from the don't-break-the-internet dept

In Part I of this series on the Department of Justices February 19 workshop, Section 230 Nurturing Innovation or Fostering Unaccountability? (archived video and agenda), we covered why Section 230 is important, how it works, and how panelists proposed to amend it. Part II explored Section 230s intersection with criminal law.

Here, we ask what DOJs real objective with this workshop was. The answer to us seems clear: use Section 230 as a backdoor for banning encryption a backdoor to a backdoor in the name of stamping out child sexual abuse material (CSAM) while, conveniently, distracting attention from DOJs appalling failures to enforce existing laws against CSAM. We conclude by explaining how to get tough on CSAM to protect kids without amending Section 230 or banning encryption.

Banning Encryption

In a blistering speech, Trumps embattled Attorney General, Bill Barr, blamed the 1996 law for a host of ills, especially the spread of child sexual abuse material (CSAM). But he began the speech as follows:

[Our] interest in Section 230 arose in the course of our broader review of market-leading online platforms, which we announced last summer. While our efforts to ensure competitive markets through antitrust enforcement and policy are critical, we recognize that not all the concerns raised about online platforms squarely fall within antitrust. Because the concerns raised about online platforms are often complex and multi-dimensional, we are taking a holistic approach in considering how the department should act in protecting our citizens and society in this sphere.

In other words, the DOJ is under intense political pressure to do something about Big Tech most of all from Republicans, who have increasingly fixated on the idea that Big Tech is the new Liberal Media out to get them. Theyve proposed a flurry of bills to amend Section 230 either to roll back its protections or to hold companies hostage, forcing them to do things that really have nothing to do with Section 230, like be "politically neutral" (the Hawley bill) or ban encryption (the Graham-Blumenthal bill), because websites and Internet services simply cant operate without Section 230s protections.

Multiple news reports have confirmed our hypothesis going into the workshop: that its purpose was to tie Section 230 to encryption. Even more importantly, the closed-door roundtable after the workshop (to which we were, not surprisingly, not invited) reportedly concluded with a heated discussion of encryption, after the DOJ showed participants draft amendments making Section 230 immunity contingent on compromising encryption by offering a backdoor to the U.S. government. Barrs speech said essentially what we predicted he would say right before the workshop:

Technology has changed in ways that no one, including the drafters of Section 230, could have imagined. These changes have been accompanied by an expansive interpretation of Section 230 by the courts, seemingly stretching beyond the statutes text and original purpose. For example, defamation is Section 230s paradigmatic application, but Section 230 immunity has been extended to a host of additional conduct from selling illegal or faulty products to connecting terrorists to facilitating child exploitation. Online services also have invoked immunity even where they solicited or encouraged unlawful conduct, shared in illegal proceeds, or helped perpetrators hide from law enforcement. ...

Finally, and importantly, Section 230 immunity is relevant to our efforts to combat lawless spaces online. We are concerned that internet services, under the guise of Section 230, can not only block access to law enforcement even when officials have secured a court-authorized warrant but also prevent victims from civil recovery. This would leave victims of child exploitation, terrorism, human trafficking, and other predatory conduct without any legal recourse. Giving broad immunity to platforms that purposefully blind themselves and law enforcers to illegal conduct on their services does not create incentives to make the online world safer for children. In fact, it may do just the opposite.

Barr clearly wants to stop online services from going dark through Section 230 even though Section 230 has little (if any) direct connection to encryption. His argument was clear: Section 230 protections shouldn't apply to services that use strong encryption. Thats precisely what the Graham-Blumenthal EARN IT Act would do: greatly lower the bar for enforcement of existing criminal laws governing child sexual abuse material (CSAM), allow state prosecutions, and civil lawsuits (under a lower burden of proof), but then allow Internet services to earn back their Section 230 protection against this increased liability by doing whatever a commission convened and controllled by the Attorney General tells them to do.

Those two Senators are expected to formally introduce their bill in the coming weeks. Undoubtedly, theyll refer back to Barrs speech, claiming that law enforcement needs their bill passed ASAP to protect the children.

