make any difference?

    The US government can easily rule that the service is an American-owned corporation OR the service has American-made components so it has to abide by American law.

    The American border is not a "limit" to it's long-reaching law.

    1. doublelayer Silver badge

      At a very basic level, if you don't operate in the U.S. and you don't need things from the U.S., then the American government can't do anything to you from their law. They can try to encourage your country to go after you, and it has a decent chance of working for them, but they don't have legal methods. So that would be a drastic method, essentially cutting off all of the U.S. The less drastic method that also has some chance of working is to move all operations and supply chains out of the U.S. but continue to allow Americans to use the service. That is technically operating in the U.S., and the U.S. can issue legal complaints, fines, or prison terms, but if you don't live there or have stuff there they can take they may find it difficult to enforce those. That approach could work for Signal, while there are numerous other types of organizations for which that would be a non-starter.

      1. Kevin Johnston Silver badge

        This wouldn't be the first time that US laws on encryption have left them using a lower grade system than the rest of the world. When they limited the encryption levels that could be sold to non-US customers a number of companies went 'Rest of the world only' and increased bitness well beyond that available in the US. Net result was the US Government caved in so they could catch up

      2. Claverhouse Silver badge

        Fortunately Great Britain has tough Home Secretaries who will give a robust response to American Government requests.

        1. Paul Crawford Silver badge
          Joke

          You forgot this =>

          Some readers might not get it...

          1. jonathan keith Silver badge
            Black Helicopters

            Alternatively, this one ==>

            (Substitute Kelvedon Hatch Secret Nuclear Bunker for Montana mountain bunker complex.)

      3. Anonymous Coward
        Anonymous Coward

        the American government can't do anything to you from their law

        other than ban any US-company dealing with you, handling your payment, etc, etc. There are many, many ways for the US government to demonstrate a world-wide "influence", without bombing the evild-doers out of their evil glass/desert/mountain/forest/underground/underwater hole. And all that - to protect US citizens from filth, depravity, threat to their lives and property around the globe (and elsewhere). Impressive, eh? :(

      4. Doctor Syntax Silver badge

        "continue to allow Americans to use the service. That is technically operating in the U.S."

        Operate in the US at arm's length with a local franchise.

        1. doublelayer Silver badge

          If you operate with a franchise, that doesn't help. First, you are essentially handing that franchise-owner over for all punishments, which isn't very nice. Second, if your franchise does anything, then when their stuff is affected by legal matters you have much more disruption. Third, it doesn't stop you being responsible legally, and you can still get arrested if you show up there. If you can operate electronically, it works similarly except they don't have anyone they can arrest immediately. Their only choices are to try to put pressure on countries you need stuff from or try to block you.

          1. Doctor Syntax Silver badge

            "Third, it doesn't stop you being responsible legally, and you can still get arrested if you show up there."

            On what charge? (Come to that why would I want to show up there?) You do your stuff in a jurisdiction where it's legal. The franchisee buys a service from you in that jurisdiction and sells it in the US. If no franchisee is willing to take on the risks the US doesn't get that service or, to look at it another way, the US gets the service it deserved by electing the governments it did.

            1. doublelayer Silver badge

              Franchising is weird when the service being provided isn't physical. Usually, you don't need one and you don't have one, and most exceptions only have local affiliates (usually not franchised) to provide local support. Signal doesn't have national franchises now, and for a very good reason: they'd be useless. But let's assume that they did set one up. Essentially, they provide the main system and a national franchise is created which links citizens to it. If the local franchise is connecting people to an encrypted system, they can't access the data being sent. If they were sent an order to divulge that data, they wouldn't be able to comply and could be charged. The owners of the company who authorized the franchise could also be charged on the basis that they did not intend to follow the laws when they agreed to establish a franchise. Enforcing that charge if the owners were out of the country would be difficult, and getting judges and juries to agree would also be tricky, but it is certainly possible in the law to do so.

              Consider a simpler example of a franchise: an international chain restaurant. If a local franchise is formed which needs to get ingredients, and the ones they are required to buy break local health laws, the owners of that franchise can be charged for that violation. In addition, the owners of the main business can be charged with breaking the same laws by making that requirement, which is illegal. Again, this isn't a guarantee of a legal victory, but it is a case that can be made which often leads lawyers to try to avoid that risk.

    2. ThinkingMonkey

      Land of the Free (emphasis on 'free')

      But in the US we are free, dammit! Free, I tell you!

      1. e^iπ+1=0

        Re: Land of the Free (emphasis on 'free')

        If you're free, then you're the product.

        1. Ken Hagan Gold badge
          Pint

          Re: Land of the Free (emphasis on 'free')

          Sweet. I think that deserves one of these.

        2. Claptrap314 Silver badge

          Re: Land of the Free (emphasis on 'free')

          Yes. You are the product of millions of citizens who purchased that freedom for you--many at the cost of their lives.

