At some point this year, the UKs long-delayed Online Safety Bill is finally expected to become law. In the governments words, the legislation is an attempt to make the UK the safest place in the world to be online by introducing a range of obligations for how large tech firms should design, operate, and moderate their platforms.

As any self-respecting Verge reader knows, content moderation is never simple. Its difficult for platforms, difficult for regulators, and difficult for lawmakers crafting the rules in the first place. But even by the standards of internet legislation, the Online Safety Bill has had a rocky passage. Its been developed over years during a particularly turbulent era in British politics, changing dramatically from year to year. And as an example of just how controversial the bill has become, some of the worlds biggest online organizations, from WhatsApp to Wikipedia, are preemptively refusing to comply with its potential requirements.

So if youve tuned out the Online Safety Bill over the past few years and lets be honest, a lot of us have its time to brush up. Heres where the bill came from, how its changed, and why lawmakers might be about to finally put it on the books.

So lets start from the beginning. What is the Online Safety Bill?

The UK governments elevator pitch is that the bill is fundamentally an attempt to make the internet safer, particularly for children. It attempts to crack down on illegal content like child sexual abuse material (CSAM) and to minimize the possibility that kids might encounter harmful and age-inappropriate content, including online harassment as well as content that glorifies suicide, self-harm, and eating disorders.

The safest place in the world to be online

But its difficult to TL;DR the Online Safety Bill at this point, precisely because its become so big and sprawling. On top of these broad strokes, the bill has a host of other rules. It requires online platforms to let people filter out objectionable content. It introduces age verification for porn sites. It criminalizes fraudulent ads. It requires sites to consistently enforce their terms of service. And if companies dont comply, they could be fined up to 18 million (around $22.5 million) or 10 percent of global revenue, see their services blocked, and even see their executives jailed.

In short, the Online Safety Bill has become a catchall for UK internet regulation, mutating every time a new prime minister or digital minister has taken up the cause.

How many prime ministers are we talking about here?

Wait, how long has this bill been in the works for?

The Online Safety Bill started with a document called the Online Harms White Paper, which was unveiled way back in April 2019 by then-digital minister Jeremy Wright. The death of Molly Russell by suicide in 2017 brought into sharp relief the dangers of children being able to access content relating to self-harm and suicide online, and other events like the Cambridge Analytica scandal had created the political impetus to do something to regulate big online platforms.

The Online Safety Bill: a timeline

${item.text}

The idea was to introduce a so-called duty of care for big platforms like Facebook similar to how British law asks employers to look after the safety of their employees. This meant companies would have to perform risk assessments and make proactive solutions to the potential harms rather than play whack-a-mole with problems as they crop up. As Carnegie UK associate Maeve Walsh puts it, Interventions could take place in the way accounts are created, the incentives given to content creators, in the way content is spread as well as in the tools made available to users before we got to content take down.

The white paper laid out fines and the potential to block websites that dont comply. At that point, it amounted to some of the broadest and potentially strictest online regulations to have been proposed globally.

What was the response like at the time?

Obviously, there was a healthy amount of skepticism (Wireds take was simply titled All thats wrong with the UKs crusade against online harms), but there were hints of cautious optimism as well. Mozilla, for example, said the overall approach had promising potential, although it warned about several issues that would need to be addressed to avoid infringing on peoples rights.

If the British government was on to such a winner, why hasnt it passed this bill four years later?

Have you paid attention to British politics at all in the past four years? The original white paper was introduced four prime ministers and five digital ministers ago, and it seems to have been forced into the back seat by more urgent matters like leaving the European Union or handling the covid-19 pandemic.

But as its passed through all these hands, the bill has ballooned in size picking up new provisions and sometimes dropping them when theyre too controversial. In 2021, when the first draft of the bill was presented to Parliament, it was just 145 pages long, but by this year, it had almost doubled to 262 pages.

Where did all those extra pages come from?

Given the bills broad ambitions for making online life safer in general, many new elements were added by the time it returned to Parliament in March 2022. In no particular order, these included:

Over time, the bills definition of safety has started to look pretty vague. A provision in the May 2021 draft forbade companies from discriminating against particular political viewpoints and will need to apply protections equally to a range of political opinions, no matter their affiliation, echoing now familiar fears that conservative voices are unfairly censored online. Bloomberg called this an anti-censorship clause at the time, and it continues to be present in the 2023 version of the bill.

