---------- Forwarded message ---------- From: "Miriam Bastian, FSF" <info@fsf.org> Date: Thu, 22 Jun 2023 17:14:16 -0400 Subject: Take action! Protect end-to-end encryption *Read and share online: <https://www.fsf.org/blogs/community/take-action-protect-end-to-end-encryption>* **How do we counter the dangers resulting from the ongoing, worldwide legislation like Chat control, the EARN IT Act, and the so-called "Online Safety Bill" that threatens end-to-end encryption, and privacy in general? Take action! Write a letter to the appropriate agencies to let them know that you value your privacy and the privacy of the people around you, and remind them of their duty to protect it.** In our [introduction][1] to this series of articles on privacy, we highlighted how, although we may have nothing to hide, we do have everything to protect. We asked you to help strengthen end-to-end encryption by using it, and we listed various free software tools that you can use and share. This article is the second part of this series, and it targets the question of how to counter the dangers resulting from the ongoing, worldwide legislation that threatens end-to-end encryption, and privacy in general. The list is long: [Chat control][2] in the EU, the [*EARN IT Act*][3] in the US, and the so-called "[*Online Safety Bill*][4]" in the UK all require a backdoor that would allow companies and governments to monitor end-to-end encrypted communication. The [*STOP CSAM Act*][5], introduced in the US Congress in April, tries to hold end-to-end encryption providers liable for the hosting of child sexual abuse material (CSAM) and opens the door for civil lawsuits against platforms for facilitating the distribution of CSAM if they refuse to give law enforcement the keys to decrypt user communications. [1]: https://www.fsf.org/blogs/community/we-have-nothing-to-hide-only-everything-... [2]: https://www.eff.org/deeplinks/2022/10/eu-lawmakers-must-reject-proposal-scan... [3]: https://www.eff.org/deeplinks/2023/05/eff-letter-congress-oppose-earn-it-act... [4]: https://www.theregister.com/2023/04/18/wrong_time_to_weaken_encryption/ [5]: https://cyberlaw.stanford.edu/blog/2023/04/stop-csam-act-anti-encryption-sta... Meanwhile, India's new cybersecurity order [*CERT-In*][6] is driving VPN services and other privacy-concerned internet service providers out of the country because it requires the providers to keep logs of users. In Australia, the [*Telecommunications and Other Legislation Amendment (Assistance and Access) Act* (TOLA)][7] from 2018 already allows law enforcement and intelligence agencies to request or demand assistance from communications providers to access encrypted communications. The fact that the *TOLA Act* provides the legal standing to decrypt messages led to a [collaboration between the Federal Bureau of Investigation and the Australian Federal Police][8] and thereby granted the FBI power it has long desired to have in its domestic territory. In 2021, the [*Surveillance Legislation Amendment (Identify and Disrupt) Act*][9] added even broader powers to this which allow the Australian Federal Police to [modify data][10] on accounts or devices of suspects, no matter if they are encrypted or not. But departmental representatives still [claim][11] end-to-end encryption is detrimental to public safety. The example of Australia shows that giving way to the claims of those who prioritize illusory safety over privacy is no option. They won't stop after passing one bill. On the contrary, they will demand you to surrender your fundamental right to privacy bit by bit, more and more. [6]: https://www.eff.org/deeplinks/2022/12/india-requires-internet-services-colle... [7]: https://www.zdnet.com/article/australias-tangle-of-electronic-surveillance-l... [8]: https://www.zdnet.com/article/australias-encryption-laws-used-by-afp-in-coun... [9]: https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/law... [10]: https://theconversation.com/facebook-or-twitter-posts-can-now-be-quietly-mod... [11]: https://www.itnews.com.au/news/home-affairs-says-end-to-end-encryption-is-de... ## Take action This April, Senator Lindsey Graham re-introduced the [*EARN IT Act*][21] for the third time, after the bill had been successfully defeated twice in 2020 and 2022. The bill is now with the House and the Senate for consideration. Fight for the Future sponsored a petition which can unfortunately only be signed using nonfree JavaScript. But you can write your senators urging them to reject the *EARN IT* Act. In addition, the [*STOP CSAM Act*][22], introduced in the Congress in April, tries to hold end-to-end encryption providers liable for the distribution of child sexual abuse material although it is not clear how