The End of Your Digital Privacy?
If you use the Internet, listen up, this affects you! Two critical data privacy bills currently in U.S. Congress are threatening our Internet freedoms. In short, the EARN It Act and LAED Act could ban encryption and destroy digital privacy as we know it. Naomi Brockwell recently invited me to a livestream discussion on the topic.
Why do I care about these bills and why should you?
These acts will negatively impact all companies in the U.S. doing business on the Internet and all users of social media, email, cloud storage and data servers. With such catastrophic consequences, I feel it’s imperative to share the key points of our discussion with the community. But first, some background.
If these two bills pass, it would essentially make it illegal for online businesses to protect your privacy in the United States.
My company builds tools to protect your privacy. Sense Chat is a private messenger that provides end-to-end encryption so messages are completely secure and only the sender and receiver can unlock them. This act would force us to move our headquarters or radically change our platform. Sense Chat also has public channels where communities can share content, which are also at risk under recent issues within the Presidency relating to free speech online.
You might have noticed President Trump’s public argument with Twitter, on its own platform, about the censorship of his tweets. It resulted in the Executive Order on Preventing Online Censorship which has snowballed into a government level attack on the titans of the social media industry. Be aware, this does not just affect the platforms you use, it affects every user.
First, a quick summary of the two bills we cover in the interview, then a look into our discussion on how they affect service providers and citizens of the Internet:
The Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, would amend Section 230 of the Communications Decency Act, which currently protects Internet free speech by stating that online platforms can’t be held accountable for the content users post on them. Users are free to sue each other, but platforms like Twitter, Facebook and WhatsApp that host the speech in question, remain immune to legal recourse.
The amendment proposed with the EARN IT Act turns liability for all user data onto the platform, even if the platform does not currently access it (such as encryption). It states that “interactive services providers” would be required to comply with “best practices” set by an unelected committee appointed by the Attorney General. The “best practices”, designed to curb the worst case scenario, would compel tech companies to institute broad reaching censorship practices across their platforms, in order to protect themselves from liability.
These practices would likely include dismantling encryption. If they do not comply, they can get sued by anyone, including the government.
While “interactive services providers” does not include devices, it does include social platforms, email and cloud services: basically every communication and data storage platform humans use online. You might not notice that all of a sudden in the background, every service you use to communicate is required to hand over your private data at any point the government requests it.
The EARN IT Act is our government’s backdoor attempt to ban encryption. According to the Electronic Frontier Foundation, it is no less than a violation of our first and fourth amendment rights of the U.S. Constitution.
Now to the Lawful Access to Encrypted Data (LAED) Act, which would require tech companies to provide law enforcement access to encrypted data requested via search warrant. According to the Brookings Institution, the LAED “would ban providers in the U.S. from offering end-to-end encryption, encrypted devices that cannot be unlocked for law enforcement, and indeed any encryption that does not build in a means of decrypting data for the police. Security researchers and civil-rights advocates have long feared the introduction of such a radical bill, and now it’s finally here.”
What effects will these bills have on society if they go through?
From a human perspective, we would be saying as a society that we no longer afford our citizens the right to privacy.
How is giving our government the ability to read our email and our private messages any different than allowing them to tap our phones or install video cameras in our bedrooms?
From a business perspective, this will force major tech companies like Apple and Google to move to countries that allow them to continue offering their products as they were sold and intended. People need to understand that email is not encrypted…it’s impossible to encrypt because the client opens on multiple devices. If this Act goes through, people will need to go through their old emails and delete sensitive, private information and photos. If the government is going to push these acts through and require access to data on servers, these apps and platforms should simultaneously communicate to users how their data is stored and where, so that they fully understand the risks they are undertaking.
This also means companies taking the time and the responsibility to create readable privacy policies that their users can easily understand.
How will these acts affect private messaging platforms?
Private messaging with a backdoor is no longer private. Messaging is the most personal inbox we have, and most people assume just because they have a 1–1 chat, no one else is looking. This isn’t true. And this is exactly why we are building an alternative with Sense Chat.
Keep in mind encrypted data goes beyond messaging — to email, cloud storage and beyond. Many people assume email is encrypted but it’s not possible to have E2E encryption and also allow you to access email through many clients. Companies like Proton Mail offer encrypted email, and are already ahead of the game on jurisdiction.
