347 comments

[ 3.5 ms ] story [ 431 ms ] thread
What I don't see in the writeup, is which senators are voting which way. I can tell from the writeup what Blumenthal thinks of it, but not any other committee participants.

I really wish politicians would embrace a "we will make policies for things we can understand" motto.

> I really wish politicians would embrace a "we will make policies for things we can understand" motto.

I don't think they'd make many policies if that were the case

that isn't a bad thing.
I'm inclined to agree, though I feel they're already pretty hands-off for most things that don't have corporate interest or overreaching power driving them.
It would potentially mean a huge backlog of boring but basically uncontroversial technical legislation, most likely.
That could be a feature or a bug I suppose.
> I don't think they'd make many policies if that were the case

That would be progress.

It doesn't seem like many policies are being made in the first place.
That's assuming policies are made for the good of society, and not the good of the policy makers.
> I really wish politicians would embrace a "we will make policies for things we can understand" motto.

If that were the case we’d have a lot less cockamamie gun laws.

Here's the list of cosponsors, who will presumably vote for it. I don't see the list of committee members who voted for it.

https://www.congress.gov/bill/117th-congress/senate-bill/353...

Pretty even split down the aisle on this one. Which in this case is a bad thing.
I actually see it as hopeful.

If this were polarized, it would mean that no senator could risk offending their base by opposing it. They wouldn't budge in the face of popular outrage.

Since it's bipartisan, it means neither party's base badly wants it to pass (which we would already suspect from our own personal experiences).

Yup, a lot of heavy hitters in there too.
I'd say this is actually pretty partisan if you ignore the mostly imaginary lines between the parties and think in terms of establishment vs. non-establishment.
I'm disappointed that Jacky Rosen (D - Nevada) is a co-sponsor. She's a former software developer and should know better.

I just watched some of the Senate hearing on Log4J and she seemed reasonably together on security, open source etc. I was feeling optimistic that she could become the Senatorial analogue to Judge Alsup[1]! But if she's on board with EARN IT, scratch that idea.

[1] https://www.theverge.com/2017/10/19/16503076/oracle-vs-googl...

I've worked as a software developer for 8 years so far. I have yet to meet a single fellow developer who is privacy-conscious.
At my previous employer, among the 40 or so developer staff worldwide, there were only two of us who used Signal: myself (security focused backend dev) and the devops team security expert. Everyone else: just use WhatsApp so we can all communicate in the same place. Caring about privacy can be exhausting.
It's very hard for security conscious people to attract other people to more privacy conscious platforms. People love the practicality, and don't want to trade for they can't see or understand.

I'd love to use signal, but it'd be a very silent place, and have to have WhatsApp anyway. So, instead of trying to entice others, I just try to win a one small battle at a time, reducing my cross-section step by step, where I can.

I believe that strong E2E encryption is critical to individual privacy, but I also believe that it doesn't really matter when most every nation state can compromise any phone at any time simply by knowing the phone number and sending a zero click SMS or MMS message to that phone.

Until laws are implemented that forbid this and/or security improves to do so, it doesn't matter how good the encryption is if it's running on a fundamentally insecure device.

Well, Whatsapp hasn't done anything egregiously bad yet and they got a lot of goodwill/good PR from their E2E implementation vouched by Moxie et al. So what's the big issue with Whatsapp beyond that the client is not open source?
WhatsApp has already had multimillion euro fines for their privacy practices. Just because it has E2E encryption does not mean it doesn’t sell other data. A company whose business model is to sell your data is going to sell your privacy along with it.

Being open source is nice, but not required for privacy.

https://www.cnbc.com/2021/09/02/whatsapp-has-been-fined-267-...

There are a lot but it seems they slowly become a minority. Large companies priming them to be less careful with user data is an issue here.
Junior senator up for re-election in a marginal state. Chances are that support on this was traded behind the scenes because of party dynamics, or she thinks it will play well with her constituency (which is Nevada, not California or Oregon...).

The personal ideas and knowledge of any given politician are just a starting point for the political choices they make.

> I'm disappointed that Jacky Rosen (D - Nevada) is a co-sponsor. She's a former software developer and should know better.

I don't know why you feel this way - IME software devs are the least likely to care about privacy.

Maybe they've been so acclimatized to being online all the time, or maybe it's because they feel that they aren't at risk.

In any event, the first people to throw away their privacy has always been software developers. Just look at how many of them use Chrome, for example. Or how many of their personal projects are tied to some proprietary tooling that, as a first action, grabs their data.

But software developers know. Surely, surely, there can't be anybody who knows, understands and still supports this stuff‽
Did you forget a /s tag...?

Most people would trade their mother for some shiny - that's why we have laws to protect from predatory behaviour. And software devs are just people, in the end.

Oh come on, I said I was "disappointed", not "outraged" or something more extreme.

But yes, I think that understanding helps, and Judge Alsup, whose programming background informed a sane ruling on copyright and APIs in Oracle vs. Google, is exhibit A.

Alright so here's a question: what makes you think that your (presumably) armchair understanding of the bill in question is better than hers?
> [politicians embrace] "we will make policies for things we can understand"

I wish that too but to be fair: what would any of us be able to make a policy for if we had to really understand the subject first? I'm afraid we'd have to elect about 1 million politicians and let any subset of them make policies about what they are experts about. This is probably what's already going on except nearly everyone in that million is not elected and is part of organizations lobbying for something.

What makes you think they don't understand this?
I haven't tried reading the text of The Act, most of the press about it focuses on E2EE-type messaging systems. So presumably if this passes, Signal would have to move offshore or something? (for example)

But what about HTTPS certificates, would The Act have any effect on them? Would there be any legal issues with (for example) running your own Matrix server?

And what about hosting providers (instead of platforms). Would Amazon be compelled to decrypt HTTPS traffic en-mass that's routed to their machines?

Signal has threatened to exit the US market in the past, IIRC.
Signal would either have to go to China or Russia (where it would dance to their tune) or shut down or quietly comply.

It would be "NoSignal" from this Act on.

because the only countries in existence are USA, China, and Russia.
Russia already has a similar law since 2016, although it's applied selectively to whomever they please rather than to everyone by default. And the guise of the day is terrorism, not child abuse.

When you guys were surprised about Room 641A, Russia already had warrantless surveillance boxes mandatory for every ISP by law.

I've no clue about China, but I'd be very surprised if they're not even worse in this regard.

I very much doubt it. Law enforcement doesn’t seem too concerned about regular old HTTPS.

I wonder why?

HTTPS is not end-to-end encrypted (it kinda would be if we used P2P but we don't) so you can subpoena the server.
> HTTPS is not end-to-end encrypted (it kinda would be if we used P2P but we don't) so you can subpoena the server.

