Fwd: Take action! Protect end-to-end encryption

fuzzyTew fuzzytew at gmail.com
Thu Jun 22 15:33:35 PDT 2023

---------- Forwarded message ----------
From: "Miriam Bastian, FSF" <info at fsf.org>
Date: Thu, 22 Jun 2023 17:14:16 -0400
Subject: Take action! Protect end-to-end encryption

*Read and share online:

**How do we counter the dangers resulting from the ongoing, worldwide
legislation like Chat control, the EARN IT Act, and the so-called "Online
Safety Bill" that threatens end-to-end encryption, and privacy in general?
Take action! Write a letter to the appropriate agencies to let them know
that you value your privacy and the privacy of the people around you, and
remind them of their duty to protect it.**

In our [introduction][1] to this series of articles on privacy, we
highlighted how, although we may have nothing to hide, we do have
everything to protect. We asked you to help strengthen end-to-end
encryption by using it, and we listed various free software tools that
you can use and share. This article is the second part of this series,
and it targets the question of how to counter the dangers resulting
from the ongoing, worldwide legislation that threatens end-to-end
encryption, and privacy in general. The list is long: [Chat
control][2] in the EU, the [*EARN IT Act*][3] in the US, and the
so-called "[*Online Safety Bill*][4]" in the UK all require a backdoor
that would allow companies and governments to monitor end-to-end
encrypted communication. The [*STOP CSAM Act*][5], introduced in the
US Congress in April, tries to hold end-to-end encryption providers
liable for the hosting of child sexual abuse material (CSAM) and opens
the door for civil lawsuits against platforms for facilitating the
distribution of CSAM if they refuse to give law enforcement the keys
to decrypt user communications.

[1]: https://www.fsf.org/blogs/community/we-have-nothing-to-hide-only-everything-to-protect
[2]: https://www.eff.org/deeplinks/2022/10/eu-lawmakers-must-reject-proposal-scan-private-chats
[3]: https://www.eff.org/deeplinks/2023/05/eff-letter-congress-oppose-earn-it-act-and-stop-csam-act
[4]: https://www.theregister.com/2023/04/18/wrong_time_to_weaken_encryption/
[5]: https://cyberlaw.stanford.edu/blog/2023/04/stop-csam-act-anti-encryption-stalking-horse

Meanwhile, India's new cybersecurity order [*CERT-In*][6] is driving
VPN services and other privacy-concerned internet service providers
out of the country because it requires the providers to keep logs of
users. In Australia, the [*Telecommunications and Other Legislation
Amendment (Assistance and Access) Act* (TOLA)][7] from 2018 already
allows law enforcement and intelligence agencies to request or demand
assistance from communications providers to access encrypted
communications. The fact that the *TOLA Act* provides the legal
standing to decrypt messages led to a [collaboration between the
Federal Bureau of Investigation and the Australian Federal Police][8]
and thereby granted the FBI power it has long desired to have in its
domestic territory. In 2021, the [*Surveillance Legislation Amendment
(Identify and Disrupt) Act*][9] added even broader powers to this
which allow the Australian Federal Police to [modify data][10] on
accounts or devices of suspects, no matter if they are encrypted or
not. But departmental representatives still [claim][11] end-to-end
encryption is detrimental to public safety. The example of Australia
shows that giving way to the claims of those who prioritize illusory
safety over privacy is no option. They won't stop after passing one
bill. On the contrary, they will demand you to surrender your
fundamental right to privacy bit by bit, more and more.

[6]: https://www.eff.org/deeplinks/2022/12/india-requires-internet-services-collect-and-store-vast-amount-customer-data
[7]: https://www.zdnet.com/article/australias-tangle-of-electronic-surveillance-laws-needs-unravelling/
[8]: https://www.zdnet.com/article/australias-encryption-laws-used-by-afp-in-countrys-most-significant-operation-in-policing-history/
[9]: https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/surveillance-legislation-amendment-identify-and-disrupt-act-2021
[10]: https://theconversation.com/facebook-or-twitter-posts-can-now-be-quietly-modified-by-the-government-under-new-surveillance-laws-167263
[11]: https://www.itnews.com.au/news/home-affairs-says-end-to-end-encryption-is-detrimental-to-public-safety-575431

## Take action

This April, Senator Lindsey Graham re-introduced the [*EARN IT
Act*][21] for the third time, after the bill had been successfully
defeated twice in 2020 and 2022. The bill is now with the House and
the Senate for consideration. Fight for the Future sponsored a
petition which can unfortunately only be signed using nonfree
JavaScript. But you can write your senators urging them to reject the
*EARN IT* Act.

