Tag: encryption

Florida’s New Social Media Bill Says the Quiet Part Out Loud and Demands an Encryption Backdoor

At least Florida’s SB 868/HB 743, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” Usually these sorts of sweeping mandates are hidden behind smoke and mirrors, but this time it’s out in the open: Florida wants a backdoor into any end-to-end encrypted social media platforms that allow accounts for minors. This would likely lead to companies not offering end-to-end encryption to minors at all, making them less safe online.

Encryption is the best tool we have to protect our communication online. It’s just as important for young people as it is for everyone else, and the idea that Florida can “protect” minors by making them less safe is dangerous and dumb.

The bill is not only privacy-invasive, it’s also asking for the impossible. As breaches like Salt Typhoon demonstrate, you cannot provide a backdoor for just the “good guys,” and you certainly cannot do so for just a subset of users under a specific age. After all, minors are likely speaking to their parents and other family members and friends, and they deserve the same sorts of privacy for those conversations as anyone else. Whether social media companies provide “a mechanism to decrypt end-to-end encryption” or choose not to provide end-to-end encryption to minors at all, there’s no way that doesn’t harm the privacy of everyone.

If this all sounds familiar, that’s because we saw a similar attempt from an Attorney General in Nevada last year. Then, like now, the reasoning is that law enforcement needs access to these messages during criminal investigations. But this doesn’t hold true in practice.

In our amicus brief in Nevada, we point out that there are solid arguments that “content oblivious” investigation methods—like user reporting— are “considered more useful than monitoring the contents of users’ communications when it comes to detecting nearly every kind of online abuse.” That remains just as true in Florida today.

Law enforcement can and does already conduct plenty of investigations involving encrypted messages, and even with end-to-end encryption, law enforcement can potentially access the contents of most messages on the sender or receiver’s devices, particularly when they have access to the physical device. The bill also includes measures prohibiting minors from accessing any sort of ephemeral messaging features, like view once options or disappearing messages. But even with those features, users can still report messages or save them. Targeting specific features does nothing to protect the security of minors, but it would potentially harm the privacy of everyone.

Keep reading

UK Tribunal Blocks Government’s Attempt to Keep Apple Surveillance Case Secret

With a necessary reality check, a UK tribunal has told the government that, no, it cannot hold a secret legal battle against Apple over encryption. The Investigatory Powers Tribunal (IPT), the body meant to oversee the country’s surveillance powers, has dismissed efforts by the Home Office to keep the entire case hidden from public view. And in doing so, it has delivered a quietly important win for press freedom and digital rights. Although, things are far from over.

The case revolves around Apple’s Advanced Data Protection system, or ADP. It’s a security feature that gives users the option to encrypt their iCloud data in a way that even Apple itself cannot access. Not through a backdoor, not with a master key, not at all. It’s the kind of robust end-to-end encryption that governments around the world have grown increasingly nervous about.

The UK, it turns out, is no exception.

Keep reading

European Commission Revives Push for Encryption Backdoors in ProtectEU Strategy, Framing Mass Surveillance as “Lawful Access”

The EU is once again looking for a way to undermine end-to-end encryption in the name of strengthening law enforcement capabilities, this time via a new strategy, ProtectEU.

The internal security strategy, announced this week by the EU Commission, is presented as a “vision and workplan” that will span a number of years but stops short of making concrete policy proposals.

A press release asserts that the current geopolitical environment is one of “growing” threats from hostile states, and mentions powerful criminal groups and terrorists who are “operating increasingly online” – as well as “surging cybercrime and attacks against our critical infrastructure.”

With the threat elements defined in this way, the EU’s new strategy focuses on six areas, one of them being “more effective tools for law enforcement” – which is where online encryption comes under attack.

When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”

A technology roadmap on encryption would allow for these “solutions” to be found. The EU is not alone in searching for mechanisms to, eventually, legislate against encryption, but these initiatives are invariably met with warnings from both tech companies and civil rights and privacy advocates.