          There are limits to the usefulness of snark.

    3. eldakka Silver badge

      If an organisation (corporation, business, foundation, etc.) is fomed in another nation and is not wholly-owned by a US otganisation, it is not American-owned. There is no way a court would accept that it was American-owned if it couldn't be shown to be American-owned. Otherwise the US Government could just decide ARM, Samsung, Huawei, Alphabet, Apple (Ireland), TSMC, etc. were all US-corporations therefore subject to US taxation and laws.

      Signal is all software, not hardware based, so there is no American "made" components in it. Also, see PGP History:

      Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". At the time, cryptosystems using keys larger than 40 bits were considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits, so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.

      Zimmermann challenged these regulations in an imaginative way. He published the entire source code of PGP in a hardback book,[23] via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could cut off the covers, separate the pages, and scan them using an OCR program (or conceivably enter it as a type-in program if OCR software was not available), creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case).

    4. Charlie Clark Silver badge

      The US is pretty good at enforcing its laws in other jurisdictions using things like the Magnitsky Act, or declaring any particular group or country as "terrorist". But the problem they face with Signal is that the code and research (the peer reviewing and theoretical validation is perhaps as important here) is already public so it would likely become a whack-a-mole and some countries might have problem complying with US demands and their own laws, relying on lax enforcement, or using that US stalwart the anonymous shell company or trust to obscure everything.

      But when has that every stopped them? Hard to think of anything more sinister and pointless than the Committee for Unamerican activities but I'm sure history is replete with them. :-/

      1. A.P. Veening Silver badge

        The US is pretty good at enforcing its laws in other jurisdictions using things like the Magnitsky Act, or declaring any particular group or country as "terrorist".

        But the US are starting to notice some push back as ohter jurisdictions are also starting to enforce their own laws within the USA (e.g. the European GDPR). And it is rapidly approaching the point where other jurisdictions get together for the sole purpose of pushing back. I wonder how long it will take some countries to put the CIA and all of its operatives on the terrorist watch list (where it already belongs anyway).

        1. Charlie Clark Silver badge

          Not really, if you think how effective the US has been over Iran sanctions: it controls the dollar trade and has no problem enforcing sanctions on subsidiaries or associated companies that want to continue trading in America.

          The only country that is really able to largely ignore such heavy-handedness is China, and that only in countries (such as large parts of Africa) where the rule of law required to enforce US extraterratorial claims is often absent. Currently, the US economy is simply too important for many countries.

          But the rules around IP and specifically encryption are definitely changing.

      2. Doctor Syntax Silver badge

        declaring any particular group or country as "terrorist"

        How much of its tech industry does the US have to expel in this way before a tipping point is reached and it has to define the entire rest of the world as "terrorist"?

        Perhaps this is more easily seen from the PoV of an elderly Brit. The UK is a post-imperial power. When I was born the possibility that this could happen would be inconceivable to most people (many seem unable to grasp that fact even now) but it is the case. It must seem as inconceivable to must USians but, having watched it happen to the UK, I have no difficulty visualising it happening to the US.

        1. Fatman

          RoTW telling the USofA to....

          <quote>When I was born the possibility that this could happen would be inconceivable to most people (many seem unable to grasp that fact even now) but it is the case. It must seem as inconceivable to must USians but, having watched it happen to the UK, I have no difficulty visualising it happening to the US.</quote>

          It will be a shocking day when the rest of the world stands up and tells the US Gubmit to

          "FUCK OFF!!!!"

          An appropriate icon: https://c7.uihere.com/files/534/152/58/the-finger-fuck-decal-youtube-youtube.jpg

  7. Bronek Kozicki Silver badge

    I think it would be rather splendid

    .... if all secure messaging platforms pulled from the US. Imagine this conversation:

    Senators: We want our secure communication with staff

    Providers: Sorry, can't do, you made it illegal for us to provide it.

    1. Paul Crawford Silver badge

      Re: I think it would be rather splendid

      Senator: "Damn you, we want an American solution!"

      Staff: "Well sir, you can use WebEx from Cisco"

      Senator: "Say boy, how fast can we revoke this bill?"

    2. Olius

      Re: I think it would be rather splendid

      I came here to write the same - Signal pulling out of the US wouldn't be a bad thing. I imagine it would go like this:

      1. Signal pulls out of the US

      2. US citizens realise they have no freedom or privacy after all

      3. ...

      4. Profit

      1. jonathan keith Silver badge

        Re: I think it would be rather splendid

        3. US citizens shrug, go about their normal daily activities

        4. Profit for data miners, brokers, lobbyists

        1. A.P. Veening Silver badge

          Re: I think it would be rather splendid

          Wrong, American military (big time user of Signals) realises it is way up shit creek in a leaky canoe without paddles.

