In December, after a somewhat bruising Senate hearing with Facebook, I argued that the fight over encryption was just beginning. This week, with India poised to unveil new rules that threaten encrypted communications around the world, it seems safe to say that the encryption fight is now fully underway.
First, some background.
Messaging products that are end-to-end encrypted can be read only by the sender and the recipient. The encrypted platform itself such as Apples iCloud, or Facebooks WhatsApp cant read the message, because it doesnt have a key. This has led to periodic attempts from law enforcement agencies and lawmakers to force platforms to create so-called backdoors that would allow them to snoop on the contents of those messages. But the platforms have resisted, and the issue has generally been in a stalemate.
In India, though, things are moving very quickly to make end-to-end encryption illegal. The country has sought to exert more control over the internet in the wake of lynchings committed after false rumors spread on WhatsApp. But the Indian government has often taken a draconian approach to regulating the web shutting down internet access at least 95 times last year, including an indefinite shutdown in Kashmir that a judge called an abuse of power earlier this year.
Now a set of rules proposed a little over a year ago would force tech platforms to cooperate continuously with government requests, without requiring so much as a warrant or court order. Among the requirements is that any post be traceable to its origin. And in what is believed to be a world first, the rules would require tech companies to do the investigating to deploy their sophisticated tools to track a posts spread on their network back to its point of origin, and then turn that information over to law enforcement.
This is quite different from the current approach, in which law enforcement identifies a suspect and then asks platforms to supply information about them. Now tech companies could essentially be required to serve as deputies of the state, conducting investigations on behalf of law enforcement, without so much as a court order.
That almost certainly means breaking encryption how else could tech companies be expected to trace the source of a message? Imagine Clearview AI, but as a service tech companies are required to provide to law enforcement for free, and you start to understand what the Indian government is asking for here.
The final rules are expected to be released imminently, Saritha Roi reports in Bloomberg:
The Ministry of Electronics and Information Technology is expected to publish the new rules later this month without major changes, according to a government official familiar with the matter. [...]
The provisions in the earlier draft had required platforms such as Googles YouTube or ByteDance Inc.s TikTok, Facebook or its Instagram and WhatsApp apps, to help the government trace the origins of a post within 72 hours of a request. The companies would also have to preserve their records for at least 180 days to aid government investigators, establish a brick-and-mortar operation within India and appoint both a grievance officer to deal with user complaints and a government liaison.
The rules would apply to any app with more than 5 million users, including Facebook, YouTube, Twitter, and TikTok. Bloomberg reports that its not clear whether the identities of foreign users would be exempt.
The tech companies are fighting back. A trade group has argued that the rules would represent a severe violation of Indian citizens privacy, and they would almost certainly sue if the rules were implemented as written.
But theres no guarantee that theyll win. And if these rules take effect India wont be the last democracy to implement them. Tech companies will come under increasing pressure to implement a similar system in other Western countries. (Australia seems poised to try to break encryption as well.)
What happens if encryption supporters lose? First, privacy is diminished for billions of users including for activists, dissidents, victims of domestic abuse, businesses, and even government workers who have come to rely on secure messaging.
Second, the move could hurt the tech sector both in India and abroad by making it prohibitively expensive to launch a new business. Who can afford to build a compliance regime that requires the company to accommodate any government request, no matter how small, from day one? In practice, the answer is likely to be only incumbents. Hannah Quay-de la Vallee makes this point here:
If this rule is implemented in India (and potentially copied by other nations) it could force companies to create two types of systems one that uses e2e and one that doesnt. Companies might well justifiably balk at the cost and complexity of that approach and simply build less secure systems. That would weaken the overall safety of the internet ecosystem, harming users around the globe. Alternatively they could remove themselves from the Indian market altogether, depriving 1.2 billion people of state-of-the-art internet security. Neither of these are good outcomes.
Given how many things Americans have to worry about domestically, I understand how a story about Indian internet rules can fly under the radar. But its important to recognize that the spirit thats animating the discussion in India is alive and well in the United States. Threats to privacy are multiplying faster than tech or society can deal with them. In such a world, encryption is one of the last and best tools we have to fight back.
Today in news that could affect public perception of the big tech platforms.
Trending sideways: Facebooks fundraising features, which have led to more than $3 billion in donations since 2015, have generated significant goodwill. But nonprofits are complaining they dont receive enough data about donors to form long-lasting relationships.