How is https communication not end to end encrypted? And what’s the difference between subpoenaing a server vs an end user? The server is just another person/organization.

Edit: Re-reading this I guess you mean that having a centra server acting as a middle man would probably not be end to end which I agree with. I thought you meant user <—-> server wasn’t end to end.

I think they just mean they can just tell the company who owns the server to give them the data.
A typical example is a chat application served over HTTPS: your communication with the server is encrypted, but the messages sent between you and your friends are passed through the server in the clear (through databases, logging, caching layers, etc.).
It is absolutely end-to-end encrypted. However, one of the ends is usually a server.
I guess it depends on which end we are talking about.

Generally, “end to end encryption” refers to client to client encryption, where the sever routes data but can’t read it.

Your comment is only confusing because E2EE is a term about encryption where no data between two devices can be read by eavesdroppers. HTTPS is indeed end-to-end encrypted between the server and the device. A better way to put it is that HTTPS does not promote E2EE between end-users, which it doesn't intend/pretend to do anyways.
>E2EE is a term about encryption where no data between two devices can be read by eavesdroppers.

That would cover any use of encryption. E2EE is a term used where there is a distinction to be made between access by users at the ends of the system and some other part of the system. Originally used to cover the encrypted email case where there is a lot of "middle" in the form of email servers and a small amount of "end".

The term is often used incorrectly these days for marketing purposes. TLS could be used in an E2EE system, but it is normally not.

Because, it's a massive centralized decrypted data repository, law enforcement can simply ask for the data and the company will hand it over. It's not their data so they don't care to defend it but because of the third party doctrine it's legally their data to hand off w/o your permission.

Peer to peer or end to end encryption removes this trivially easy access, which is why they don't like it.

Companies like Cloudflare exist.
> I wonder why?

NSLs: https://www.eff.org/issues/national-security-letters/faq

Dragnet/Geofence warrants: https://www.nbcnews.com/news/us-news/google-tracked-his-bike... and https://www.logically.ai/articles/geofence-warrants-on-the-r...

Dragnet/Mass-surveillance keyword warrants: https://www.forbes.com/sites/thomasbrewster/2021/10/04/googl...

Dragnet/mass-scanning of online storage: https://www.forbes.com/sites/thomasbrewster/2021/12/20/googl...

PRISM: https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

RAMPART-A: https://en.wikipedia.org/wiki/RAMPART-A

Forced backdoors into "encrypted" email: https://www.theregister.com/2020/12/08/tutanota_backdoor_cou...

And who knows what else is still secret. A good rule of thumb is that if something's in the "cloud" or hosted on someone's computer that you don't directly control, you should assume that LEOs have access to it.

When all the data is centralized, you don't care about the end-point encryption. All you care about is having access to all the databases.

LEOs? Can only think if Low Earth Orbits.
"Law Enforcement Organization."

Edit: "Officer."

My understanding was that it stood for Law Enforcement Officer.
Looks like I've been getting it wrong for years. Thanks.
> LEOs? Can only think if Low Earth Orbits.

It's a catch-all term for all the law enforcement people. There's now so many organizations that can get your data through warrants, and some even without warrants, so that's a convenient term to use. And especially if you're not a citizen/resident of the US since the Fourth Amendment does not apply to you. But it's not like the 4A has stopped them or slowed them down anyway.

https://en.wikipedia.org/wiki/Law_enforcement_officer#United...

None of these are the reason. The reason is that HTTPS traffic is generally between a service provider (i.e., company) and an end user, and the former can be easily subpoenaed and compelled to disclose data during an ongoing investigation into the latter.

The USG doesn't need to (and doesn't bother to) break HTTPS for domestic LEO, because existing mechanisms are easier and approved by the courts.

That's what he was sayin
I don't think it is. The person I'm responding to seems to be implying that the USG doesn't worry about HTTPS because they've broken it or otherwise extralegally subverted it. I'm saying that the USG doesn't worry about HTTPS because they have effective legal mechanisms for domestic investigations, and using extralegal means domestically is more of a headache than it's worth.
> otherwise extralegally subverted it

No, read my comment again. Every one of the links shows a completely legal way to grab someone's data from any company. The whole point of my initial comment was to point out that legal system is so well primed against any privacy pushback that it's irrelevant what data is encrypted in transit. All the repositories and databases are just one NSL away. And NSLs are so easy to get that you don't even need to convince a judge to approve one.

From EFF: https://www.eff.org/issues/national-security-letters/faq

>By using NSLs, the FBI can directly order companies to turn over information about their customers and then gag the companies from telling anyone that they did so. Because the process is secret, and because even the companies can’t tell if specific NSLs violate the law, the process is ripe for abuse.

>A judge does not have to approve the NSL or an accompanying gag order.

>Over 300,000 NSLs have been issued in the past 10 years alone. The most NSLs issued in a single year was 56,507 in 2004. In 2013, President Obama’s Intelligence Review Group reported; that the government continues to issue an average of nearly 60 NSLs every day. By contrast, in 2000 (the year before the passage of the USA PATRIOT Act that loosened NSL standards), 8,500 NSLs were issued.

NSLs can't get access to encrypted content, only metadata. Metadata can also reveal way too much, but we also need to be realistic about this conversation. Law enforcement will abuse every avenue they have (including NSLs), but the GP is also largely right, by and large they'll just go get a rubber stamped subpoena.
I’m the guy who said “law enforcement doesn’t seem to care about HTTPS, I wonder why.”

1. HTTPS relies heavily on DNS. It’s as secure as DNS is. Nuff said.

2. As has been said, there’s law enforcement can get the logs. Not hard.

3. The way the web currently works strongly encourages users to wear a “name tag.” It’s hard to take that name tag off. HTTPS doesn’t help with that.

HTTPS is very important, but has much narrower scope, and chaotic implementation, than most people realize.

> 1. HTTPS relies heavily on DNS. It’s as secure as DNS is. Nuff said.

I don't think this is true: HTTPS (and TLS >= 1.3) provide a suite of protections that mostly address perceived weaknesses in DNS (ECH, ESNI, CT logging, HSTS, etc.).

As for DNS itself: DoH and DoT is widely available, and my understanding is that all major browsers currently support one or the other. I've been using outbound DoH for at least two years at this point via Pi-hole.

I interpreted "law enforcement doesn't seem to care [...]" as a claim that domestic LEO has meaningfully broken HTTPS on general traffic, which I don't believe is the case. But if you meant that they don't care because they have legal access mechanisms that already suit their purposes, then I agree.

Law enforcement is mostly concerned about corporate servers rather than home ones. E2E encryption puts those servers out of their control, hence the pushback.
Most or all of the major trust chains that underpin it are compromised, would be my guess.
May crypto advocates are going about this the wrong way.