          1. Jamie Jones Silver badge

            Re: I think it would be rather splendid

            US governent and military could just make rhemselves exempt from the law, and then roll their own.

            I don't know if sigjal is open-source, but even if not, the encryption is.

            1. A.P. Veening Silver badge

              Re: I think it would be rather splendid

              Please rethink, government and IT projects ...

              1. Bronek Kozicki Silver badge
                Trollface

                Re: I think it would be rather splendid

                It would be a very long "then", then

                1. Doctor Syntax Silver badge

                  Re: I think it would be rather splendid

                  And very profitable for someone.

            2. DCFusor Silver badge

              Re: I think it would be rather splendid

              However, this government is known IT-utterly-incompetent, and the military is just now outsourcing all its IT and even secure stuff to ...Microsoft (or Amazon, depending on whose lawyers win).

              The crypto is the easy part anyway - See Bruce Schneier and friends. It's avoiding all sorts of pitfalls and side channel attacks that is hard. Ask Intel about that one.

              One wonders, however. Since it's well known that the agencies can pretty much compromise any device - and therefore get plaintext before (or after) either "end" of end to end encryption...and even though they complain, it seems the FBI can buy exploits to get into those "locked phones" and does so just before they lose in court (more than once!) - maybe this is all just a smokescreen to make people THINK they don't already have the goods - they just want the messaging platforms to do all the work of screening, and take the blame in the event of failure.

            3. Claptrap314 Silver badge

              Re: I think it would be rather splendid

              That's not how this goes down.

              1) If the US military is a heavy user of Signal, then the NSA has signed off on it.

              2) No way in ******* **** that the NSA approves such without source code, fully analyzed.

              3) Almost as unlikely that they would be using Signal's servers, if for no other reason than that they are not hardened against physical attacks by hostile actors.

              4) Which means that they are using military servers. If Signal pulls out of the US, this has 0 effect on this application.

              5) It's not legal for my to own a B83--does not mean that the military does not have them.

    3. doublelayer Silver badge

      Re: I think it would be rather splendid

      Sadly, I expect you'd see this timeline:

      1. Law: Is passed.

      2. Signal: Is forced overseas.

      3. U.S. enforcement body: Tries to pursue Signal legally, can't find a way, blocks them.

      4. Legislators: "We want our secure communications."

      5. Law: Is modified saying government can use these apps but citizens can't.

      6. Signal: Decides that if citizens aren't allowed, government isn't either. Blocks them.

      7. Legislators: Write law: "Somebody make us a version of Signal that works for us."

      8. NSA: "We'd be happy to. The code is open source anyway. We're just going to stand up a server of our own."

      9. Legislators: "Perfect. Send us a link, would you?"

      10. NSA: "We have finished setting it up. Now if you could reauthorize our data collection stuff for a century or so, we think we can send you a link."

      11. Legislators: "Weird. They thought we were ever going to balk at that. We've been fine with it for two decades; why do they think that's going to change? Well then..."

      12. Reauthorization law: Is passed.

      13. NSA: Sends link to signal.gov client.

      14. Legislators: Install the app.

      15. Legislators: "Hey look! It works the same as the last version! Thank you, NSA."

      16. Military: "The encryption system we had just got hit with the original law. Can we use this too?"

      17. NSA: "Absolutely!"

      18. Military: Starts to use the app.

      19. NSA: "Any congresspeople being potentially annoying today?"

      20. NSA analyst: "Actually yes. There was a new one elected and they're chatting about an oversight bill over us."

      21. NSA: "What do we have on them?"

      22. NSA analyst: "Everything they've ever sent or received. I'm sure we can find something out of context that can be used against them."

      23. NSA: "Wonderful! Do that then."

      24. Newspaper: "Newly elected representative [name] who stood for election on a platform of public privacy faces ethics committee investigations."

      25. NSA: Evil laughter.

      1. quxinot Silver badge
        Pint

        Re: I think it would be rather splendid

        I don't know to upvote you for your succinct and accurate views, or downvote you for being so horrifically dystopian.

        (Have an upvote, the truth is true even when unpleasant!)

        1. ThatOne Silver badge
          Devil

          Re: I think it would be rather splendid

          > dystopian

          You think? Remember, Murphy's law is part of the Constitution of Reality.

          As about the OP, I think he is rather optimistic, in that he assumes the agency will only use that power to defend itself, and its bosses will not abuse their power to go on a rabid crusade to protect the country from itself (something called an "auto-immune reaction" in medicine). US TLAs are prone to that kind of behavior.

  8. Ken Hagan Gold badge

    EARN IT is aiming at the wrong targets

    There are internet-based channels of communication which are 1:1 (or 1:few, if we include conference calls). These include some messaging platforms and all internet commerce and banking. I don't have a problem with these operating under the usual rules on carrier protection. Phone taps require a warrant and the participants have a reasonable expectation of privacy.

