In December, after a somewhat bruising Senate hearing with Facebook, I argued that the fight over encryption was just beginning. This week, with India poised to unveil new rules that threaten encrypted communications around the world, it seems safe to say that the encryption fight is now fully underway.
First, some background.
Messaging products that are end-to-end encrypted can be read only by the sender and the recipient. The encrypted platform itself such as Apples iCloud, or Facebooks WhatsApp cant read the message, because it doesnt have a key. This has led to periodic attempts from law enforcement agencies and lawmakers to force platforms to create so-called backdoors that would allow them to snoop on the contents of those messages. But the platforms have resisted, and the issue has generally been in a stalemate.
In India, though, things are moving very quickly to make end-to-end encryption illegal. The country has sought to exert more control over the internet in the wake of lynchings committed after false rumors spread on WhatsApp. But the Indian government has often taken a draconian approach to regulating the web shutting down internet access at least 95 times last year, including an indefinite shutdown in Kashmir that a judge called an abuse of power earlier this year.
Now a set of rules proposed a little over a year ago would force tech platforms to cooperate continuously with government requests, without requiring so much as a warrant or court order. Among the requirements is that any post be traceable to its origin. And in what is believed to be a world first, the rules would require tech companies to do the investigating to deploy their sophisticated tools to track a posts spread on their network back to its point of origin, and then turn that information over to law enforcement.
This is quite different from the current approach, in which law enforcement identifies a suspect and then asks platforms to supply information about them. Now tech companies could essentially be required to serve as deputies of the state, conducting investigations on behalf of law enforcement, without so much as a court order.
That almost certainly means breaking encryption how else could tech companies be expected to trace the source of a message? Imagine Clearview AI, but as a service tech companies are required to provide to law enforcement for free, and you start to understand what the Indian government is asking for here.
The final rules are expected to be released imminently, Saritha Roi reports in Bloomberg:
The Ministry of Electronics and Information Technology is expected to publish the new rules later this month without major changes, according to a government official familiar with the matter. [...]
The provisions in the earlier draft had required platforms such as Googles YouTube or ByteDance Inc.s TikTok, Facebook or its Instagram and WhatsApp apps, to help the government trace the origins of a post within 72 hours of a request. The companies would also have to preserve their records for at least 180 days to aid government investigators, establish a brick-and-mortar operation within India and appoint both a grievance officer to deal with user complaints and a government liaison.
The rules would apply to any app with more than 5 million users, including Facebook, YouTube, Twitter, and TikTok. Bloomberg reports that its not clear whether the identities of foreign users would be exempt.
The tech companies are fighting back. A trade group has argued that the rules would represent a severe violation of Indian citizens privacy, and they would almost certainly sue if the rules were implemented as written.
But theres no guarantee that theyll win. And if these rules take effect India wont be the last democracy to implement them. Tech companies will come under increasing pressure to implement a similar system in other Western countries. (Australia seems poised to try to break encryption as well.)
What happens if encryption supporters lose? First, privacy is diminished for billions of users including for activists, dissidents, victims of domestic abuse, businesses, and even government workers who have come to rely on secure messaging.
Second, the move could hurt the tech sector both in India and abroad by making it prohibitively expensive to launch a new business. Who can afford to build a compliance regime that requires the company to accommodate any government request, no matter how small, from day one? In practice, the answer is likely to be only incumbents. Hannah Quay-de la Vallee makes this point here:
If this rule is implemented in India (and potentially copied by other nations) it could force companies to create two types of systems one that uses e2e and one that doesnt. Companies might well justifiably balk at the cost and complexity of that approach and simply build less secure systems. That would weaken the overall safety of the internet ecosystem, harming users around the globe. Alternatively they could remove themselves from the Indian market altogether, depriving 1.2 billion people of state-of-the-art internet security. Neither of these are good outcomes.
Given how many things Americans have to worry about domestically, I understand how a story about Indian internet rules can fly under the radar. But its important to recognize that the spirit thats animating the discussion in India is alive and well in the United States. Threats to privacy are multiplying faster than tech or society can deal with them. In such a world, encryption is one of the last and best tools we have to fight back.
Today in news that could affect public perception of the big tech platforms.
Trending sideways: Facebooks fundraising features, which have led to more than $3 billion in donations since 2015, have generated significant goodwill. But nonprofits are complaining they dont receive enough data about donors to form long-lasting relationships.