In addition, the [*STOP CSAM Act*][22], introduced in the Congress in
April, tries to hold end-to-end encryption providers liable for the
distribution of child sexual abuse material although it is not clear
how providers should detect child exploitation conduct in encrypted

There was also the [*Lawful Access to Encrypted Data Act*][23] that
aimed at requiring "certain technology companies to ensure that they
can decode encrypted information on their services and products in
order to provide such information to law enforcement." Luckily, this
bill died 2021 in Congress but it could be re-introduced or included
in another bill any time.

Furthermore, [there is reason to fear][24] that the [*Kids Online
Safety Act*][25], which was reintroduced in the US Congress at the
beginning of May, will prompt platforms to require all users to upload
identity verification documentation or biometric information to
validate their age because the bill lacks guidance on how else
platforms shall predict if the videos, pictures, or text on the
platform might have a negative impact on minors. This is not related
to encryption, but it is definitely a bill we should watch, as it
would impact our privacy if it passes.

[21]: https://www.congress.gov/bill/118th-congress/house-bill/2732?q
[22]: https://www.congress.gov/bill/118th-congress/senate-bill/1199
[23]: https://www.congress.gov/bill/116th-congress/senate-bill/4051
[24]: https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-danger-our-rights-online
[25]: https://www.blackburn.senate.gov/services/files/D89FC49B-0714-4124-B8B1-4F35A85F5E02

Let the representatives of your government know that end-to-end
encryption and privacy are vital. Here is a sample letter that you can
adapt to your needs:

Dear Chairman Jordan, Ranking Member Nadler, and members of the Committee,

Thank you for all the work you do as senators. Today, I am appealing to
you to uphold the right to privacy and to safeguard end-to-end
encryption. Only with encryption can we guarantee fundamental rights
as privacy, freedom of the press, and freedom of opinion and
expression. End-to-end encryption is vital for a free society like the

I am deeply concerned about the re-introduced *EARN IT Act* and the
*STOP CSAM Act*. Section 5(7)(A) and (B) of the *EARN IT Act*
encourage courts to deem providers of encryption services guilty of
acting recklessly or negligently and not preventing CSAM crimes only
because they offer end-to-end encrypted services. Similarly, the *STOP
CSAM Act* tries to hold end-to-end encryption providers liable for the
distribution of child sexual abuse material. In order to prevent this
accusation, providers would have to insert a backdoor in their
encryption service to screen messages en masse. Once a backdoor is
installed however, it *will* be abused by criminals and state actors,
and the encryption won't protect users' privacy anymore. As Matthias
Pfau, entrepreneur and privacy advocate, rightfully said: "Encryption
is either securing everyone or it is broken for everyone."

Neither the *EARN IT Act* nor the *STOP CSAM Act* will serve the goal
to prevent and combat child sexual abuse because criminals are simply
able to use cryptographic tools that don't comply with the law

I urge you to oppose both the *EARN IT Act* and the *STOP CSAM Act*
and to prevent any law that will try to insert a backdoor in
end-to-end encryption.

Thank you for your consideration.

[Your name and signature]

For an alternative text, see the [sample message][26] of the
Electronic Frontier Foundation's Action Center.

[26]: https://act.eff.org/action/the-earn-it-act-is-back-seeking-to-scan-us-all/

Send your letter to:
Chairman Jim Jordan
Committee on the Judiciary
United States Senate
711 Hart Senate Building
Washington, D.C. 20510


Ranking Member Jerrold Nadler
Committee on the Judiciary
United States Senate
135 Hart Senate Office Building
Washington, D.C. 20510

Post your letter on [social media][27] to inspire others to do the
same. Others might especially benefit from letters that are adapted to
the specific legislation of your country and/or translated into your
mother tongue. If you email such letters to <campaigns at fsf.org>, we may
attach them to the [blog article][29] as a template for others citing your
name, if you give us permission to do that.

[27]: https://www.fsf.org/share
[29]: https://www.fsf.org/blogs/community/take-action-protect-end-to-end-encryption

In freedom,
Miriam Bastian
Program Manager

* Follow us on Mastodon at <https://hostux.social/@fsf>, GNU social at
  <https://status.fsf.org/fsf>, PeerTube at
<https://framatube.org/accounts/fsf/video-channels>, and on Twitter at
* Read about why we use Twitter, but only with caveats:
* Subscribe to our RSS feeds: <https://fsf.org/blogs/RSS>
* Join us as an associate member: <https://www.fsf.org/jf>
* Read our Privacy Policy:

More information about the cypherpunks mailing list