And last November, ministers were promising to add even more offenses to the bill, including downblousing and the creation of nonconsensual deepfake pornography.

Hold up. Why does this pornography age check sound so familiar?

The Conservative Party has been trying to make it happen since well before the Online Safety Bill. Age verification was a planned part of the Digital Economy Bill in 2016 and then was supposed to happen in 2019 before being delayed and abandoned in favor of rolling the requirements into the Online Safety Bill.

The problem is, its very difficult to come up with an age verification system that cant be either easily circumvented in minutes or create the risk that someones most intimate web browsing moments could be linked to their real-life identity notwithstanding a plan to let users buy a porn pass from a local shop.

Age checks for porn are a long-running political project

And its not clear how the Online Safety Bill will overcome this challenge. An explainer by The Guardian notes that Ofcom will issue codes of practice on how to determine users ages, with possible solutions involving having age verification companies check official IDs or bank statements.

Regardless of the difficulties, the government is pushing ahead with the age verification requirements, which is more than can be said for its proposed rules around legal but harmful content.

And what exactly were these legal but harmful rules?

Well, they were one of the most controversial additions to the entire bill so much so that theyve been (at least partially) walked back.

Originally, the government said it should officially designate certain content as harmful to adults but not necessarily illegal things like bullying or content relating to eating disorders. (Its the less catchy cousin of lawful but awful.) Companies wouldnt necessarily have to remove this content, but theyd have to do risk assessments about the harm it might pose and set out clearly in their terms of service how they plan to tackle it.

But critics were wary of letting the state define what counts as harmful, the fear being that ministers would have the power to censor what people could say online. At a certain point, if the government is formally pushing companies to police legal speech, its debatable how legal that speech still is.

From legal but harmful to the triple shield

This criticism had an effect. The legal but harmful provisions for adults were removed from the bill in late 2022 and so was a harmful communications offense that covered sending messages that caused serious distress, something critics feared could similarly criminalize offensive but legal speech.

Instead, the government introduced a triple shield covering content meant for adults. The first shield rule says platforms must remove illegal content like fraud or death threats. The second says anything that breaches a websites terms of service should be moderated. And the third says adult users should be offered filters to control the content they see.

The thinking here is that most websites already restrict harmful communications and legal but harmful content, so if theyre told to apply their terms of service consistently, the problem (theoretically) takes care of itself. Conversely, platforms are actively prohibited from restricting content that doesnt breach the terms of service or break the law. Meanwhile, the filters are supposed to let adults decide whether to block objectionable content like racism, antisemitism, or misogyny. The bill also tells sites to let people block unverified users aka those pesky anonymous trolls.

None of this impacts the rules aimed specifically at children in those cases, platforms will still have a duty to mitigate the impact of legal but harmful content.

Im glad that the government addressed those problems, leaving a completely uncontroversial bill in its wake.

Wait, sorry. Were just getting to the part where the UK might lose encrypted messaging apps.

Remember WhatsApp? After the Online Safety Bill was introduced, it took issue with a section that asks online tech companies to use accredited technology to identify child sexual abuse content whether communicated publicly or privately. Since personal WhatsApp messages are end-to-end encrypted, not even the company itself can see their contents. Asking it to be able to identify CSAM, it says, would inevitably compromise this end-to-end encryption.

WhatsApp is owned by Meta, which is persona non grata among regulators these days, but its not the only encrypted messaging service whose operators are concerned. WhatsApp head Will Cathcart wrote an open letter that was co-signed by the heads of six other messaging apps, including Signal. If implemented as written, [this bill] could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users, says the letter. In short, the bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate.

The consensus among legal and cybersecurity experts is that the only way to monitor for CSAM while leaving messages encrypted in transit is to use some kind of client-side scanning, similar to the approach Apple announced in 2021 that it would be using for image uploads to iCloud. But the company ditched the plans the following year amid widespread criticism from privacy advocates.

In its open letter, WhatsApp argues that regardless of whether a scanning technology still means messages are technically encrypted in transit, it still fatally undermines end-to-end encryption. Proponents say that they appreciate the importance of encryption and privacy while also claiming that its possible to surveil everyones messages without undermining end-to-end encryption, the letter says. The truth is that this is not possible.