Mike Bloomberg is paying some of the biggest meme-makers on the internet to post sponsored content on Instagram promoting his presidential campaign. Hes working with Meme 2020, a company formed by some of the people behind extremely influential accounts, like Mick Purzycki of Jerry Media. Taylor Lorenz at The New York Times has the scoop:
The campaign, which launched this week, has already placed sponsored posts on Instagram accounts including @GrapeJuiceBoys, a meme page with more than 2.7 million followers; Jerry Medias own most popular account, with more than 13.3 million followers; and @Tank.Sinatra, a member with more than 2.3 million followers.
The accounts all posted Bloomberg campaign ads in the form of fake direct messages from the candidate.
Larry Ellison, the founder of Oracle and one of the worlds richest men, is throwing a fundraiser for Donald Trump. Its the most significant display of support from a major tech titan for the president, by far. (Theodore Schleifer / Recode)
Senator Kirsten Gillibrand (D-NY) released a proposal to overhaul the way the US government regulates privacy. Her new Data Protection Act would create an independent agency to protect consumer data at large. (Makena Kelly / The Verge)
A court in Moscow fined Twitter and Facebook 4 million rubles each (a piddling $63,000) for refusing to store the personal data of Russian citizens on servers in their home country. Its the largest penalty imposed on Western technology companies yet under Russias new internet laws, which are designed to give the government more control over peoples online activity. (Associated Press)
A network of news sites is expanding across the country. Nearly 40 websites masquerading as conservative local news outlets were discovered in Michigan in October. Now, additional statewide networks have sprung up in Montana and Iowa. (Katherina Sourine and Dominick Sokotoff / The Michigan Daily)
A mobile voting app used in West Virginia has basic security flaws that could allow someone to see and intercept votes as theyre transmitted from mobile phones to the voting companys server. Its the latest evidence that digital voting solutions are not secure. (Kim Zetter / Vice)
Facebooks dataset of anonymized URLs, which is meant to help researchers study the impact of social media on democracy, is finally live. The project, which allows approved researchers to see every link shared on Facebook, is part of a research partnership with Social Science One. Gary King and Nathaniel Persily of Social Science One talk about why the launch took so long:
When Facebook originally agreed to make data available to academics through a structure we developed (King and Persily, 2019, GaryKing.org/partnerships) and Mark Zuckerberg testified about our idea before Congress, we thought this day would take about two months of work; it has taken twenty. Since the original Request for Proposals was announced, we have been able to approve large numbers of researchers, and we continue to do so. When this project began, we thought the political and legal aspects of our job were over, and we merely needed to identify, prepare, and document data for researchers with our Facebook counterparts. In fact, most of the last twenty months has involved negotiating with Facebook over their increasingly conservative views of privacy and the law, trying to get different groups within the company on the same page, and watching Facebook build an information security and data privacy infrastructure adequate to share data with academics.
Facebooks New Product Experimentation team released a Pinterest-like app for saving and sharing photos of activities like cooking and home improvement projects. The app, called Hobbi, is meant to help you document and remember the things you love to do. Pinterest stock dipped on the news. (Alex Heath / The Information)
Teens are creating thrifting communities on Instagram where they buy and sell clothes in photos and comments. Its like a modern-day eBay. (Mia Sato / Input)
Jeff Bezos bought the most expensive property in LA with an eighth of a percent of his net worth. It is literally impossible to imagine just how rich the wealthiest people on the planet are. (Bijan Stephen / The Verge)
Amazons first employee, Shel Kaphan, says breaking up the company could potentially make sense. In an interview for a new PBS Frontline documentary about Amazon, Kaphan said hes proud of what the company has become, but also conflicted. (Jason Del Rey / Recode)
In 2019, YouTube dominated 70 percent of the total time people spent on their phones watching the top five entertainment apps. Its success is something that companies like Netflix, WarnerMedia, NBCUniversal, and Disney will have to take into account as they compete for peoples attention. (Julia Alexander / The Verge)
The CEO of an AI startup with deep ties to the University of Michigan just stepped down from the company amid allegations of sexual misconduct. But hes still a professor at the school. (Zoe Schiffer / The Verge)
Ezra Kleins new book, Why Were Polarized, charts 50 years of American history to figure out why our political climate is the way it is. It turns out the answer is a lot more complicated than just social media. (Nicholas Thompson / Wired)
New social media advice when going through a breakup: Deactivate your accounts, have a trusted friend change the passwords, and avoid looking back for as long as you can stand it. (Katie Way / Vice)
Im sure theres relevant context here, but Ive decided that I dont care to look it up.