Barrs speech on encryption last July didnt mention 230 but went much further in condemning strong encryption. If you read it carefully, you can see where Graham and Blumenthal got their idea of lowering the standard of existing federal law on CSAM from actual knowledge to recklessness, which would allow the DOJ to sue websites that offer stronger encryption than the DOJ thinks is really necessary. Specifically, Barr said:

The Department has made clear what we are seeking. We believe that when technology providers deploy encryption in their products, services, and platforms they need to maintain an appropriate mechanism for lawful access. This means a way for government entities, when they have appropriate legal authority, to access data securely, promptly, and in an intelligible format, whether it is stored on a device or in transmission. We do not seek to prescribe any particular solution. ...

We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement without materially weakening the security provided by encryption. Such encryption regimes already exist. For example, providers design their products to allow access for software updates using centrally managed security keys. We know of no instance where encryption has been defeated by compromise of those provider-maintained keys. Providers have been able to protect them. ...

Some object that requiring providers to design their products to allow for lawful access is incompatible with some companies business models. But what is the business objective of the company? Is it A to sell encryption that provides the best protection against unauthorized intrusion by bad actors? Or is it B to sell encryption that assures that law enforcement will not be able to gain lawful access? I hope we can all agree that if the aim is explicitly B that is, if the purpose is to block lawful access by law enforcement, whether or not this is necessary to achieve the best protection against bad actors then such a business model, from societys standpoint, is illegitimate, and so is any demand for that product. The product jeopardizes the publics safety, with no countervailing utility. ...

The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated.

In other words, companies choosing to offer encryption should have to justify their decision to do so, given the risks created by denying law enforcement access to user communications. Thats pretty close to a recklessness standard.

Again, for more on this, read Berins previous Techdirt piece. According to the most recently leaked version of the Graham-Blumenthal bill, the Attorney General would no longer be able to rewrite the best practices recommended by the Commission. But he would gain greater ability to steer the commission by continually vetoing its recommendations until it does what he wants. If the commission doesnt make a recommendation, the safe harbor offered by complying with the best practices doesnt go into effect but the rest of the law still would. Specifically, website and Internet service operators would still face vague new criminal and civil liability for reckless product design. The commission and its recommendations are a red herring; the truly coercive aspects of the bill will happen regardless of what the commission does. If the DOJ signals that failing to offer a backdoor (or retain user data) will lead to legal liability, companies will do it even absent any formalized best practices.

The Real Scandal: DOJs Inattention to Child Sexual Abuse

As if trying to compromise the security of all Internet services and the privacy of all users werent bad enough, we suspect Barr had an even more devious motive: covering his own ass, politically.

Blaming tech companies generally and encryption in particular for the continued spread of CSAM kills two birds with one stone. Not only does it offer them a new way to ban encryption, it also deflects attention from the real scandal that should appall us all: the collective failure of Congress, the Trump Administration, and the Department of Justice to prioritize the fight against the sexual exploitation of children.

The Daily, The New York Times podcast, ran part one of a two-part series on this topic on Wednesday. Reporters Michael Keller and Gabriel Dance summarized a lengthy investigative report they published back in September, but which hasnt received the attention it deserves. Heres the key part:

The law Congress passed in 2008 foresaw many of todays problems, but The Times found that the federal government had not fulfilled major aspects of the legislation.

The Justice Department has produced just two of six required reports that are meant to compile data about internet crimes against children and set goals to eliminate them, and there has been a constant churn of short-term appointees leading the departments efforts. The first person to hold the position, Francey Hakes, said it was clear from the outset that no one felt like the position was as important as it was written by Congress to be.

The federal government has also not lived up to the laws funding goals, severely crippling efforts to stamp out the activity.

Congress has regularly allocated about half of the $60 million in yearly funding for state and local law enforcement efforts. Separately, the Department of Homeland Security this year diverted nearly $6 million from its cybercrimes units to immigration enforcement depleting 40 percent of the units discretionary budget until the final month of the fiscal year.