The key issue is that encryption provides both for private communications (which is what law enforcement wants access to) and also the technical security of those communications, financial transactions, etc.

The new EU strategy promises that cybersecurity and fundamental rights will be protected as a future encryption backdoor is implemented.

Keep reading

Predictable: The Atlantic Praised Signal App as the “Gold Standard” in 2017 and Admitted Obama, Hillary and Trump Staffers All Used It

It wasn’t that long ago that Democrats praised Signal App as the “gold standard” of encrypted messaging.

It was The Atlantic that published the report praising Signal and in the report they admit that Hillary Clinton and Obama staffers used the app.

Despite all of this, Democrats are trying desperately to make “Signalgate” a thing.

The same group that allowed 20 million unvetted illegals into the country want you to think they believe in national security.

Keep reading

Denver mayor and staff used encryption app to discuss migrant crisis, then auto-deleted messages. Trump policies prompted move, says spokesperson

Denver Mayor Mike Johnston and 14 of his top advisors, appointees and lawyers nicknamed themselves “Strike Force” and communicated about the city’s migrant crisis through an end-to end encryption app, CBS News Colorado has learned. The app, Signal, proceeded to automatically delete their initial conversations.

A spokesperson for Johnston said the Signal messaging was prompted by President Trump and how his administration “could have significant impacts on how Denver operates.”

The use of such messaging apps by government officials has been controversial and viewed as a way to avoid public disclosure of government decision making. In Michigan, after state police leaders were found in 2021 to be using Signal on state-issued phones, state lawmakers outlawed the use of encrypted messaging on state phones.

“It’s unlawful and it’s breaking the law,” said Steven Zansberg, a Denver attorney who specializes in First Amendment and open records law, and reviewed some of the records obtained by CBS News Colorado.

Jeff Roberts, director of the Colorado Freedom of Information Coalition, characterized what the CBS investigation found as an intentional effort to undermine Colorado’s open records law.

“This is not transparent,” said Roberts.

Keep reading

France’s Encryption Crackdown Could Break Secure Messaging for Everyone

France is attempting to pass a new surveillance law requiring the inclusion of secret encryption backdoors by providers, to serve intelligence agencies and police.

Critics say this attack on secure communications is the worst of its kind in the European Union (EU) and are urging citizens to put pressure on lawmakers to prevent the adoption of the so-called Narcotrafic law, which has cleared the country’s Senate and is now in the National Assembly.

Among those raising the alarm over the law is the well-known end-to-end encrypted email service Tuta, which reiterates the fundamental argument against building any backdoors into any encrypted app – something that French legislators now need to hear: once broken for one, encryption is broken for all.

“A backdoor for the good guys only is not possible,” says a blog post on Tuta’s site.

It adds that the idea to give law enforcement the ability to remotely activate cameras and microphones, expand “black boxes” authorization, and further facilitate online censorship (allegedly only related to the use and sale of drugs) might be presented by those behind the proposed law as needed to fight organized crime – but that, at the same time, it goes against a number of existing laws.

Keep reading

Apple Pulls Privacy Protections For UK Citizens After The UK Is the First Country to Demand a Backdoor Into Your Private Data

Apple has effectively told the UK government to get lost when it comes to inserting a worldwide surveillance backdoor into its iCloud encryption. Instead of playing along with Britain’s ever-expanding digital police state, the tech giant has chosen to pull its most secure data protection feature — Advanced Data Protection (ADP) — for users in the UK. Because nothing says “we respect your privacy” like stripping away the very feature designed to protect it.

The whole mess started when the British government, wielding the notoriously invasive Investigatory Powers Act (a law that might as well be named the “We Own Your Data Act”), demanded that Apple sabotage its own encryption. The UK’s authorities wanted a golden key to every citizen’s iCloud storage, under the guise of “public safety.” But here’s the wider issue: the directive wouldn’t only affect Brits — it would have compromised Apple’s encryption system worldwide.