Instead of emphasizing that crypto should be protected by freedom of speech, they should acknowledge crypto is a dangerous munition. Therefore it’s protected by the Second Amendment.

The second amendment says the right to bear “arms” will not be abridged. Not firearms.

Shouldn’t that protect crypto?

oi, do you have a loicense for that hashing algo from the ATF?
This is (hilariously) misguided on two fronts:

1. There is a significantly larger body of jurisprudence dedicated to protecting freedom of expression, versus whatever you think the Second Amendment guarantees you.

2. The right to bear arms does not entitle you to specific weapons. That's why you're not allowed to own a nuclear warhead, and why strong encryption was historically on the ITAR munitions list. Arguing that cryptography is a dangerous weapon (it isn't!) is a terrible idea.

encryption is a defensive technology. It's like arguing bulletproof vests are weapons, but what do definitions really mean these days anyway.

Unfortunately, with encryption (and code as speech) - has not been tested at the supreme court as much as most think. It's still an open question to an extent.

Please don't post unsubstantive and/or flamebait comments here.
So basically this is just the government using private companies to do an end run around the 4th amend.?
It's not an end run because the 4th amendment allows warrants.
Not from the US, but I cannot imagine that it allows dragnet surveillance. Since that is common practice, I don't think the 4th amendment doesn't do anything to be honest.
If this passes wouldn't this accelerate the decentralized encrypted communication movement? How can government stop that?
They can't stop the technology itself but they can throw you in jail for the simple act of using it. How dare you resist their surveillance, right?
Imagine if the government forced app stores, anti-virus companies, and OS providers to prevent the installation of "dangerous" applications. How many people are going to jailbreak their phone or run Linux on their laptop in order to install an E2EE chat app?
And even those who do won't have very many people to chat with.
For example, by forcing Apple to remove the apps from the Appstore.

(No sideloading is so great, Apple fanboys here say, no big deal, just do your research and buy another device. )

For example, by forcing Apple to remove the apps from the Appstore.

Apple would fight this all the way to the Supreme Court. This is IMHO a clear violation of the 1st amendment.

With such a conservative Supreme Court, I doubt they would look favorably at restricting speech of a company.

Besides, Apple’s App Store is available in many countries around the world; an American iPhone user could get restricted apps from its App Stores in other countries.

>Apple would fight this all the way to the Supreme Court. This is IMHO a clear violation of the 1st amendment.

I'm not so sure anymore. Apple of yore is dead. They recently announced a plan to scan local files on iPhones against a government created list of hashes. Only after immense backlash did they agree to "delay" the implementation. This had no profit motive for Apple. As a company, the move served to seriously undermine decades worth of security good will. One can only surmise that they did so in preparation for upcoming legislation like this to ensure their compliance, and continued access to said markets. Apple doesn't care about fighting moral wars. They only care about market access and continued profits. If that means removing apps and scanning phones, I think they'll do it without much fuss.

To play devil's advocate, I actually suspect the reason Apple were planning to implement this was because they were intending to start using E2E encryption on iCloud photos, but to keep various governments off their back figured they could placate them by implementing this scanning.
If so, what a monumental PR disaster to not lead with that instead.
They recently announced a plan to scan local files on iPhones against a government created list of hashes.

This is incorrect. Only images uploaded to iCloud would be checked if they matched against multiple CSAM databases.

From the beginning, disabling iCloud Photos disabled this feature.

They painstakingly described the algorithms and encryption behind the plan.

I will remind you that Apple could had given in to the FBI’s request to create a back door to the San Bernardino shooter’s iPhone a few years ago and Apple very publicly told them to pound sand.

Ironically Apple is now suing the company the FBI used to crack that iPhone: https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-...

> This is IMHO a clear violation of the 1st amendment.

The government would argue that they aren't banning speech here; the banned apps can be restored to the app store by complying with the law.

> Besides, Apple’s App Store is available in many countries around the world; an American iPhone user could get restricted apps from its App Stores in other countries.

Not if every other country passes laws along the same lines.

I couldn't care less about Apple's restrictions on apps that are allowed in the App Store, and would uphold Apple's rights to do as they please, if they would stop abusing users' rights and allow running ANY app the user pleases on the device he bought, whether it is in Apple's App Store, Steam store or sideloaded directly.

This wrongful imposing of restrictions on users' freedom to run apps must be stricken down hard.

> No sideloading is so great

Because it improves security... I hate that the loudest voices in our industry so often fail to look beyond the horizon. This is a very predictable weak point.

And mobile security is so great. Not that user data is often exfiltrated by a lot of these vetted apps at all...

Government can not stop criminals to use end-to-end encryption. With this bill only regular internet users loose privacy! This is not how it is represented to Senators and instead they are offered a lie while they do not understand, so we need to act. Crooked forces are behind this!
> and it will let the use of encryption be evidence in lawsuits and criminal trials

How long until the comparisons to East Germany start? America is apparently gearing up for "If you have nothing to hide you have nothing to fear", with many seemingly agreeing with this sentiment.

Perhaps more importantly, how have major journalistic networks not written about this bill in the worst possible light? When your sources want to use encryption, which is reasonable given some stories, this exact excerpt seems likely to bite someone in the ass.

While we're on the subject, I thought I'd heard that American polititians were using Signal? What happens when using encryption becomes ammunition for a lawsuit against them? Do they simply assume they have very, very good lawyers, and it'll all shake out because they don't believe they did (are going to do) anything wrong?

> how have major journalistic networks not written about this bill in the worst possible light?

I was originally going to ponder if it was because today's generation of journalists aren't privacy preserving, freedom of speech maximalists. While there are some that seek to limit freedoms as long as their "side" is on top, I don't think that's it.

The last five years of political discourse has worn us down. We're tired of the back and forth, constant everyday existential crises of democracy. If every day the world is falling apart, then something like this just looks like business as usual.

We're tired. Frankly we wasted energy on stupid things and lost sight of the war. And now they get to ram this horrible, freedom rotting legislation through.

But, if words, hate and disinformation cause what we refer to as harm, don't the ends justify the means?

The collective shout from the new generations is a resounding Yes.

Sadly it's as historically uninformed as it is privileged to believe that words do harm.

I think what `echelon` is trying to say is that regardless of what "side" you're on, this opens the door to be used by both whenever an (arbitrary) precedence presents itself or is "politically expedient".
Of course it is. It's a cynical power play. That's what happens when we spurn universal ideals like freedom of speech, hence "the end justifies the means". My opponents are so harmful, such a threat, that anything must be done, and nothing, including principles, should stand in the way.
(comment deleted)
(comment deleted)
Journalism is dying each day, between naive both-sideism, lazy PR reproductions and entertainment figures in entertainment channels that have "news" in the name

It should go like this: whoever is in favour of this legislation should have no problem showing their private messages in public. Interesting how nobody presents this angle in congress.