Proton mail says “secure email based in Switzerland” as a top headline on their site, which means they store their data in a country that values data security and neutrality. This means other tech companies will follow suit.
What position does this put private messaging companies in right now?
Companies providing E2E encryption will have to institute and disclose new policies, such as compromising your data to the government, or quickly pivot to a new model. The Web 3 movement is already ahead of this curve. The blockchain tech industry has been building decentralized and distributed products, anticipating the need for a more user-centric Internet in which there is no centralized control threatening the integrity of our global freedom to web.
What are leaders in privacy doing to help fight against this?
We are building Sense Chat messenger, an app that keeps user data private. Neither our team, nor third parties, will have access to it.
We want users to have the right to peer-to-peer messaging with no intermediaries, just like crypto wants you to be able to use digital cash without going through an institution that can compromise you. I’ve been championing this practice for years and we are only building one small tool to combat one aspect of the problem. We need to tackle this issue from a social media standpoint, from content sharing and distribution and anywhere else your digital identity is involved. New social media platforms like Voice are getting us closer.
Your privacy is not something to negotiate. It is an inherent human right.
How is E2E different from normal encryption? Why is it important?
E2E allows data to be encrypted in transit and at rest on the servers so that only the sender and receiver can view it. The best way for E2E encryption to be effective is if the end user stores their own keys, kind of like how bitcoin works. Only the intended recipient can claim the message — or the funds. Normal encryption has loads of problems including hacks and backdoor access and will be subject to failing with quantum computing. We’re talking about much more than just your tweets or public Facebook posts.
What are some liability issues that come from companies keeping data on users or having backdoor access?
Companies shouldn’t hold user data unless it’s their specific service, like Dropbox, because the consequences of user data landing in the hands of third parties can result in life-changing outcomes. Facebook aggregates user data, and sells it to a 3rd party who sells it to insurance companies, who use it to raise rates, deny people coverage, or deny applicants credit for things like home loans. Even if you use “friend mode”, that data is still harvested and aggregated by Facebook and sold to third parties.
How does the latest Twitter hack prove that master key/god mode access puts users at risk?
It’s unbelievable that today we still have massive companies using a simple password. Two-Factor authentication is a good middle step, if it’s enabled. It’s ok to trust a platform to have custody of your keys as long as it’s done responsibly, like multi-sig. Inherently, you don’t own your data or your keys on a platform like Twitter, so if they choose to store your password in plain text, or allow god access to their systems, that is their fallacy but also their right. We need to start demanding better tools with more security. Especially for people with millions of followers!
Twitter, email, facebook, our messaging services: these all control parts of our digital identities. Do you think companies take protecting these digital identities seriously enough?
Historically large platforms have not protected our identities, they have profited from them. If you consider email messaging, add Google to the list of services. The US government can issue a subpoena to access your Gmail.
From the narrow perspective of our company, because the core of Sense Chat’s offering is encrypted messaging, the EARN It Act would essentially allow the government to make our business illegal. For society at large, the Earn IT and LAED Acts together would ban private / encrypted messaging, give government access to our private email communications, force widespread censorship across social platforms, and allow law enforcement to legally demand tech companies in custody of our data, to release that data when presented with search warrants.
What will Sense Chat do if these bills are passed?
These acts would require a change in our core encryption technology to allow a backdoor for the government to access and potentially require censorship of user data. Today, Sense Chat does not have any access to user data. Our end-to-end encryption stores users the keys on their own devices, not on company servers. If these acts become laws, it could become illegal to store encrypted data on servers, and companies which do not comply using industry giant service providers like Amazon Web Services or Google would get booted off.
We’ve already discovered how to handle this. We’d change our entire model by moving to a decentralized system of servers with nodes. In fact, as a Web 3 forward technology, it’s on our roadmap already and is the larger goal for the future of our company. Our first messenger, EOS Chat, partially achieved this utilizing the EOSIO blockchain and we are ready to do it again, this time in a better, more scalable way.
You can be sure that no matter what governments do to try to control technology, the technologists will keep hacking. Technology evolves whenever human problems need solutions. Keep looking for better options to the centralized services you use, and always read the policies.
Crystal Rose, CEO Make Sense Labs
Private message me on Sense Chat @crystal