So, to summarize:

Let that sink in. In a better, saner world, Congress would be holding hearings to demand explanations from Barr. But they havent, and the workshop will allow Barr to claim hes getting tough on CSAM without actually doing anything about it while also laying the groundwork for legislation that would essentially allow him to ban encryption.

Even for Bill Barr, thats pretty low.

Filed Under: cda 230, congress, csam, doj, encryption, funding, section 230, william barr

Here is the original post:
Barr's Motives, Encryption and Protecting Children; DOJ 230 Workshop Review, Part III - Techdirt

The United States government has been dead set against the use of Huawei equipment in national infrastructure since early 2018, when AT&T was pressured into dropping a lucrative 5G contract with the Chinese company. Speculation about encryption backdoors for use by the Chinese government has driven most of this, coming to a head recently with direct accusations that Huawei hardware has law enforcement backdoors in addition to new charges of racketeering and theft of trade secrets.

Another news story that broke recently may shed some light on the depth and intensity of United States suspicions even in the face of what sometimes seems to be scanty evidence.

U.S.-controlled Crypto AG, which has sold cryptographic equipment to governments throughout the world, used similar backdoors to allow the CIA to spy on foreign affairs for decades.

All of this is not to say that the U.S. does not have solid reasons to be wary of Huawei. As a company based in China, Huawei is required by law to comply with any demands the governing CCP makes of it; there is no room for something like Apples refusal to create an encryption backdoor for the US government. China and the US are racing to be the first into the lucrative 5G space, and Huawei has been caught with its hand in the industrial espionage cookie jar before.

Before you continue reading, how about a follow on LinkedIn?

The thing that is more nebulous is the accusations of hardware backdoors that lead back to China, which until recently had relied on a trust us, were the government approach from the US. While there may well be classified evidence that makes this more than a case of projection, US history would indicate that this abundance of government caution stems from the actions of its own intelligence agencies. No story is more illustrative than that of Crypto AG.

Founded in Switzerland in 1952, Crypto AGs trade was in providing ciphering machines to U.S. forces during World War II. The firm became an international cryptography giant from there, providing technology to the governments of more than half the worlds nations over the decades.

Initially, Crypto AG was independent. But in the 1960s, control of the Swiss company was covertly taken by the CIA and West German intelligence. Business continued as normal and the rest of the world was unaware, but from about 1970 forward the equipment coming out of Crypto AG contained encryption backdoors.

The U.S. used this to spy on a broad range of foreign nations, and not just enemies and rivals. This equipment was in use in Spain, Italy, Turkey, Greece, Argentina, India, Pakistan, and the Vatican among other locations.

The full details of the relationship were confirmed by a recent Washington Post report, but there were strong indications and suspicions dating back to the 1970s. Communications between the NSA and the founder of Crypto AG hinted at the relationship, as did some careless statements made by President Reagan during the 80s. This may be why primary rivals Russia and China were never customers of the company. However, in the early 1990s the CIA bought out West Germany and continued to produce this compromised equipment until the company was fully dissolved in 2018. News reports speculating about this connection appeared as early as 1995, but at that point the world of cryptography was transitioning to the internet and Crypto AG was becoming much less relevant.

The CIA and West German intelligence were at odds from the beginning, but managed to keep the program together for over two decades. The CIA was dismayed at the West German focus on using the encryption backdoors to make money rather than gather important intelligence; the West Germans were aghast at the willingness of the US to spy on everyone but its closest allies, according to internal reports unearthed by the Washington Post. The reports indicate that the United Kingdom, Sweden, Switzerland and Israel were aware of the encryption backdoor program and were given access to intelligence gathered from it.

The reports also indicate that Crypto AG used bribes to foreign leaders and smear campaigns against competitors to maintain its dominant market position.

Though the US has virtually frozen the company out of the country at this point, not all of its allies have taken the same tack. The UK will allow Huawei components in non-sensitive parts of the countrys 5G network, and a vote on the companys presence in Germany is forthcoming.

Australia has banned it, but New Zealand intends to incorporate some Huawei components into its network and Canada is still mulling the possibility.