That's a good point. Perhaps as well as writing to representatives it could be helpful to write to EG the Washington Post and ask them to cover the issue more extensively.
We don’t really have journalism in the US anymore. Most of the financially healthy ones are owned by foreigners that are actively trying to sabotage our democracy. The remainder are on life support, and are running with something like 10% the number of reporters they used to have.

Also, Godwin's law was repealed years ago, so you may as well compare to the third reich.

Foreigner or us national, all news sourced ultimately serve the interests of their owners.
> it will let the use of encryption be evidence in lawsuits and criminal trials

Is this true? Will use of encryption be evidence of guilt if this thing passes? Incredible.

Exercising the right to avoid self-incrimination is now evidence of incrimination.
If anyone in power in our 3 branches of government was under 80 and actually understood how all of this worked, this would be struck down immediately. Heck, this law would be a non-starter to begin with.
I'm not sure how much this answers your question, but Congress put out a "EARN IT Act Myths and Facts" documents that contains the following text:

> MYTH: The EARN IT Act is simply an attempt to ban encryption. > FACT: The EARN IT Act does not target, limit, or create liability for encryption or privacy services. In fact, in order to ensure the EARN IT Act would not be misconstrued as limiting encryption, specific protections were included in the bill to explicitly state that a court should not consider offering encryption or privacy services as an independent basis for legal liability.

I contacted my representatives. It took 1 minute. Please do it too.
Like our opinions matter. I learned from net neutrality that my representatives will do whatever they want to do, without regard for the peoples wishes.
If enough people write in it can have an effect. It can provide political ammunition for those who are already supportive of your position.

It may sway representatives who haven't made up their minds and want to get relected.

It probably won't change the minds of those who are already fully committed to the other position.

Your one letter won't make much difference. Many letters can sway opinion to some extent.

I also prefer to participate in the process occasionally.

It depends. Some folks do weigh the responses

Some don't. Looking at you Nancy Pelosi & Dianne Feinstein

> If enough people write in it can have an effect.

How do you know?

In the UK at least, we see politicians talking about what their constituents are writing to them about. I suppose they could all be lying.

I've had a letter I wrote to my local MP passed all the way up to central government and received a reply from them. Later, I actually met someone who mentioned a "certain letter" they had to deal with... Which turned out to be the one I'd written!

> I suppose they could all be lying.

It is what they're known for...

> I've had a letter I wrote to my local MP passed all the way up to central government and received a reply from them. Later, I actually met someone who mentioned a "certain letter" they had to deal with... Which turned out to be the one I'd written!

I can see that as being useful to keep the urban legend alive. What I'd like to see is statistical evidence but I'm thinking that might not be available.

It's easier to suppose that some politicians are paying attention to what their voters are motivated enough to write to them about.

How much effect it has in the real world is hard to say of course.

I don't know why you'd think that's easier to suppose. Seems naive. How does listening to you benefit them? Listening to lobbyists, on the other hand...
Listening to me does nothing. I still think local representives pay attention to when many people express concerns.

Lobbying seems to be more of an issue in central government in the UK, not so much at the local level. But I do agree they have outsize influence.

> How does listening to you benefit them? Listening to lobbyists, on the other hand...

Listening to lobbyists (and implementing the stuff they ask for) can only get a politician money to try and buy votes he can use to cling on to his position. People writing in from his constituency, OTOH, are the voters he needs, and listening to their demands and implementing those has a much higher chance of directly giving him their votes.

This same bill was shelved once before due to outcry about it. They just keep putting it back out there (very similar to Net Neutrality). The key is, to continue the pressure each time it's re-introduced (which is hard, yes). But there is some precedent that vocal outcry and campaigns to write representatives does have some impact.
The outcry came from media, not folks writing to politicians. So, write to your favorite news agency instead of/in addition to your "representative"?
If you want to oppose the EARN IT Act, but don't want to spend the time, just use the EFF's "Take Action" page and have them send a prewritten email for you. It really does take just 1 minute. Here's a link to the page to make it even easier: https://act.eff.org/action/stop-the-earn-it-act-to-save-our-...

At a minimum, the congresspeople's aides will tally up the emails received to measure their constituents' reaction to the bill.

If you do have the time, an original email written in your own words might have a greater impact. To determine who your 2 senators and 1 representative are, use these government pages:

- Senators: https://www.senate.gov/senators/senators-contact.htm

- Representative: https://www.house.gov/representatives/find-your-representati...

Prepare a single email and alter it slightly to make it personalized for each of your 3 recipients. Use the form on the senator's or representative's official senate.gov or house.gov website to reach them, and set the category to "Communications" or "Telecommunications". (The form will block your submission if you include a URL, so don't do that.)

Why do people think doing so is effective? Is there any evidence for that?
It's far more effective than doing nothing. Reps keep track of constituent correspondences and tally them by sentiment. It's one of their main ways of gauging where their constituency is on issues. I guarantee boomers who type google searches into google's facebook page are calling up their reps.
> It's far more effective than doing nothing.

Is it though? I'd like to see the science on this.

> I'd like to see the science on this.

Why would you need to? Only if you are saying no amount of voter contact has ever changed any politician's vote on absolutely anything. Is that what you're claiming?

If not, then even a single letter changing a single vote by a single politician is already infinitely more than not doing anything, which won't even change a single vote by a single politician on anything.

QED: No science needed. HTH!

I'm not making a claim, I'm asking why I should believe a claim. I see no reason to.
Yeah, but unless you claim that no politician has ever been the least influenced by his constituency, there's no reason not to.

Of bloody course writing your representative is better than not writing them: It stands at least a chance (however infinitesimal) of accomplishing something. Not doing it doesn't; by definition, it can't. That's a logical syllogism. Logical syllogisms don't need experimental confirmation.

So how could and why would one not believe that doing something is, must be, better than doing nothing? That's not "healthy skepticism", it's turning it into illogical nonsense.

> Of bloody course writing your representative is better than not writing them: It stands at least a chance (however infinitesimal) of accomplishing something.

There is no guarantee that, if it accomplishes “something”, the change it induces will not have negative value. You cannot assess that the action has positive expected value without summing value across all possible outcomes weighted by probability, included negative value outcomes.

The frequent naive assumption that doing something is always better than doing nothing is how proponents of lots of counterproductive policies use real problems as leverage to get them passed.

Does alcohol produce real social harms? Was Prohibition doing something instead of nothing? Was Prohibition a net win?

> There is no guarantee that, if it accomplishes “something”, the change it induces will not have negative value.

So now you're arguing that constituents urging their politicians to do something is more likely to make them do the opposite?