providers should detect child exploitation conduct in encrypted text. There was also the [*Lawful Access to Encrypted Data Act*][23] that aimed at requiring "certain technology companies to ensure that they can decode encrypted information on their services and products in order to provide such information to law enforcement." Luckily, this bill died 2021 in Congress but it could be re-introduced or included in another bill any time. Furthermore, [there is reason to fear][24] that the [*Kids Online Safety Act*][25], which was reintroduced in the US Congress at the beginning of May, will prompt platforms to require all users to upload identity verification documentation or biometric information to validate their age because the bill lacks guidance on how else platforms shall predict if the videos, pictures, or text on the platform might have a negative impact on minors. This is not related to encryption, but it is definitely a bill we should watch, as it would impact our privacy if it passes. [21]: https://www.congress.gov/bill/118th-congress/house-bill/2732?q [22]: https://www.congress.gov/bill/118th-congress/senate-bill/1199 [23]: https://www.congress.gov/bill/116th-congress/senate-bill/4051 [24]: https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-dang... [25]: https://www.blackburn.senate.gov/services/files/D89FC49B-0714-4124-B8B1-4F35... Let the representatives of your government know that end-to-end encryption and privacy are vital. Here is a sample letter that you can adapt to your needs: Dear Chairman Jordan, Ranking Member Nadler, and members of the Committee, Thank you for all the work you do as senators. Today, I am appealing to you to uphold the right to privacy and to safeguard end-to-end encryption. Only with encryption can we guarantee fundamental rights as privacy, freedom of the press, and freedom of opinion and expression. End-to-end encryption is vital for a free society like the US. I am deeply concerned about the re-introduced *EARN IT Act* and the *STOP CSAM Act*. Section 5(7)(A) and (B) of the *EARN IT Act* encourage courts to deem providers of encryption services guilty of acting recklessly or negligently and not preventing CSAM crimes only because they offer end-to-end encrypted services. Similarly, the *STOP CSAM Act* tries to hold end-to-end encryption providers liable for the distribution of child sexual abuse material. In order to prevent this accusation, providers would have to insert a backdoor in their encryption service to screen messages en masse. Once a backdoor is installed however, it *will* be abused by criminals and state actors, and the encryption won't protect users' privacy anymore. As Matthias Pfau, entrepreneur and privacy advocate, rightfully said: "Encryption is either securing everyone or it is broken for everyone." Neither the *EARN IT Act* nor the *STOP CSAM Act* will serve the goal to prevent and combat child sexual abuse because criminals are simply able to use cryptographic tools that don't comply with the law I urge you to oppose both the *EARN IT Act* and the *STOP CSAM Act* and to prevent any law that will try to insert a backdoor in end-to-end encryption. Thank you for your consideration. Sincerely, [Your name and signature] For an alternative text, see the [sample message][26] of the Electronic Frontier Foundation's Action Center. [26]: https://act.eff.org/action/the-earn-it-act-is-back-seeking-to-scan-us-all/ Send your letter to: Chairman Jim Jordan Committee on the Judiciary United States Senate 711 Hart Senate Building Washington, D.C. 20510 and Ranking Member Jerrold Nadler Committee on the Judiciary United States Senate 135 Hart Senate Office Building Washington, D.C. 20510 Post your letter on [social media][27] to inspire others to do the same. Others might especially benefit from letters that are adapted to the specific legislation of your country and/or translated into your mother tongue. If you email such letters to <campaigns@fsf.org>, we may attach them to the [blog article][29] as a template for others citing your name, if you give us permission to do that. [27]: https://www.fsf.org/share [29]: https://www.fsf.org/blogs/community/take-action-protect-end-to-end-encryptio... In freedom, Miriam Bastian Program Manager -- * Follow us on Mastodon at <https://hostux.social/@fsf>, GNU social at <https://status.fsf.org/fsf>, PeerTube at <https://framatube.org/accounts/fsf/video-channels>, and on Twitter at @fsf. * Read about why we use Twitter, but only with caveats: <https://www.fsf.org/twitter> * Subscribe to our RSS feeds: <https://fsf.org/blogs/RSS> * Join us as an associate member: <https://www.fsf.org/jf> * Read our Privacy Policy: <https://www.fsf.org/about/free-software-foundation-privacy-policy>