Huawei, for its part, has staunchly maintained it does not include encryption backdoors for the Chinese government. And U.S. accusations of that nature have been vague thus far, not providing enough details for anyone else to independently verify them.

The dilemma for every other country in the world is that Huaweis equipment tends to be the cheapest option among the major manufacturers, and is about as advanced as it gets in the 5G realm. There are fair reasons to wonder what kind of access the CCP will have bundled with it, but as of now the only evidence is the insistence of the same government that brought the world Crypto AG, NSA surveillance of allied leaders, demands for an encryption backdoor in all Apple devices, and multiple insecure backdoors in Cisco routers. Whether that helps or hurts their case is in the eye of the beholder.

What can the average end user do with all of these government backdoors in their hardware? Kevin Bocek, VP security strategy & threat intelligence at Venafi, provides some parting thoughts:

Government mandated backdoors will allow cyber criminals to undermine all types of private, secure communications and weaken the power of encryption ultimately, if we create this power for government, it will soon work its way into the wrong hands. We have already seen this with EternalBlue and the Ukranian power station hack. This is why the Crypto AG revelations should be a major concern for all of us.

The only way organizations can be confident that their encryption does not possess any backdoors is by ensuring they have complete visibility and control over the encryption keys and certificates that act as machine identities. These security assets enable and secure machine to machine communications and are used in nearly every digital transaction.

Read this article:
Crypto AG Shows That US Concern Over Huawei Encryption Backdoors Comes From Long Experience Doing the Same Thing - CPO Magazine

Really, this again?

We feel like we've written this article a thousand times but once again, Britain's security services are complaining that they can't read absolutely all of your online communications and it's JUST NOT FAIR!

Sir Andrew Parker, head of MI5, is asking tech companies to give spy agencies "exceptional access" (meaning in exceptions, not exceptionally detailed although we wouldn't be surprised) to encrypted messages, especially on Facebook (and presumably Facebook-owned WhatsApp) which is introducing end-to-end encryption.

Parker's comments were made in an ITV interview that'll be broadcast this Thursday. In it, Sir Andrew apparently bemoans the fact that your inbox is "a wild west, unregulated, inaccessible to authorities" and says it's "increasingly mystifying" that spies can't just have a quick look.

As ever, the excuse is that MI5 and other spy agencies can't see what terrorists are saying to one another, but as we all know, this kind of argument is always used to try and scare us into giving up the tiny sliver of privacy we have left. Much like the way Met Police chief Cressida Dick recently said having your face scanned against your will is better than "a knife in the chest," as if those were the only two options.

"Use the brilliant technologists youve got," says Parker, to "provide end-to-end encryption but on an exceptional basis [...] where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening." Sorry, how is that end-to-end? From one end to the other with a quick diversion to MI5? Cool.

Essentially, Parker is saying "hey locksmiths, can you provide locks that are totally secure on everyone's doors and windows, but also open with a master key? BUT STILL SECURE!"

As a coalition of tech companies said on one of the many previous occasions spies pleaded for backdoors, it would turn "a two-way conversation into a group chat where the government is the additional participant." Sweet! Who doesn't want Joe The Spy sending gif reacts to your texts?

Even if we do give up the last bit of privacy we had and allow spies into our chats, we won't be safe, Parker admits. Asked if he thought MI5 was in control of the situation in 2017 when there was a string of terror attacks, he said, "Well were not in control of it ever, are we? To be in control would mean that somehow we could manage this whole landscape and stop everything. We cant. We cant do that."