> Does alcohol produce real social harms?

Yes.

> Was Prohibition doing something instead of nothing?

Yes.

> Was Prohibition a net win?

IMO, probably yes.

(The negatives came from anti-Prohibition.)

This could only work if there are monopolies that work with the government. I don't think we're there yet, but it is concerning that lawmakers view this as a viable piece of legislation.

I wish we had a legislature who would recognize the importance of net neutrality to fostering competition. Instead, bills like this seem focused on ensuring monopolies so they can control how they operate.

> This could only work if there are monopolies that work with the government. I don't think we're there yet, but it is concerning that lawmakers view this as a viable piece of legislation.

Google, Microsoft and Apple all work with the government extensively, and they, either alone or together, hold monopoly and oligopoly positions in many markets.

Personally I'm more concerned about the regional broadband monopolies. Google, Microsoft, and Apple won't see sufficient competition if it starts costing more to visit certain websites. That will only entrench the current players.

The current administration is the only thing that's barely holding back Comcast, Verizon etc. from expanding their plans to expand zero-rating across broadband. Eventually there will be another Ajit Pai.

I wish HN was better at evaluating anything around this, HN's response to anything on this topic makes it hard to know what the actual truth is. Maybe this act is as bad as people are saying it is, but the Apple policy wasn't and the response here was the same. I'll defer judgement until I can actually read it.
> the Apple policy wasn't

The Apple policy on your device ratting you out is abominable and anyone telling you otherwise is trying to sell you a brand.

What you deem illegal might not be the same thing Apple is told to treat as illegal. In this country or elsewhere.

You phone should not be the secret police.

This kind of response illustrates my point.

The apple policy was likely about coming up with a way to enable encrypted photos on iCloud while still having some privacy preserving form of CSAM detection. Since it was only enabled when iCloud photos was enabled it was better for privacy on net than the status quo (unencrypted iCloud photos that are accessible to apple and scanned anyway).

Now we may end up with a worse outcome as a result.

The Bluetooth exposure notification design early in the pandemic was similarly privacy preserving and the average HN response was similarly stupid.

There are just some topics this forum is not a reliable source of accurate information about and this is unfortunately one of them.

This isn’t because I don’t think access to real encryption is incredibly important (I do) - I just think it’s important to get the details right. Otherwise we’ll just get dismissed on these issues for ignoring the specifics and crying wolf on everything.

people are extremely up-in-arms about something that apple already does, and that every other cloud provider do, but when they made it public everyone went crazy. now we don't have CSAM scanning, totally unencrypted and accessible iCloud Photo Library, and for what? because people want privacy.

you don't own anyone else's cloud and you never will, and especially not with government intervention. while i support privacy, i also think it's like freedom of speech, in theory it sounds great but in reality you end up with nazis walking around if you don't have the ability to deter them.

data on my computer == private without a warrant and due cause. data on someone's server == as private as could be, but i don't own it so i can't demand that it be secure from all aspects, especially uploading CSAM.

>people are extremely up-in-arms about something that apple already does, and that every other cloud provider do

>data on my computer == private without a warrant and due cause.

Apple technology was/will track on your phone directly via AI scanning text messages for nudity. The engine lived on your phone, not in their farm. Therefore your second statement I quoted would now be false. That's why everyone (or the ones in the know) was pissed.

Only when syncing photos to iCloud is enabled and the photo is being uploaded. That’s the critical bit.

If it was operating without cloud access I’d agree with you, but it wasn’t so I don’t.

It only makes sense to do this in the context of encrypting the cloud - otherwise it’s a pointless move that hurts PR.

> Only when syncing photos to iCloud is enabled and the photo is being uploaded.

For now.

If a "feature" like this exists, it WILL be abused like many before it.

I don't really buy this, I don't think this feature makes abuse any more likely and it's important to be loud against features that are actually abuse vs. ones that are just adjacent to something that is abuse. The difference matters, particularly when the pragmatic approach could allow encryption of images on iCloud without any actual downside given the constraints. If people act like all actions are equivalent then we'll just end up ignored by legislators. These differences matter.
I don't think this difference is relevant here.

We've seen many technological features that were supposed to be only used in a very narrow use-cases be abused by governments. Contact tracing technologies (for covid-19) being the most recent victim where they are now being used by governments to track political protesters, criminals, and seemingly anyone else that catches their fancy.

I've seen this cycle play out enough time to know better. Governments never relinquish power. If client-side scanning that can report users to authorities ever becomes wide spread, governments _will_ abuse it. Democracies _will_ suffer and humanity _will_ be worse off for it.

Contact tracing is actually a perfect example.

Early in the pandemic the tech companies came together to create a privacy preserving bluetooth exposure notification system that relied on phones and a clever design to prevent this kind of tracking panopticon you describe. See: https://covid19-static.cdn-apple.com/applications/covid19/cu...

The HN response was ignorant and loudly knee-jerk without understanding how any of this worked. It was stuff like this that caused this to fail to get adopted (see: https://news.ycombinator.com/item?id=25629304 and https://news.ycombinator.com/item?id=26957763). This is partly why I ignore HN on topics like this.

Instead, we ended up with governments just doing it via data brokers and other types of way more invasive tracking.

Our response to encryption policy like Apple's that doesn't decrease privacy could lead to a similarly bad outcome.

>Instead, we ended up with governments just doing it via data brokers and other types of way more invasive tracking.

It sounds like you are blaming people's concern for the first technology for the implementation of the second technology. I believe the implementation of the second technology is evidence that the first technology would have been abused eventually anyway.

How about: government, stop tracking/spying on us without a warrant. Apple, don't use my equipment to spy on me without allowing me to turn it off, and the off switch actually works.

> you end up with nazis walking around if you don't have the ability to deter them.

In general this is required if you want freedom of speech at all, because while nazis are seen as bad by $majority_general_population today, that same $majority_general_population in 1940's Germany had their own ideals for what people with certain interests were bad. In theory, even if Nazis took over the entire US Federal apparatus today, they couldn't infringe on the rights of the citizens ands states as they did back then (at least not without hostile takeover and civil war).

The entire deal with CSAM being seen as bad today is that it comes from a belief that reducing and limiting the proliferation of digital imagery containing depictions of minors being sexually abused, it will hopefully hurt the profit margins of organizations that run the abduction, human trafficking, and abuse + abuse imagery production process, via reducing exposure and liming the potential customer base (while also hopefully helping victims heal knowing that fewer and fewer people are viewing said imagery). I'm no expert in whether or not this works, perhaps there's some studies that do qualitative research on this; but either way there's no doubt that E2EE directly harms the work of the likes of PhotoDNA which aim at actually solving the issue of file sharing / image hosting services being used for the proliferation of CSAM, whether that be for advertising to new buyers or simply the means that these groups end up sharing content.