    Then there are internet-based channels of communication which are 1:many, where the "many" are unknown to the 1. These include social media and news outlets, but also anyone offering blogging services or similar to the general public. Similar services in the non-internet world are TV, radio and print publishers and everyone expects these to be regulated because there is no control over the audience. Sure enough, they are all regulated.

    Apparently this distinction, so easily made by people for the past few centuries, has now become Really Hard To Grasp and we get bills like EARN IT which (as far as I can tell from the coverage) are trying to use the "broadcast" justification to overturn the "reasonable expectation of privacy" on a 1:1 call.

    1. Anonymous Coward
      Anonymous Coward

      Re: EARN IT is aiming at the wrong targets

      "Apparently this distinction, so easily made by people for the past few centuries, has now become Really Hard To Grasp"

      I don't believe that a second: This is a deliberate attack against *any* privacy/encryption people might have.

      You could try to explain it with stupidity, but AG Barr suggested that they should give Barr himself the power to decide "suitable guidelines" restricting encryption.

      It is publicly known that Barr's main goal is to ban encryption, all of it, and enable law enforcement access to any online conversation. *Any* online conversation.

      Barr isn't even bothering to hide his goals and he wants personal power to define what kind of encryption is allowed. Or none, as he'll order in a heartbeat if he can.

    2. Anonymous Coward
      Anonymous Coward

      Re: EARN IT is aiming at the wrong targets

      @Ken_Hagen

      There's another perspective on this. There's an ASSUMPTION that ALL the participants in some internet communication can be identified (e.g. they have contract and a registered credit card with a mobile phone company, or they have an FB account in their own name, or they have an identifiable email account, or they have a broadband account registered to a person with a physical address....and so on).

      *

      This assumption is false. People carry pay-as-you-go mobiles paid for in cash (so called burner phones). People use throwaway email addresses and emails sent and received in internet cafes (or sent and received using hijacked WiFi). This message in El Reg is sent by AC -- and how would "the authorities" identify the sender or any of the readers? ....or they use a VPN in addition to any of these other methods.....

      *

      So.......not only do "the authorities" need to read the plain text of messaging....they also need to identify the sender and the recipients. And time is on the side of the "bad guys".....if it takes weeks to decipher a private cipher, and the sender and recipients of the message can't be identified.....what good is some more legislation?

  9. Boris the Cockroach Silver badge
    Big Brother

    The opposition

    to this bill should ask this question to the supporters.

    "Would you be happy if the government could open and read your mail without a warrent?"

    Government = law enforcement agencies to any TLAs.

    Mail = any communications between you and anyone else.

    1. A.P. Veening Silver badge

      Re: The opposition

      And the sheeple (including the supporters in Congress) would claim they have nothing to hide.

    2. ThatOne Silver badge
      Unhappy

      Re: The opposition

      Just promise them a new lolcat a day and everybody will accept.

      Or just wait a couple days, or till the next celebrity scandal takes over public interest, and use the general and complete indifference to pass the bill.

      While individuals can be intelligent, masses are appallingly stupid, and politicians know that, it's their livelihood. Individually we might think "Do you really take me for a moron?", but collectively we're all just drooling "oooh, shiny...". :-(

    3. Doctor Syntax Silver badge

      Re: The opposition

      Don't forget the supporters never realise it applies to them or that they have stuff they are contractually obliged to keep secret (all those EULAs they clicked through without reading).

  10. Anonymous Coward
    Anonymous Coward

    Once again with feeling.......

    If the so called "bad guys" use private encryption BEFORE their messages enter a public channel, then the whole "end-to-end encryption" debate is moot!

    *

    I know, I know......experts say private encryption is "very weak". If that is true, how come two of three Beale papers are still secret after more than a century? And even if it is true, privately encrypted messages ARE private for as long as it takes to break them.....which might be quite long enough for bad things to happen!

    *

    So tell me again what this legislation achieves....apart from providing a grandstanding photo opp for stupid politicians?

    *

    And if private ciphers are so easy, maybe an expert can decipher this:

    *

    0pB$0hM80ZNp104o10Ri069e0BDw0Fc00zqa00pl

    1LsP0Vjx1XVx0KDJ1i5$0qaU0MNr0uLf045J15lu

    1XQy19=v1NMb0Pif134m0qI=0pZW1FLb1Ckm0Hs2

    03Gp0Zdm0dNV1fv30f$x0kdU0U=v1Jj80U4u0thP

    0qbN1m0u0FVx1Nca1cIP0c6o0feb16Z50MrH1Fon

    1chV0J1x

    *

    1. osakajin Bronze badge

      Re: Once again with feeling.......

      Thats easy.

      First line is a blonde

      Second a brunette*

      *with apologies to the matrix.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020