Mike Bloomberg is paying some of the biggest meme-makers on the internet to post sponsored content on Instagram promoting his presidential campaign. Hes working with Meme 2020, a company formed by some of the people behind extremely influential accounts, like Mick Purzycki of Jerry Media. Taylor Lorenz at The New York Times has the scoop:
The campaign, which launched this week, has already placed sponsored posts on Instagram accounts including @GrapeJuiceBoys, a meme page with more than 2.7 million followers; Jerry Medias own most popular account, with more than 13.3 million followers; and @Tank.Sinatra, a member with more than 2.3 million followers.
The accounts all posted Bloomberg campaign ads in the form of fake direct messages from the candidate.
Larry Ellison, the founder of Oracle and one of the worlds richest men, is throwing a fundraiser for Donald Trump. Its the most significant display of support from a major tech titan for the president, by far. (Theodore Schleifer / Recode)
Senator Kirsten Gillibrand (D-NY) released a proposal to overhaul the way the US government regulates privacy. Her new Data Protection Act would create an independent agency to protect consumer data at large. (Makena Kelly / The Verge)
A court in Moscow fined Twitter and Facebook 4 million rubles each (a piddling $63,000) for refusing to store the personal data of Russian citizens on servers in their home country. Its the largest penalty imposed on Western technology companies yet under Russias new internet laws, which are designed to give the government more control over peoples online activity. (Associated Press)
A network of news sites is expanding across the country. Nearly 40 websites masquerading as conservative local news outlets were discovered in Michigan in October. Now, additional statewide networks have sprung up in Montana and Iowa. (Katherina Sourine and Dominick Sokotoff / The Michigan Daily)
A mobile voting app used in West Virginia has basic security flaws that could allow someone to see and intercept votes as theyre transmitted from mobile phones to the voting companys server. Its the latest evidence that digital voting solutions are not secure. (Kim Zetter / Vice)
Facebooks dataset of anonymized URLs, which is meant to help researchers study the impact of social media on democracy, is finally live. The project, which allows approved researchers to see every link shared on Facebook, is part of a research partnership with Social Science One. Gary King and Nathaniel Persily of Social Science One talk about why the launch took so long:
When Facebook originally agreed to make data available to academics through a structure we developed (King and Persily, 2019, GaryKing.org/partnerships) and Mark Zuckerberg testified about our idea before Congress, we thought this day would take about two months of work; it has taken twenty. Since the original Request for Proposals was announced, we have been able to approve large numbers of researchers, and we continue to do so. When this project began, we thought the political and legal aspects of our job were over, and we merely needed to identify, prepare, and document data for researchers with our Facebook counterparts. In fact, most of the last twenty months has involved negotiating with Facebook over their increasingly conservative views of privacy and the law, trying to get different groups within the company on the same page, and watching Facebook build an information security and data privacy infrastructure adequate to share data with academics.
Facebooks New Product Experimentation team released a Pinterest-like app for saving and sharing photos of activities like cooking and home improvement projects. The app, called Hobbi, is meant to help you document and remember the things you love to do. Pinterest stock dipped on the news. (Alex Heath / The Information)
Teens are creating thrifting communities on Instagram where they buy and sell clothes in photos and comments. Its like a modern-day eBay. (Mia Sato / Input)
Jeff Bezos bought the most expensive property in LA with an eighth of a percent of his net worth. It is literally impossible to imagine just how rich the wealthiest people on the planet are. (Bijan Stephen / The Verge)
Amazons first employee, Shel Kaphan, says breaking up the company could potentially make sense. In an interview for a new PBS Frontline documentary about Amazon, Kaphan said hes proud of what the company has become, but also conflicted. (Jason Del Rey / Recode)
In 2019, YouTube dominated 70 percent of the total time people spent on their phones watching the top five entertainment apps. Its success is something that companies like Netflix, WarnerMedia, NBCUniversal, and Disney will have to take into account as they compete for peoples attention. (Julia Alexander / The Verge)
The CEO of an AI startup with deep ties to the University of Michigan just stepped down from the company amid allegations of sexual misconduct. But hes still a professor at the school. (Zoe Schiffer / The Verge)
Ezra Kleins new book, Why Were Polarized, charts 50 years of American history to figure out why our political climate is the way it is. It turns out the answer is a lot more complicated than just social media. (Nicholas Thompson / Wired)
New social media advice when going through a breakup: Deactivate your accounts, have a trusted friend change the passwords, and avoid looking back for as long as you can stand it. (Katie Way / Vice)
Im sure theres relevant context here, but Ive decided that I dont care to look it up.