So there really is a tradeoff people have to realize when they consider either side's stance; My point is that HN seems to be almost entirely one-sided on the side of privacy even if many safeguards are put in place to make it private while still enabling detection of abuse imagery, when I don't see anyone proposing more practical privacy-respecting solutions than Apple has proposed. Perhaps people thing CSAM is a fringe thing, but [0]

> (Interpol) Child Sexual Exploitation Image Database (ICSEDB) network of 53 countries holds over a half a million CEM images, which have helped identify around 11,988 victims and nearly 5, 617 offenders over the eight years to December 2017

0: Broadhurst, Roderic via https://openresearch-repository.anu.edu.au/bitstream/1885/21...

> So there really is a tradeoff people have to realize when they consider either side's stance

There is no tradeoff to be made. The US government is explicitly prohibited from interfering with the liberty of its citizens. Every elected official swears an oath upholding this principle.

The government interferes with the liberty of a person when they incarcerate them. The constitution doesn’t give you a right to liberty at the expense of anyone else’s liberties.
> i also think it's like freedom of speech, in theory it sounds great but in reality you end up with nazis walking around if you don't have the ability to deter them.

I mean this in the most gentle and sincere way: This is just fascism of a different color.

When you support the curtailing of freedom of speech, then you enter into a slippery slope where it's possible that new regimes can use that power against you.

In all but the rarest cases where people are harassed and driven to commit suicide [1], hurtful words are just words. Sticks and stones can break your bones, but words can never hurt you.

If you eliminated all of racism, sexism, and anti-LGBT feelings from the world tomorrow, you would still run into people that dislike you. That's just how people are. We're evolved apes, and a lot of us make in-group/out-group decisions on the most trivial lines. Class, style, designer clothing, attractiveness, rivalry, sports teams, school, etc., etc., etc.

No matter how many layers of protection you put on, you will always run into hate and unpleasantness.

You can't remove one of the most liberating and important features of our democracy - one that anticipates all types of futures and stands against any of their possible tyrannies - just to not have hurt feelings. That would be the mother of all bad trades.

When things get physical, there are laws to protect you. Even hate crime laws that escalate punishments. These are adequate protections.

Your brain is going to have to learn how to dust off the hurt. That's what makes us rugged, fierce, and independent.

I've been called a "f*ggot", bastard (it's true), short, ugly, and many worse, entirely hurtful things throughout my life. I'd like to think I'm doing alright despite it.

[1] Restraining orders and other legal protections for people being abused and bullied, especially online, need to be further developed. That said, there isn't a fine line between what politicians such as Ted Cruz face on a daily basis from Twitter and what pushes individuals such as Near to commit suicide.

For what's it's worse (since we disagree elsewhere in this thread) - I'm with you 100% here.

Free speech is an important principle. The way I argue it to people arguing for various forms of suppressing it is that you can't know that you'll be the one with the power to suppress speech. In a liberal (as in classical liberalism) western society it's a core value. That's why we defend the speech of others even when they say terrible things.

I think there's nuance here with private companies since their ability to moderate is an exercise of their speech, but I think Zuckerberg was generally right in his georgetown address: https://zalberico.com/essay/2020/06/16/mark-zuckerberg-and-f...

* For what it's worth

Not sure how I managed to mangle that so badly.

> The apple policy was likely about coming up with a way to enable encrypted photos on iCloud while still having some privacy preserving form of CSAM detection. Since it was only enabled when iCloud photos was enabled it was better for privacy on net than the status quo (unencrypted iCloud photos that are accessible to apple and scanned anyway).

This is an unsupported hypothetical about a future change Apple may have made. The only announcement they made was the client-side scanning which is at best equivalent to the status quo.

Sure, but it’s not a huge leap to think it through. In hindsight they obviously should have waited until the cloud encryption was ready to ship at the same time.

They probably thought the announcement would be good for PR from the general public even without that and were surprised.

If you’re right that cloud encryption was never the plan then I agree what they did doesn’t make sense and they should have just scanned images on the servers instead of bothering with all the fuss.

You were wrong then and you're wrong now. It's not really possible to be cordial about this topic.

There should never be any process acting against the user's interests on a device that they own. Ever. Full stop. The only reasonable option is to do full encryption on the device without any system that allows inspection or identification of the material being encrypted. It didn't matter that vouchers enabled the decryption of the material after a threshold was hit. There would have been logic running on everyone's device acting as a snitch. At some point that functionality would be expanded and abused.

Your optimistic point of view does not align with the reality of how this kind of technical capability becomes misused over time. The ones that create these things are not the ones that control them 20 years later.

It only ran when iCloud was enabled for photos - this makes it essentially a cloud feature. If this wasn't the case I'd agree with you.

I think it's a better outcome if it leads to iCloud encryption.

A reasonable person could think it's better to just have iCloud remain unencrypted and keep that separation strict in a more pure kind of sense (scan of unencrypted photos on server vs. hash threshold test on upload), but I think that person would have to acknowledge that the policy as described (only being enabled with iCloud photos enabled) is not worse (and if it enabled iCloud encryption is better on net for privacy) than the default in terms of what is specifically happening. It's more of an ideological argument about separation of server/device than what the specific implementation was.

> this makes it essentially a cloud feature.

Wrong. Physically, the routines run on the device. It is not a cloud feature by definition. There are no wormholes here. The work happens on the device. When this work happens the device's battery gets drained so it's happening on the device. It's not a cloud feature. Both technically and physically you are wrong here. I hate that you have this wrong and continue to say it. Stop saying it because you are actually lying.

It's not a better outcome because other companies with the follower-like mentality that most product managers and execs have would attempt to copy and one up Apple only to create a worse and more easily abusable implementation, just like the notch. Just like any socially acceptable easily marketable act that can be hashtagged and spread. That idea would have been an infection of the worst kind.

You're kind of arguing a straw man, sure it technically runs it on the phone (I don't dispute that), but only when upload to iCloud is enabled and the photo is being uploaded to iCloud. The latter bit matters (and what I meant by 'essentially'). Running the check on the phone on upload with these constraints is what would enable iCloud to be encrypted.

I don't think there's much point in discussing further, the main disagreement is already visible in the thread.

> only when upload to iCloud is enabled and the photo is being uploaded to iCloud

You have to trust Apple that this will always be the case.

Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).

It's entirely obtuse that this can be turned with product use. Product use that might be triggered at a distance by simply using the "blessed path". Most people won't even be aware this is happening. And that's beyond shameful.

This puts one foot in the door. There will be more. They'll be ramming everything through that they can to spy on you.

Companies should not be trusted with liberty and privacy. Not even Apple.

> You have to trust Apple that this will always be the case.