This was an attempt to strong-arm one of the world’s most powerful tech companies into submission, setting a precedent that could crack open user privacy like an egg.

Rather than comply, Apple responded with a very diplomatic version of hell no. Instead of weakening encryption for everyone, the company opted to remove ADP from the UK entirely. In a statement that practically oozed frustration, Apple declared:

“We are gravely disappointed that the protections provided by Advanced Data Protection will not be available to our customers in the United Kingdom, given the continuing rise of data breaches and other threats to customer privacy.”

They continued, insisting that they remain committed to offering users “the highest level of security” and expressing “hope” that they’ll be able to restore ADP in the UK at some point in the future. That’s corporate-speak for, maybe when your current government stops acting like the digital arm of Big Brother.

Keep reading

Undercover Video: Department of Education Operating Rogue ‘Sanctuary Program’ For Illegal Aliens, Hiding Secrets from DOGE on Encrypted App

Project Veritas released undercover video of Travis Combs, Branch Chief for Applied Innovation and Improvement at the US Department of Education, describing how the agency is hiding secrets from Congress and DOGE by communicating on encrypted app, Signal.

“It’s insanity. ‘Democracy Falling’ should be the title of the movie,” Travis Combs, a 5-year veteran at the department said.

Travis Combs told the undercover PV reporter that federal employees in the DOE are evading Congress and oversight.

“The one nice thing about the program that I work in is that we don’t ask [citizenship] status, and we’ve been able to keep that out of our federal statute. So, we don’t ask them when they enroll what their status is,” Combs told the PV reporter.

“If Congress actually knew that we don’t have [citizenship requirements] … there would be a lot of uproar…” Travis Combs told the undercover PV journalist.

Combs told the undercover journalist that Department of Education employees are purposely chatting on encrypted app Signal to hide their conversations from any oversight.

“If you want to have a conversation with somebody, you do have to take it offline, but you’re not supposed to. So, everybody uses… an app called Signal now,” he said.

Keep reading

FBI Nominee Kash Patel Vows to End Censorship Collusion, Slams Wiretaps, and Pledges Section 230 Work

FBI Director nominee Kash Patel’s Senate confirmation hearing on Thursday was a chance to learn about the direction the agency would take after a number of years filled with controversies linked to online censorship.

Patel addressed several of these issues, including the suppression of the Hunter Biden laptop stories and the FBI’s role in the scandal – which he said would not repeat going forward.

Patel also spoke against the FBI attempting to pressure Big Tech to get these companies to censor content, as well as against wiretapping political candidates and their staff – but also pledged to work with Senator Richard Blumenthal in order to bring potentially controversial changes to Section 230 that could jeopardize end-to-end encryption.

Senator Lindsey Graham, a Republican, was on the confirmation hearing panel and recalled that in October 2020 – a month before the election – the FBI was among those who worked to falsely present Hunter Biden laptop story as “Russian disinformation.”

Keep reading

Five Eyes Urges Broader Censorship Under “Protect the Children” Campaign

A network facilitating spy agencies’ intelligence-sharing between the US, UK, Canada, Australia, and New Zealand, known as Five Eyes, has its sights set on encryption, and proceeding from that, also online anonymity.

Even more online censorship would also not be a bad idea – these are some of the highlights from the first public-facing paper the organizations behind this group have published.

We obtained a copy of the paper for you here.

And Five Eyes is not above promoting its ultimate and much more far-reaching goals by using the good old “think of the children” – the paper’s title is, Young People and Violent Extremism: A Call for Collective Action.

Both it and an accompanying press release choose to consider online encryption as merely a tool used by criminals. At the same time, the paper is ignoring the fact that the entire internet ecosystem, from communications to banking and everything in between, requires strong encryption both for privacy, and security.

But, Five Eyes focuses only on communications, which they vaguely refer to as online environments, and ones that can allow sex offenders access to children, they also mention extremists, and equally vaguely, “other” malign actors.

Keep reading