Organizations such as the Internet Society say that such scanning risks creating vulnerabilities for criminals and other attackers to exploit and that it could eventually lead to the monitoring of other kinds of speech. The government disagrees and says the bill does not represent a ban on end-to-end encryption, nor will it require services to weaken encryption. But without an existing model for how such monitoring can coexist with end-to-end encryption, its hard to see how the law could satisfy critics.

The UK government already has the power to demand that services remove encryption thanks to a 2016 piece of legislation called the Investigatory Powers Act. But The Guardian notes that WhatsApp has never received a request to do so. At least one commentator thinks the same could happen with the Online Safety Bill, effectively giving Ofcom a radical new power that it may never choose to wield.

But that hasnt exactly satisfied WhatsApp, which has suggested it would rather leave the UK than comply with the bill.

Okay, so messaging apps arent a fan. What do other companies and campaigners have to say about the bill?

Privacy activists have also been fiercely critical of what they see as an attack on end-to-end encryption. The Electronic Frontier Foundation, Big Brother Watch, and Article 19 published an analysis earlier this year that said the only way to identify and remove child sexual exploitation and abuse material would be to monitor all private communications, undermining users privacy rights and freedom of expression. Similar objections were raised in another open letter last year signed by 70 organizations, cybersecurity experts, and elected officials. The Electronic Frontier Foundation has called the bill a blueprint for repression around the world.

Tech giants like Google and Meta have also raised numerous concerns with the bill. Google says there are practical challenges to distinguishing between illegal and legal content at scale and that this could lead to the over-removal of legal content. Meta suggests that focusing on having users verify their identities risks excluding anyone who doesnt wish to share their identity from participating in online conversations.

A blueprint for repression around the world

Even beyond that, there are more fundamental concerns about the bill. Matthew Lesh, head of public policy at the Institute of Economic Affairs, notes that theres simply a massive disparity between what is acceptable for children to encounter online and whats acceptable for adults under the bill. So you either risk the privacy and data protection concerns of asking all users to verify their age or you moderate to a childrens standard by default for everyone.

That could put even a relatively safe and educational service like Wikipedia under pressure to ask for the ages of its users, which the Wikimedia Foundations Rebecca MacKinnon says would violate [its] commitment to collect minimal data about readers and contributors.

The Wikimedia Foundation will not be verifying the age of UK readers or contributors, MacKinnon wrote.

Okay, thats a lot of criticism. So whos in favor of this bill?

One group thats been broadly supportive of the bill is childrens charities. The National Society for the Prevention of Cruelty to Children (NSPCC), for example, has called the Online Safety Bill an urgent and necessary child protection measure to tackle grooming and child sexual abuse online. It calls the legislation workable and well-designed and likes that it aims to tackle the drivers of online harms rather than seek to remove individual pieces of content. Barnardos, another childrens charity, has been supportive of the bills introduction of age verification for pornography sites.

Ian Russell, the father of the late Molly Russell, has called the Online Safety Bill a really important piece of legislation, though hes pushed for it to go further when it comes to criminal sanctions for executives whose products are found to have endangered childrens well-being.

I dont think that without effective regulation the tech industry is going to put its house in order, to prevent tragedies like Mollys from happening again, Russell said. This sentiment appears to be shared by increasing numbers of lawmakers internationally, such as those in California who passed the Age-Appropriate Design Code Act in August last year.

Wheres the bill at these days?

As of this writing, the bill is currently working its way through the UKs upper chamber, the House of Lords, after which itll be passed back to the House of Commons to consider any amendments that have been made. The governments hope is to pass it at some point this summer.

Even after the bill passes, however, there will still be practical decisions made about how itll work in practice. Ofcom will need to decide what services pose a high enough risk to be covered by the bills strictest rules and develop codes of practice for platforms to abide by, including tackling thorny issues like how to introduce age verification for pornography sites. Only after the regulator completes this consultation process will companies know when and how to fully comply with the bill, and Ofcom has said it expects this to take months.

The Online Safety Bill has had a difficult journey through Parliament, and its likely to be months before we know how its most controversial aspects are going to work (or not) in practice.

Update May 4th, 11:15AM ET:Updated to add more details about the objections to client-side scanning.