You're right of course, but I'd argue this is true in either case. If you're using an iPhone you're trusting Apple is doing what they say they're doing and there's not much you can do about it.

> Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).

I actually agree with this general idea (I work on urbit fwiw), I just think in this case you already have to trust anyway. If they're going to lie and do something differently that's bad - I just think that's independent of this policy and the policy specifics matter.

As it is unencrypted iCloud is a worse state imo, but as I said elsewhere reasonable people can disagree with this. The specific policy as described though isn't worse - it's people's assumption that it increases risk of an abusive policy that is. My take is that that risk is there in either case and really independent of this policy.

I've been reading about this same omniscience-lust of our corrupt republican representative democracy since the early '90s. I had thought that it simply sought to become more subtle, more refined over time. However, like any patzer, it is merely satisfied to give check where it appears.

Are we drawn in bitter impasse, or is there some intervening move to which we can avail ourselves?

The best I can muster (other than amassing a Bezos fortune and simply buying every shyster for sale) is to buy every elected shyster for sale (i.e. some rough approximation of five nine's worth of elected officials). My local newspaper reported on a school bus driver who was shot in the head, for which there is a go-fund-me effort. Every such mutual aid stop-gap is an indictment of our benighted society.

Maybe Hobbes[1] had it right, but then again, waiting for a messiah is tantamount to resigning.

[1] I love most the story about him in which he entered the club in which The Elements was turned to the final page. He chortled something on the order of "bullshit" or "humbug" and turned to the prior page: and so on and so forth to the first page where he could find no quarrel. The story is surely bullshit itself, but smells none-the-less so sweet.

(comment deleted)
Dianne Feinstein, senior senator from California and presumably elected with majority support from Silicon Valley, is one of the co-sponsors of the bill. Talk about being out of touch. I also have no doubt that she wouldn't be able to explain a single line of text in the bill if asked.
(comment deleted)
When people think of Silicon Valley I font think pro privacy is the first thing that pops to their mind, quite an opposite actually.
Feinstein voted according to Trump’s wishes more often than many republicans. She routinely pushes legislation that’s designed to destroy the environment, and is unabashedly anti-silicon valley.

The last thing she did that she likes to take credit for was back in the 70’s.

California changed the way its elections are run to allow to democrats to run against each other in the general election, essentially just to eliminate her.

Somehow, she keeps getting reelected.

The only ones outn of touch are the people surprised by this. She, her party, and even the Republicans across the aisle are always perfectly sympatico with the wishes of their mostly identical donors.
Incredible, once again the Senate is completely incapable of doing anything good but gets their shit together whenever it’s time to do something stupid and terrible. Would be better to just vote against the majority going forward, at least try to tie things up so they can do nothing instead of what they end up doing whenever they get around to doing something.

Truly amazing how Chuck Schumer gets a pass in the media for being so utterly worthless.

Right majority or left majority the senate always seems to do nothing but work against the people.
We've never had a left majority in either part of congress.
Depends on your definition of left I guess? Dems held a majority in both houses + presidency 2009-11, and also 1993-95, and 1979-81...
Yeah, but because of obscure technicalities around the filibuster, the Dems need 60 votes to pass their agenda, but the Republicans pass theirs with 50.
The filibuster is just a rule that the Senate made for itself. If you have 50 Senate votes to actually get stuff done you can get it done by changing that rule.

What the Democrats had was 50 votes to wring their hands and say it's impossible. Maybe they have 48 votes to get it done, maybe fewer. But they don't have 50 votes to actually get it done, so it doesn't get done.

It suits several Democrats (famously two, but the real number is likely more) in the senate to say they can't do anything, but that isn't the case, it's a lie. You've probably told lies just like it. Oh, I can't come to the your party, so sorry, we have to er, see my wife's parents yeah. You don't want to go to their party, but you say you can't even though it isn't true.

Almost no definition of "the left" includes all America Democrat party members, much less a majority of them.
https://history.house.gov/Institution/Presidents-Coinciding/...

“Since 1857, the government has been unified 47 times, 22 under Democratic control and 25 under Republican control”

Not entertaining arguments about so and so party isn’t of this or that wing.

Haha okay well I guess if you're just going to ignore facts and substitute it with your own, have at it.

But either way, they didn't say "Democrat" they said "left".

I don't understand why people keep voting them back in?? They've been useless for so long, yet people continue to check the box next to their name. Why?
Some but not all of the reasons: It's virtually impossible for a primary candidate to unseat an incumbent in their own party, and gerrymandering makes it so that opposing parties rarely have solid candidates.
Same for there simply not being another candidate most of the time. If you have a 70% conservative / republican county or state, running democrat doesn't make much sense, and is an especially bad investment for any donors.
You might call it regulatory capture of democracy.
One big reason is that many people will insist that their representative doesn't contribute to a problem, or has a particular reason for doing so that excuses the behavior. It's essentially always everyone else's representative that is the problem, and so they vote theirs back in and the cycle continues.
Welcome to "democracy," where college studies show that only the rich and powerful ever get what they want while the normal citizen is continuously shafted in new and exciting ways.
Mainly because of the two-party system. The pre-selection of candidates forces you to choose between two evils and it most often becomes a matter of the devil you know versus the devil you don't know.
(comment deleted)
Ppl should start to use messenger apps as dump pipes and use a level 3 encryption. https://github.com/enigma-reloaded/enigma-reloaded
I don't know what this is, but I'm more confident in Signal's E2EE than whatever this provides (which I don't know, because the README doesn't include a technical explanation or threat model.)
What you're suggesting is exactly what those corrupt senators want.

The reason why popular E2EE messengers are such a problem for authoritarian governments/regimes is the fact that it's transparent and enabled by default. This means that millions (or sometimes billions) of people have strong privacy without having to know anything about it.

Once E2EE is removed from these messengers, those authoritarians can focus on the rest.

Edit: one thing that really confuses me about this whole war on crypto thing is why would a democratic nation want to remove privacy from people. Don't they understand that democracy is fundamentally predicated on privacy? I have a feeling that they do.

The next step is of course to vilify those who seek privacy, now that it's not the default, switching the rhetoric to suggest that anyone using encryption is surely doing so to hide illicit activities. Privacy becomes illegal at that point.
Maybe next, but surely already current step. Many people are already on that rhetoric.
Yes there will be tons of new open-source end2end encrypted apps that you can install and government shall not be able to enforce it! But the new Act will give them power to proclaim anyone using it a criminal and they can start exercising draconian fines (i.e. hundreds of thousands or millions of dollars life crippling). No matter how you slice this and when you get totality of all possibilities all scenarios end up with world destruction making this the most dangerous and most stupid Act ever!
You can watch the meeting from this morning here: https://www.judiciary.senate.gov/meetings/02/03/2022/executi...