Super. [The Guardian]

Main image: MW238 via Flickr Creative Commons

Read this article:
MI5 Still Thinks Encryption Backdoors are an Excellent Idea That Couldn't Possibly Go Wrong - Gizmodo UK

Verified Market Research adds new research report on market size for Encryption Software and regional forecasts for 2020-2026. The report provides an in-depth analysis of the Encryption Software market, taking into account market dynamics, segmentation, geographic expansion, the competitive landscape, and various other key issues. The market analysts who prepared the report have thoroughly examined the Encryption Software market and provided reliable and accurate data. They understand the needs of the industry and customers, so they can easily focus on the issues that end users have been looking for. The research report provides an analysis of an assessment of existing and upcoming trends in which players can invest. It also includes an assessment of the players financial prospects and the nature of the competition.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

This report includes the following Companies; We can also add other companies you want:

Encryption Software Market: Competitive Landscape

The competitive landscape is a must for market participants to withstand the competition in the Encryption Software market. This helps market participants to develop effective strategies to optimize their market positions. In addition, the competitive analysis helps them identify potential benefits and obstacles in the Encryption Software market. This allows them to monitor how their competitors are implementing different strategies, including pricing, marketing, and sales.

Encryption Software Market: Drivers and Limitations

The report section explains the various drivers and controls that have shaped the global market. The detailed analysis of many market drivers enables readers to get a clear overview of the market, including the market environment, government policy, product innovation, development and market risks.

The research report also identifies the creative opportunities, challenges, and challenges of the Encryption Software market. The framework of the information will help the reader identify and plan strategies for the potential. Our obstacles, challenges and market challenges also help readers understand how the company can prevent this.

Encryption Software Market: Segment Analysis

The report section contains segmentations such as application, product type and end user. These segments help determine which parts of the market will improve over others. This section analysis provides information on the most important aspects of developing certain categories better than others. It helps readers understand strategies to make solid investments. The market for Encryption Software is segmented according to product type, applications and end users.

Encryption Software Market: Regional Analysis

This section of the report contains detailed information on the market in different regions. Each region offers a different market size because each state has different government policies and other factors. The regions included in the report are North America, Europe, Asia Pacific, the Middle East and Africa. Information about the different regions helps the reader to better understand the global market.

Ask for Discount @ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=1826&utm_source=PN24&utm_medium=001

Table of Content

1 Introduction of Encryption Software Market

1.1 Overview of the Market1.2 Scope of Report1.3 Assumptions

2 Executive Summary

3 Research Methodology of Verified Market Research

3.1 Data Mining3.2 Validation3.3 Primary Interviews3.4 List of Data Sources

4 Encryption Software Market Outlook

4.1 Overview4.2 Market Dynamics4.2.1 Drivers4.2.2 Restraints4.2.3 Opportunities4.3 Porters Five Force Model4.4 Value Chain Analysis

5 Encryption Software Market , By Deployment Model

5.1 Overview

6 Encryption Software Market , By Solution

6.1 Overview

7 Encryption Software Market , By Vertical

7.1 Overview

8 Encryption Software Market , By Geography

8.1 Overview8.2 North America8.2.1 U.S.8.2.2 Canada8.2.3 Mexico8.3 Europe8.3.1 Germany8.3.2 U.K.8.3.3 France8.3.4 Rest of Europe8.4 Asia Pacific8.4.1 China8.4.2 Japan8.4.3 India8.4.4 Rest of Asia Pacific8.5 Rest of the World8.5.1 Latin America8.5.2 Middle East

9 Encryption Software Market Competitive Landscape

9.1 Overview9.2 Company Market Ranking9.3 Key Development Strategies

10 Company Profiles

10.1.1 Overview10.1.2 Financial Performance10.1.3 Product Outlook10.1.4 Key Developments

11 Appendix

11.1 Related Research

Request Report Customization @ https://www.verifiedmarketresearch.com/product/global-encryption-software-market-size-and-forecast-to-2025/?utm_source=PN24&utm_medium=001

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients.

Analysts with high expertise in data gathering and governance utilize industry techniques to collate and examine data at all stages. Our analysts are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research reports.

Contact Us:

Mr. Edwyne FernandesCall: +1 (650) 781 4080Email: [emailprotected]

TAGS: Encryption Software Market Size, Encryption Software Market Growth, Encryption Software Market Forecast, Encryption Software Market Analysis, Encryption Software Market Trends, Encryption Software Market

Read the original post:
Encryption Software Market 2020 Analysis by Overview, Growth, Top Companies, Trends, Demand and Forecast to 2026 - Packaging News 24