- Voice recordings from domestic violence alerting app exposed on the internet - Security Boulevard - June 30th, 2020
- The lack of women in cybersecurity puts us all at greater risk - The Next Web - June 30th, 2020
- Cascading Security Through the Internet of Things Supply Chain - Lawfare - June 30th, 2020
- How to Build the Right Security Assessment - Security Boulevard - June 30th, 2020
- Apple may have just changed a key part of how the internet works - TechRadar - June 30th, 2020
- Indians most concerned about identity theft - Fortune India - June 30th, 2020
- Deeper Connect Mini: Decentralized, Private and Secure Internet for the People, launching June 30th on Indiegogo. - Yahoo Finance - June 30th, 2020
- Internet of Things (IoT) Security: Technologies and Global Markets - Yahoo Finance - June 30th, 2020
- Could Donald Trump claim a national security threat to shut down the internet? - Brookings Institution - June 30th, 2020
- Internet of Things Security Market Strategic Insights 2020 with analysis of Leading players: Check Point Security Software Technologies, Cisco... - June 30th, 2020
- Global IT Security Market is accounted for xx USD million in 2019 and is expected to reach xx USD million by 2025 growing at a CAGR of xx% : Blue... - June 30th, 2020
- Internet of Things (IoT) Security Market Size, Share, Growth, Revenue, Global Industry Analysis and Future Demand |Globalmarketers.biz - Cole of Duty - June 30th, 2020
- Surge in encrypted malware prompts warning about detection strategies - SecurityBrief Europe - June 30th, 2020
- NexTech AR to supply its video conferencing and virtual events platform to Dallas Independent School District - Proactive Investors UK - June 30th, 2020
- Dutch people are least concerned about safety, survey reveals - IamExpat in the Netherlands - June 30th, 2020
- Only 31% of Americans concerned with data security, despite 400% rise in cyberattacks - TechRepublic - June 24th, 2020
- WatchGuard Technologies Report Finds Two-Thirds of Malware is Encrypted, Invisible Without HTTPS Inspection - GlobeNewswire - June 24th, 2020
- How To Turn Off Firewall In Windows And Mac - Ubergizmo - June 24th, 2020
- OTF's Work Is Vital for a Free and Open Internet - EFF - June 24th, 2020
- Microsoft acquires CyberX to bolster Azure IoT security - Internet of Things News - IoT Tech News - June 24th, 2020
- Partner Content: ESET and Spire Technology on why you need a Password Manager - PCR-online.biz - June 24th, 2020
- Internet of Things (IoT) Security Market to Witness Robust Expansion Throughout the Forecast Period 2020 2025 - 3rd Watch News - June 24th, 2020
- Google is on a mission to stop you from reusing passwords - The Verge - June 24th, 2020
- Marking the 30th Anniversary of the Internet and Cybersecurity Treaty - CircleID - June 24th, 2020
- The Cyberlaw Podcast: Using the Internet to Cause Emotional Distress is a Felony? - Lawfare - June 24th, 2020
- DDoS Protection Market 2020 | How The Industry Will Witness Substantial Growth In The Upcoming Years | Exclusive Report By MRE - Cole of Duty - June 24th, 2020
- Julian Assange Extradition and the Freedom of Bitcoin Bitcoin... - Bitcoin Magazine - June 24th, 2020
- How to become a web developer? - The Tribune - June 24th, 2020
- Frost & Sullivan Report Finds BlackBerry Solutions Address 96% of the Enterprise Threat Landscape - PRNewswire - June 24th, 2020
- EAC to evaluate testing and certification of non-voting equipment - Politico - June 24th, 2020
- Global IT Security Spending Market Projected to Reach USD XX.XX billion by 2025- Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - June 24th, 2020
- OPAQ Webinar to Share Lessons Learned and Best Practices from Zero Trust Migration Project with TTX Company - Business Wire - June 24th, 2020
- Global Internet of Things (IoT) Security Technology Market 2020 Analysis, Types, Applications, Forecast and COVID-19 Impact Analysis 2025 - NJ MMA... - June 24th, 2020
- Put Your Risk on Mute: Using PKI to Simplify Remote Workforce Security - Hashed Out by The SSL Store - Hashed Out by The SSL Store - June 24th, 2020
- NetNumber Expands Industry Recognized Signaling Firewall to Protect SIP Connections - GlobeNewswire - June 24th, 2020
- How to fight back against Covid-19 scams - Global Banking And Finance Review - June 24th, 2020
- What Will The Crypto Market Look Like In A Post COVID-19 Economy? | Coin Insider - Coin Insider - June 24th, 2020
- US: Congress Should Back Open Technology Fund - Human Rights Watch - June 21st, 2020
- David Pratt: Will the next global pandemic take place online? - The National - June 21st, 2020
- Global Internet of Things (IoT) Security Industry Market Insights, Opportunity, Analysis, Market Shares & Forecast 2020 2027 - 3rd Watch News - June 21st, 2020