- Beware of a cyber attack - faribaultcountyregister.com | News, Sports, Information on the Blue Earth region - Faribault County Register - February 24th, 2020
- Internet security Market 2020 Global Analysis, Research, Applications and Forecast to 2026 - Jewish Life News - February 24th, 2020
- Letter: It's an election year why isn't cybercrime on voters' minds? - Greenville News - February 24th, 2020
- Vigilantes and private security are policing the internet where governments have failed - The South African - February 24th, 2020
- Best Protection Against File Less Malware and Advanced Threats: Kaspersky Scores Most Top Three Places in 2019 Test Results - Al-Bawaba - February 24th, 2020
- The cannabis industry's next big threat: Hacks and fraud - WICZ - February 24th, 2020
- Straight Talk: That voicemail from the boss might be fake - Canton Repository - February 24th, 2020
- Microsoft patches IE vulnerability being exploited in the wild - SC Magazine - February 24th, 2020
- The best antivirus protection of 2020 for Windows 10 - CNET - February 23rd, 2020
- Vigilantes and private security are policing the internet where governments have failed - The Conversation UK - February 23rd, 2020
- The top UK cyber security companies - Information Age - February 23rd, 2020
- Cyber Minds: Expert Insights on Blockchain and Much More - Government Technology - February 23rd, 2020
- 5G and the Huawei controversy: is it about more than just security? - BBC Focus Magazine - February 23rd, 2020
- Recent IPO Cloudflare Closes Out 2019 Strong and Is Poised for More Growth - Motley Fool - February 23rd, 2020
- For Free Expression in Iran, the U.S. Can Act to Keep the Internet On - Just Security - February 23rd, 2020
- CoinGeek London: When Bitcoin SV came of age - CoinGeek - February 23rd, 2020
- Akamai: API Attacks by Cybercriminals are on the Rise - Media & Entertainment Services Alliance M&E Daily Newsletter - February 23rd, 2020
- What the Hell Is That Device, and Is It Spying on You? This App Might Have the Answer - VICE - February 23rd, 2020
- Most credential abuse attacks against the financial sector targeted APIs - Help Net Security - February 23rd, 2020
- The Cannabis Industrys Next Big Threat: Hacks And Fraud - CBS Denver - February 23rd, 2020
- Google removes nearly 600 ad-ware apps from Play store - Deccan Herald - February 23rd, 2020
- Internet of Things (IoT) Security Market Current Trends, Services, Innovations, Key Features Technology, Company Profiles, Demand, Growth... - February 23rd, 2020
- The Top 7 Network Security Books You Need to Read in 2020 - Solutions Review - February 23rd, 2020
- Cyber Security & Network Security Services - Internet ... - February 18th, 2020
- Google Announced US$1 Million for its Be Internet Awesome Initiative - CISO MAG - February 18th, 2020
- Internet security Market Analysis With Key Players, Applications, Trends and Forecast To 2026 - Instant Tech News - February 18th, 2020
- Cybersecurity Level in the Middle East: An Overview of the Cybersecurity Market State - SCOOP EMPIRE - February 18th, 2020
- Quantum internet: the next global network is already being laid - The Conversation UK - February 18th, 2020
- IC3.gov 2019 Internet Crime Report: Its All About that BEC - Security Boulevard - February 18th, 2020
- Sophos Cloud Optix breakthrough IAM visualization is here - Naked Security - February 18th, 2020
- Stay Safe, Secure And Anonymous Online with The Doe - London Post - February 18th, 2020
- Industry Insight: The CCPAs Elusive Reasonable Security Safe Harbor - JD Supra - February 18th, 2020
- WISeKey Drives Innovations in IoT Security with 23 Strategic Patents in the U.S. - GlobeNewswire - February 18th, 2020
- IT Security Consulting Services Market Size, Share, Types, Growth Strategies, Interactive Components, Key Companies Overview and Forecast Outlook by... - February 18th, 2020
- Market Size of Internet of Things (IoT) Security Product , Forecast Report 2019-2026 - Redhill Local Councillors - February 18th, 2020
- Internet of Things (IoT) Security Market Projected To Witness Vigorous Expansion By 2026 - Instant Tech News - February 18th, 2020
- 40% respondents ready to share personal details on dating apps without meeting person - The News Minute - February 18th, 2020
- How to protect your personal information online during tax season - CTV News - February 18th, 2020
- It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet - The... - February 18th, 2020