Original post:
The UKs Online Safety Bill, explained - The Verge

Staying safe online can be a slippery slope. Even if you understand cybercriminals' gimmicks, you could make a simple mistake and suffer severe consequences. It helps to secure your applications and protect your data in unfavorable circumstances.

Application security sets precedence to mitigate cyber threats and vulnerabilities before they occur. How does it do this and what benefits does it offer?

Application security is the implementation of policies, procedures, and processes to secure your software and hardware applications to prevent internal and external threats. It begins from the app's development stage and runs through its lifespan.

Application security uses a standard checklist containing security protocols of acceptable practices within an application. Prohibited activities and devices are blacklisted from entering or operating within the application.

There are various types of application security such as web application security, cloud application security, and mobile application security.

Web applications are software and services you use on a browser with an internet connection. Since the data is transmitted via the remote servers of an internet connection, web applications are vulnerable to all kinds of attacks.

Web application security is a method for securing data on your website by blocking its endpoints against unauthorized access. Effective web application security prevents downtime. Even when your application is under attack, it still functions without jeopardizing the user experience.

Cloud technology allows you to use multiple tools and services to store and access your data for optimal operations without building and managing these services yourself. Since you'd usually share cloud applications with others, the cloud services have numerous access points that hackers can leverage.

Cloud application security instills policies and processes to secure active services in the cloud and its host systems. Attacks on cloud applications are usually severe because they impact multiple networks on the service.

Mobile applications are very popular among individuals. You probably have several applications you use regularly on your smartphone. Using these tools without security is a recipe for disaster as intruders seek illegitimate ways to retrieve your data.

Mobile application security offers multiple security layers to protect your applications from intrusions. It begins with restricting access to only authorized users and then blocks third-party networks from intercepting your connection to retrieve your data.

Application security implements various security controls to verify users identities as they engage with your system. Malicious and illegitimate users fail the verification processes and are unable to proceed.

Here are some application security techniques:

Encryption is the process of transforming plain data into a coded format, so users can only view or understand it after they decrypt it. This is an essential part of application security because threat actors could use advanced hacking techniques such as brute force to enter your network and see your data. But when you encrypt your data, its of no use to them so far they cant decrypt it.

In data encryption, the sender and receiver of the data assign cryptographic keys to the information they are protecting. The receiver can easily decrypt the data since they have the keys.

Authentication is a standard procedure for verifying the legitimacy of a user trying to access your application. A common application security method, a user needs to enter the username and password they generated when signing up to your system to access their account. The system runs a background check to confirm that the login credentials are authentic.

Hackers have gotten better at bypassing the standard username and password single authentication, so you need to implement stronger methods like multi-factor authentication that add additional security layers. Besides entering their username and password, a user may need to provide a one-time password (OTP) your system generates and sends to their phone or email.

Authorization works in line with authentication. Its the process of running a users credentials through the list of legitimate users and confirming whether they are on the list. Authorization allows for more streamlined access control. It verifies a users access privilege to specific areas of your system.

A user passing the authentication shouldnt automatically grant them access to all the resources in your system, especially when you have sensitive data. To access delicate resources, they need to undergo an authorization pass.

All systems are vulnerable by defaultthis explains why there are residual and inherent risks. Application security checkmates existing and potential risks and ultimately enhances your system in the following ways.

Phishing attacks where threat actors trick people into compromising their data or system happen daily. Some victims may have a high level of cybersecurity awareness but still fall for these antics because no one is infallible. Its important that you have default security settings that are independent of users actions.

Application security focuses on securing active applications. It considers various possible threats that may occur on the system and erects defenses to push back. For instance, an email security system can detect malicious emails and send them to spam without allowing you to see them in the first place. Some tools will block harmful links and attachments from opening even when you click on them.

One major reason anyone, especially cybercriminals, would want to hack your system is so they can access your data. They wouldnt waste their time plotting an attack on your system if you didnt have valuable data.

Application security helps you build security walls around your application. And if intruders manage to bypass those walls, it also secures your data with techniques like encryption, so they cant view or read your data. This privacy prevents sensitive data exposure and ransomware attacks.

One would think that the biggest networks would be the most secure, but they have come under attack, exposing users data. You don't earn user trust and confidence with the size of your network, but by proving to them that they are safe on your platform.

If you have been using a particular platform for a while, and you havent experienced any form of breach or attack, you would develop some level of trust and confidence in it.