The discussion on the EARN IT act starts around 1:42:00

Any mention of concerns over encryption are with a really incredulous, dismissive tone. I have a hard time understanding whether that's actual ignorance on the part of the Senators, or if it's some kind of theatrics that plays into the broader politics of the situation.

Based on similar things I’ve seen here in Australian political circles it’s because they are so deeply misinformed that it’s become dogmatic. They like to get simplistic overview briefings and dislike getting sufficiently deep briefings that they can be informed of the fundamental flaws that simplistic briefings pass over.

They also decide who works for them so no subordinate will “make them learn” and everyone perpetuates a cycle of ignorance that leads to the establishment of a dogmatic position that people trying to make things seem more complicated are wrong because I have all my own people telling me it’s not that complicated. Unless they care to be informed and ASK for it, it will never happen.

I have no evidence for this, but I think it's highly likely they're using "ignorance" as a form of brinkmanship or plausible deniability. If these senators speak with any of their colleagues, they'll know the risk and reward tradeoffs of these decisions, but they'll choose to side with interests that benefit their own person.

I know Hanlon's razor stands against me, but I just find the dynamics of a highly connected set of professionals in DC too conducive to passive knowledge of these issues to justify a bunch of "key senators" to be fully ignorant on these subjects. I find it way more likely that ignorance is a convenient narrative to push their agenda without accountability from the opposition.

Plausible deniability yes, but even just safety. If I don't engage with a topic in a detailed manner, it's very unlikely I'll say something wrong about it, that could later come back to haunt me. Remember "the internet is a series of tubes"? The guy was hammered for trying to understand a complex topic - and he wasn't even dramatically wrong, just used a metaphor (almost certainly thought-up by someone in his staff) that was just excessively reductionist.

The media playing gotcha has made it fundamentally dangerous for a politician to be publicly wrong on any topic. The reaction is to avoid engaging with complex issues.

Thanks. Lots of commending! They must be a commendable lot.
(comment deleted)
So if you click on the actual article, there is a "TAKE ACTION" button that will email your representatives. It takes about 15 seconds total, if that. Do it.
How come everyone is so surprised and thinks the senators are incompetent? They're all following the playbook and its in not in the elites interest for the average person to have privacy.
Im really in so many minds about this.

On the one hand, encryption shouldnt be necessary.

On the other, much like the RIAA crackdown on mp3s over http brought us torrents and magnets, I would expect the US and UK cracking down on encryption to bring us actually secure clients.

It also stinks of them trying to legalise something they are already doing (see Snowden and the recent declassified cia docs)

I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!

Crooked forces are behind this trying to misrepresent this as ability to read all messages that will allow them to "save the children" which is just an excuse for the "foot through the door" or capability for the totalitarian rule (remember total power inevitably corrupts totally)! If we let our representatives, which do not understand this, vote for this, then we all will regret and have much much harder time to restore right for privacy. There are other both better and cheaper ways that government agencies can protect the children and destroying encryption (or criminalizing it) will not help them, since the real criminals will then use encryption only for their business and we law abiding citizens will be stripped off the ability to use it to preserve our privacy!!!

I contacted my representative, as it takes ~1min. Please I urge all to do it! p.s. I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!

Crooked forces are behind this trying to misrepresent this as ability to read all messages that will allow them to "save the children" which is just an excuse for the "foot through the door" or capability for the totalitarian rule (remember total power inevitably corrupts totally)! If we let our representatives, which do not understand this, vote for this, then we all will regret and have much much harder time to restore right for privacy. There are other both better and cheaper ways that government agencies can protect the children and destroying encryption (or criminalizeing it) will not help them, since the real criminals will then use encryption only for their business and we law abiding citizens will be stripped off the ability to use it to preserve our privacy!!!

Me too!

I don't think people typically contact their representatives, but I figured its a good time to start. The EFF made it really easy to lookup and send a canned message to my senators. I plan to try to call the office tomorrow. I assume I'll get stopped at their secretaries, but even that might be enough to just leave an extra bump of persuasion.

(comment deleted)
In my mind "Think of the children" is synonymous with "ulterior motive". After reading the comments here, I am adding CSAM to the list of synonyms.
Banning encryption because of some people use it to transfer abusive images is literally throwing baby out with the bathwater. Why not ban sending snail mail as well, as it can be used to send abusive images too?
Don't give them ideas.

We might as well ban sending pictures and audio because least-significant-bit steganography is a thing.

At the US Senate Web site at URL

     https://www.congress.gov/bill/117th-congress/senate-bill/3538/cosponsors
on

     S.3538 - EARN IT Act of 2022
I saw in part:

     Cosponsors:  S.3538 — 117th Congress
     (2021-2022)

     Sponsor:  Sen. Graham, Lindsey
     [R-SC] | Cosponsor statistics:  19
     current - includes 19 original

     * = Original cosponsor

     Sen. Blackburn, Marsha [R-TN]*

     Sen. Blumenthal, Richard [D-CT]*

     Sen. Casey, Robert P., Jr.  [D-PA]*

     Sen. Collins, Susan M. [R-ME]*

     Sen. Cornyn, John [R-TX]*

     Sen. Cortez Masto, Catherine [D-NV]*

     Sen. Durbin, Richard J. [D-IL]*

     Sen. Ernst, Joni [R-IA]*

     Sen. Feinstein, Dianne [D-CA]*

     Sen. Grassley, Chuck [R-IA]*

     Sen. Hassan, Margaret Wood [D-NH]*

     Sen. Hawley, Josh [R-MO]*

     Sen. Hirono, Mazie K. [D-HI]*

     Sen. Hyde-Smith, Cindy [R-MS]*

     Sen. Kennedy, John [R-LA]*

     Sen. Murkowski, Lisa [R-AK]*

     Sen. Portman, Rob [R-OH]*

     Sen. Warner, Mark R. [D-VA]*

     Sen. Whitehouse, Sheldon [D-RI]*
Do not let US become China! (or worse)

Government can not stop criminals to use end-to-end encryption. With this bill only regular internet users loose privacy! This is not how it is represented to Senators and instead they are offered a lie while they do not understand, so we need to act. Crooked forces are behind this!

I am Computer Security expert and urge all from point of understanding this both technically and as a value to all of US citizens!

Love how these same senators protect the right to a gun because “only good guys would follow the law”
Right to use end2end Encryption is almost equal to right to bear arms (conceptually) It is even worse (read my practical translation below in another post where this leads to)
(comment deleted)
Well this is defensively not gonna make it easier to get a new agreement for data transfer between EU and US.
(comment deleted)
Which is a good thing for both the European economy and, as evidenced again and again, security.
But it will definitely make it easier for European companies to have a competitive advantage over their US counterparts.