- Security of online voting questioned | News, Sports, Jobs - The Daily Times - February 16th, 2020
- This may be the last piece I write: prominent Xi critic has internet cut after house arrest - The Guardian - February 16th, 2020
- An Alternative to Windows 7 - Budapest Business Journal - February 16th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The Indian Express - February 16th, 2020
- Microsoft Patch Tuesday fixes IE zeroday and 98 other flaws - We Live Security - February 16th, 2020
- 'More guidance and regulation': Zuckerberg requests government rules on 'what discourse should be allowed' - Washington Examiner - February 16th, 2020
- Internet of Things (IoT) Security Product Market: Development Factors and Investment Analysis by Leading Manufacturers 2018 2026 - TechNews.mobi - February 16th, 2020
- Our personal health history is too valuable to be harvested by the tech giants - The Guardian - February 16th, 2020
- Cyber Security Today The latest FBI Internet crime report, adware on the rise, attacks on Wi-Fi and more - IT World Canada - February 15th, 2020
- Indias proposed internet regulations can threaten privacy everywhere - The News International - February 15th, 2020
- Antivirus Is Not Enough in 2020: Here is Why - laprogressive.com - February 15th, 2020
- FBI: Cybercrime losses tripled over the last 5 years - We Live Security - February 15th, 2020
- AIoT Convergence of Artificial Intelligence with the Internet of Things - EnterpriseTalk - February 15th, 2020
- Global Internet of Things (IoT) Security Market Key Players, Share, Trend, Segmentation and Forecast to 2026: Cisco Systems, Intel Corporation, IBM... - February 15th, 2020
- Romance scammers stole $475m last year. Here's how to spot them - Verdict - February 15th, 2020
- Safer Internet Day 2020 Together for a better internet - Security Boulevard - February 14th, 2020
- Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony no, not a hacker attack, but because they can't open a safe - The... - February 14th, 2020
- Here's how to avoid becoming a victim of a tax scam - AZ Big Media - February 14th, 2020
- Will Weak Passwords Doom the Internet of Things (IoT)? - Security Intelligence - February 14th, 2020
- Bithumb Employee Found Guilty of Security Failings that Led to Hack - Cryptonews - February 14th, 2020
- Will your vote count? Ohio working to increase election security - WHIO - February 14th, 2020
- Perimeter 81 Introduces SASE Platform This latest offer is based on a partnership with investor and - Channel Futures - February 14th, 2020
- NHS Secure Boundary the next layer of cyber protection for the NHS - Digital Health - February 14th, 2020
- Global Internet of Things (IoT) Security Market Segmentation along with Regional Outlook, Competitive Strategies, Factors Contributing to Growth and... - February 14th, 2020
- North Koreas Internet Use Surges, Thwarting Sanctions and Fueling Theft - The New York Times - February 14th, 2020
- TechForce Aberdeen event to kick off Cyber Scotland Week - The Scotsman - February 14th, 2020
- Security Strategy: Moving Away From Tried and True - Security Boulevard - February 5th, 2020
- Internet Security Software Market investigated in the latest research - WhaTech Technology and Markets News - February 5th, 2020
- What Is Log Management, and Why Is It Important? - Security Boulevard - February 5th, 2020
- Latest Released 2020 Version Of Internet Security Market With Market Data Tables, Graphs, Figures and Pie Chat - TheLoop21 - February 5th, 2020
- Booter Boss Busted By Bacon Pizza Buy - Krebs on Security - February 5th, 2020
- Yet another Windows 10 fail as new update breaks the internet - heres how to fix it - TechRadar India - February 5th, 2020
- 'Formjacking' Is the New Internet Scam We Need to Watch Out For - q985online.com - February 5th, 2020
- Kiwis think benefits of the internet outweigh the negatives - SecurityBrief New Zealand - February 5th, 2020
- GAO: DHS and Agencies Must Work to Improve Cybersecurity - HSToday - February 5th, 2020
- Government to strengthen security of internet-connected products - GOV.UK - January 31st, 2020
- DigiCert Leads Initiative to Enhance EV SSL Certificates - Security Boulevard - January 31st, 2020
- eScan Internet Security Suite - Download - January 30th, 2020
- Internet Security - January 30th, 2020
- Best malware removal software of 2020: free and paid anti-malware tools and services - TechRadar - January 30th, 2020
- Government to strengthen security of internet-connected products - SecurityNewsDesk - January 30th, 2020