Application security offers a level-playing field of security. No matter how big or small your system is, you can protect yourself and other users by implementing the available application security measures within your environment.

To get the most out of application security, you must test it regularly to ensure it functions effectively. This is key as little changes on your system can alter its operations.

Application security offers additional security layers beyond what you have on the ground in your network, ensuring that each application doesn't harbor vulnerabilities. This helps to identify and resolve specific threats on time.

More here:
What Is Application Security and Why Do You Need It? - MUO - MakeUseOf

Lawmakers will markup legislation next week that would hold tech companies accountable for child sexual abuse materials and images distributed on their platforms, part of a growing push in Washington, across the U.S. and abroad to crack down on activity online related to harming minors.

This marks the third time Sens. Lindsey Graham, R-S.C., and Richard Blumenthal, D-Conn., have put the bill the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act forward. The bill previously failed to see a floor vote, instead drawing backlash from security experts and privacy advocates over its potential to weaken the availability of end-to-end encryption.

Those concerns are even more heightened today amid growing concerns about the privacy of people seeking abortions after the Supreme Court overturned Row v. Wade and state laws eroding LGBTQ+ civil rights. Additionally, the FBI and Interpol both recently spoke out against encrypted chat apps and lawmakers in the U.K. and European Union are considering laws like the EARN IT Act that could also decrease the availability of encryption.

All these developments could open the next front in the war over encryption that has flared up over the past decade, often pitting law enforcement against civil liberties groups in the U.S. and abroad.

Whats different this time is a growing public awareness about the benefits of encryption. In the wake of the Supreme Courts abortion ruling, for instance, California, New York and D.C. attorneys generals all issued warnings to residents to avoid unencrypted messaging technology when discussing sensitive information. And the return of the EARN IT Act is already sparking public pushback. An online petition from the group Fight for The Future asking Congress to oppose the bill has more than 500,000 signatures.

The EARN IT Act is probably one of our biggest encryption-threatening bills worldwide, said Natalie Campbell, senior director of North American government and regulatory affairs for the Internet Society, a founding member of the Global Encryption Coalition.

The bill would make two significant changes to current laws. First, the legislation strips companies of liability protections outlined in Section 230 of the Communications Decency Act in cases involving child exploitation, opening the door for more state and private plaintiff cases. Second, it removes the federal knowledge standard for child sexual abuse materials, making it easier for courts to make the argument that a tech company was negligent in offering encryption because it knew it could be used to transmit child sexual abuse materials.

They are opening the courthouse door and lowering the threshold to get through that door and successfully bring a claim, said Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory. And so all of that will operate to disincentivize providers or allow the punishment of providers of offering encryption.

Furthermore, privacy advocates say, the EARN IT Act would make it easier for law enforcement to claim that a company acted negligently or recklessly by offering encryption, bolstering a years-long argument law enforcement has made against encrypted services. While in previous years those complaints have centered around terrorism and drug trafficking, increasingly law enforcement has pointed to child abuse in its concerns about end-to-end encryption.

Earlier this month, the FBI joined with Interpol and the U.K. National Crime Agency to blast Metas expansion of encryption, saying it blindfolds them to abuse and is a purposeful design choice that degrades safety systems. Former AttorneyGeneral William Barr used concerns about child exploitation when sparring with Meta over its plans to roll out full end-to-end encryption across its messaging products in 2019, arguing that going dark impeded the Justice Department from investigating child predators.

The EARN IT Act, introduced the same year Meta announced its encryption plans, got its name from an original plan to allow companies to earn liability protections by following guidance from a law enforcement-led national commission, has become synonymous with concerns that weakening encryption hurts everyone, not just criminals. So much so that lawmakers tried to address encryption concerns in 2020 by clarifying in the bills text that the use of full end-to-end encryption cannot serve as an independent basis for liability. Experts criticized the fix, which does not prohibit encryption from being used as evidence of negligence, as insufficient.

Now, critics say that the Supreme Courts Dobbs decision and the rise of laws targeting LGBQT+ rights make the stakes of the bill even higher than during previous reintroductions. You cant be pro-choice and anti-encryption, said Pfefferkorn.

Moreover, experts worry that the broad definitions in the EARN IT Act could give states the ability to pressure service providers to not just weaken encryption, but to remove lawful content entirely under the pretext of concerns about child exploitation.