- Facial recognition to play key role in travel reopening as biometrics industry weighs social responsibility - Biometric Update - June 21st, 2020
- 'IT Act does not protect freedom of speech' - The Sunday Guardian - June 21st, 2020
- In Depth Analysis and Survey of COVID-19 Pandemic Impact on Global Distributed Denial Of Service (DDoS) Protection Market 2020 Key Players A10... - June 21st, 2020
- Cyber Liability Insurance Market (USD 4.6 Billion) Will Grow At A CAGR of 11.12% During Forecast Period 2020-2025 (Impact Analysis of COVID-19) - 3rd... - June 21st, 2020
- Internet of Things Security Market research report presents a thorough study on the overall market by Application Forecast To 2020 - Surfacing... - June 21st, 2020
- Global Internet of Things (IoT) Security Product Market 2020 SWOT Analysis & Key Business Strategies by Leading Industry Players and Forecast 2025... - June 21st, 2020
- Knoxville still quiet on ransomware attack and what's being done to fix it - Knoxville News Sentinel - June 21st, 2020
- Indias digital workforce needs secure software. Testing, not banning apps, is the answer - ThePrint - June 21st, 2020
- Bolton book can be released, but conduct 'raises grave national security concerns' - ABC News - June 21st, 2020
- Broadband Connection Disconnected: Things You Can Do To Fix It - TelecomTalk - June 21st, 2020
- Former Google CEO Eric Schmidt says there's 'no question' Huawei routed data to Beijing - CNBC - June 21st, 2020
- Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More - WIRED - June 21st, 2020
- Internet Security Software Market: Qualitative Analysis of the Leading Players - News by aeresearch - June 11th, 2020
- Global Internet Security Market 2020 by Manufacturers, Size, Development Analysis, Applications and Forecast to 2025 - Cole of Duty - June 11th, 2020
- Internet Security Software Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole of... - June 11th, 2020
- Internet Security Software Market Impact Of Covid-19 And Benchmarking. - Personal Injury Bureau UK - June 11th, 2020
- Drivers is Responsible to for Increasing Internet Security Software Market Share, Forecast 2027 - Cole of Duty - June 11th, 2020
- Webroot Internet Security with Antivirus Protection Software | 3 Device | 1 Year Subscription | PC Download - The Report - June 11th, 2020
- Endpoint Security Market to Cross US$ 10,026 MN by 2026, Growing Adoption of Work from Home Services to Favor Growth: Fortune Business Insights -... - June 11th, 2020
- Internet of Things (IoT) Security Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole... - June 11th, 2020
- Yukon's Gurdeep Pandher tries to spread some joy on social media - Lindsay Advocate - June 11th, 2020
- Microsoft Windows users in UAE advised to install security updates - Khaleej Times - June 11th, 2020
- Clear guidelines for remote work will boost security and control access - TechRepublic - June 5th, 2020
- Mozilla Funds Meething to Help Fix the Internet - GlobeNewswire - June 5th, 2020
- The Internet of Bodies is here. This is how it will change our lives - World Economic Forum - June 5th, 2020
- Crowdstrike CEO explains how the future of remote work and security will look - CNBC - June 5th, 2020
- Mocana Recognized as Industry Leader in Cybersecurity and the Industrial Internet of Things - GlobeNewswire - June 5th, 2020
- SC Awards Europe 2020 - CISO/CSO of the Year - SC Magazine UK - June 5th, 2020
- Spike in cryptojacking attempts on devices here, says cyber-security firm - The Straits Times - June 5th, 2020
- The impact of spycraft on how we secure our data - ComputerWeekly.com - June 5th, 2020
- 4 Common Online Frauds That You Need to Know - Techjaja - June 5th, 2020
- This $350 "Anti-5G" Device Is Apparently Just a USB Stick - WIRED - June 5th, 2020
- Cloud DDoS Mitigation Software Market Potential Growth, Share, Demand And Analysis Of Key Players- Analysis Forecasts To 2026 - Cole of Duty - June 5th, 2020
- India wants to be a 'partner of the global economy' in its manufacturing push, minister says - CNBC - June 5th, 2020
- Amid the COVID-19 crisis and the looming economic recession, the Web Content Filtering market worldwide will grow by a projected US$3 Billion, during... - June 5th, 2020
- Mozilla VP of IT: How to stay secure while remote working - BusinessCloud - June 5th, 2020
- 6 ways to delete yourself from the internet - CNET - June 5th, 2020
- Is COVID-19 Making the Internet Sick? - Government Technology - May 27th, 2020
- Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com - May 27th, 2020
- $100 million in bounties paid by HackerOne to ethical hackers - BleepingComputer - May 27th, 2020