Emma Llans, director of the Center for Democracy and Technologys Free Expression Project, said the EARN IT Act would be a gift to those state prosecutors seeking to censor large parts of the web and criminalize information about reproductive health care and LGBTQ+ content.

Llans pointed to the purge of content related to sex and nudity after the passage of FOSTA-SESTA, a bill aimed at eliminating sex trafficking, as an example of what tech companies do when their liability protections are threatened.

Some advocates expressed surprise to CyberScoop that lawmakers reintroduced the EARN IT Act with virtually no changes, given previous opposition. In fact, one of the only notable changes to the bill is the removal of the term grooming, according to a copy of the bill. Blumenthals office told CyberScoop the term was removed to more precisely reflect the conduct in the U.S. criminal code that the bill covers.

Technology companies are already legally required to report known child sexual abuse materials to the National Center for Missing and Exploited Children, which then forwards those reports to law enforcement. Many have taken an additional voluntary step by using hash matching, a technology that allows systems to flag abusive images that has already been reported and assigned a digital signature.

Proponents of EARN IT and other online safety bills say that this kind of voluntary system leads to underreporting and that not enough firms are using hashing. When you start looking at the reports coming in from these companies, theyre often missing a lot of information or are just unhelpful, said Alexander Delgado, director of public affairs for ECPAT-USA, an anti-trafficking policy organization.

Because hashing is based on known material, it has limitations in what it can detect. Other automated tools may produce false results or incorrectly flag child abuse. For instance, The New York Times reported two instances in which parents were accused by Google of uploading child sexual abuse materials after taking sensitive images of their children to share with doctors. In both cases, the men were investigated and cleared by law enforcement, but Google permanently suspended their accounts.

Despite these limitations, some lawmakers in the U.S. and abroad have pressured companies to go a step further by scanning users messages for abusive material before they are sent, using a process called client-side scanning. Efforts to do so, like a ditched attempt by Apple in 2021, have been met with swift criticism by encryption experts.

Electronic Frontier Foundation senior analyst Joe Mullin compared the technology to having someone read your messages over your shoulder. Even if the technology doesnt technically break the encryption, it breaks the values of what end-to-end encryption promises, he said. Theres no way to look at all the messages for this one bad crime and also have end-to-end encryption, said Mullin. Its actually incompatible.

Since the EARN IT Acts initial introduction in 2020 childrens online safety has taken center stage in Congress. Other proposals include the recently introduced STOP CSAM Act, which includes measures such as enforcing new child exploitation reporting obligations for tech companies. There is also the Kids Online Safety Act, which would require platforms used by kids 16 and under to prevent the promotion of content encouraging harmful behaviors. A boom in state-level childrens safety laws also add pressure on federal lawmakers to act.

Theres definitely a lot of momentum for some of these bills, which kind of heightens our concerned that something is gonna pass through, said Campbell of the Internet Society.

The EARN IT Act isnt the only sign of a new front in the war on encryption worrying encryption experts. The European Union has introduced its own CSAM regulations and the United Kingdoms Online Safety Act, which would promote client-side scanning, is making its way through parliament much to the protest of global tech firms.

Its like this kind of global onslaught, said Mullin.

Every expert CyberScoop spoke with agreed that tech companies need to do more to protect children online. However, critics of EARN IT say that there are less controversial changes that wouldnt interfere with encryption that Congress could explore first. For instance, Congress could extend CyberTip hotline preservation times, Pfefferkorn suggested.

If we could have more of a thoughtful and sustained discussion about that and put these civil liberties violating ideas off the table that could be a really positive approach, CDTs Llans said. Im not sure EARN IT can do that.

Proponents of the legislation say, however, that time is of the essence. I think we need to at least do something instead of just trying to find the perfect answer, said Delgado, whose organization supports both EARN IT and STOP CSAM. So, if we see something that doesnt work thats when we should be making changes.

Delgado acknowledged that there are valid critiques of the bills but said that there are costs and benefits to all legislation.

Encryption experts worry those costs could hurt the very children the legislation is trying to prevent. Absolutely nobody wants to prevent efforts to fight child abuse online, said Campbell, who is a parent. But you cannot undermine encryption without introducing a significant threat to every single internet user.

Corrected April 26, 2024: An earlier version of this article misstated that the EARN IT Act had not been formally reintroduced.

Go here to read the rest:
Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps - CyberScoop

Although cryptocurrencies have experienced a significant decline from their market cap of over $2 trillion in 2021, they are gaining momentum once again, with Bitcoin up over 75% YTD as of this writing. The crypto industry is rapidly integrating its way into mainstream monetary systems, offering unique solutions to numerous sectors, including finance and gaming.

Born from the ashes of the 2008 financial crisis, the cryptocurrency industry, led by Bitcoin, emerged in response to what was perceived by many as a corrupt, inefficient and centralized financial landscape. It sought to establish decentralized financial alternatives to overcome these challenges, striving to achieve an intricate equilibrium between security, scalability and decentralization.

However, despite the robust nature of the blockchain, the security of cryptocurrencies is threatened by the advent of quantum computers, as they will compromise existing cryptographic algorithms without a viable replacement.

Enter your email and you'll also get Benzinga's ultimate morning update AND a free $30 gift card and more!

The Quantum Resistant Ledger, or the QRL blockchain, offers an innovative and future-proof solution that addresses the significant quantum risk of existing blockchain technology with its own quantum-safe blockchain technology and digital asset. The following discussion will explore the quantum risk landscape for cryptocurrency and evaluate QRL's potential to seize this market opportunity as a post-quantum secure hedge for investors.

Options 101: The Beginner's Guide

Want to become an options master? In his free report, options expert Nic Chahine will give you access to thefour bulletproof tips for beginners, the secret to scoring 511% gainswith options, and his time-tested"plan" for success. Grab your free copy of Options 101: The Beginner's Guide ASAP.

To understand the quantum risk landscape, it's first important to take a step back and understand how cryptocurrencies operate. The primary objective of crypto is to facilitate value exchange without intermediaries, achieved via cryptographic algorithms that enable consensus, process transactions, and ensure data integrity in a permissionless, automated way.

Cryptocurrency security currently relies on mathematical processes, called hashing algorithms, and digital keys, specifically public-key cryptography. Together, these systems discourage tampering by making it extremely expensive and challenging for malicious users to exploit the system.

This implies that, unlike traditional banks, cryptographic algorithms and blockchain technology confirm ownership through probabilistic trustlessness rather than absolute certainty. While todays major blockchains like Bitcoin and Ethereum are considered extremely secure, quantum computing promises new capabilities in processing power, which is likely to have grave impacts on the security of these cryptocurrencies.

According to a recent report by Deloitte, about 65% of all Ether are vulnerable to a quantum attack, and this number has been continuously increasing. This is a significantly larger percentage than the 25% Deloitte found for the Bitcoin blockchain in a previous analysis.

The Quantum Resistant Ledger (QRL) stands as the pioneering post-quantum value store and secure communication layer, designed to shield against the looming quantum computer threat.

QRL employs a cryptographic method called the eXtended Merkle Signature Scheme (XMSS), to ensure that the blockchain remains secure even in the face of powerful quantum computers, providing a long-term solution for safeguarding digital assets.

In addition to protecting transactions, QRLs unique blockchain technology also secures communications. QRL brings together two advanced techniques, on-chain lattice key storage and layer-to-internode communication, to create a highly secured messaging system that is protected from the threats of super-powerful quantum computers.

Lastly, QRL is extremely adaptable and tightly integrated with several world-leading hardware digital asset storage solutions and open development architecture. This, coupled with a rich API and user interface, makes QRL a seamless and robust enterprise solution.

As a prudent investor, evaluating long-term risks associated with blue-chip assets like Bitcoin and Ethereum is essential. While they may be safe at the moment, current trends in post-quantum computing pose grave risks to the security of these platforms.

QRL could be poised to be a market leader in the quantum-safe space, potentially offering a low-risk and lucrative opportunity for investors to gain exposure to a growing niche. With the increasing divergence between the physical and digital worlds, it is more crucial than ever to assess and safeguard against the escalating risks in the digital era.

Featured photo by FLY:D on Unsplash

This post contains sponsored advertising content. This content is for informational purposes only and is not intended to be investing advice

2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

See the original post:
Beyond Encryption: How QRL's Quantum-Safe Blockchain Technology Offers A Long-Term Solution To Quantum Ri - Benzinga