
New bill threatens journalists’ ability to protect sources - pseudolus
https://techcrunch.com/2020/05/01/new-bill-threatens-journalists-ability-to-protect-sources/
======
dang
There have been quite a few large threads about the EARN IT act:

[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=comments%3E30%20%22earn%20it%22&sort=byDate&type=story)

This one doesn't seem to add significant new information:

[https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...](https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=by%3Adang%20%22significant%20new%20information%22&sort=byDate&type=comment)

~~~
suizi
It's understandably a very controversial law, but there hasn't been any new
information in a while. There may be some coming when they hold another
hearing.

------
RcouF1uZ4gsC
This is akin to reporting “Giant asteroid on collision course with earth, many
journalists expected to be killed.”

Basically, the article is saying that the EARN IT act would defacto outlaw
end-to-end encryption. Thus people could not securely communicate with each
other. One group of people affected by this would be journalists trying to
securely communicate with sources.

~~~
Paul-ish
Focusing on concrete harms is important. In front of the supreme court you
want to be able to say "This law is devastating to journalism, a fundamental
institution in our democracy." Rather than sounding like a screeching privacy
activist to nine nontechnical judges.

~~~
RcouF1uZ4gsC
And the justices will point out that journalism predates end-to-end encryption
and investigative journalism used phones and mail and in person meetings quite
effectively.

~~~
slowmovintarget
And they would be incorrect. End-to-end encryption existed long before
journalism. Ciphers have been in use for a very long time. Romans used ciphers
to encrypt messages.

That the medium of transmission of the message is different should make no
difference.

What it boils down to is whether people are allowed to have private speech or
not. Any argument that says I'm not permitted to write an electronic message
to you in a way that only you can read is fundamentally equivalent to one that
argues I cannot speak to you where someone else is unable to record.

I can't tell you which part of the U.S. Constitution pertains, but I'm fairly
certain the Founding Fathers had a robust belief in the right to maintain a
private life separate from a public life. Having zero separation between
public and private was a more primitive state in ancient Athens, for example.
One of the advances of Republican Democracy as a form of government was to say
that a) there is a distinction, and b) the government should be restricted
from interfering with private life, so long as your actions didn't damage
someone else's freedom.

The Founding Fathers explicitly denounced legal _mechanisms_ that could be
used to encroach on things like a mother expressing her opinions to a child,
or teaching them religion. The trade off for this freedom was to make it
harder for the government to police. It was a trade off gladly accepted,
because it was well and viscerally understood what the other side of that
equation looks like.

We seem to have forgotten that.

~~~
pmiller2
I believe that, with respect to government, the separation of private and
public life you’re referring to falls squarely under the 4th amendment.

The open question to me is how we can maintain this separation with respect to
employers. The nature of employment as changed dramatically since the early
days of the republic, and I don’t believe the Founding Fathers could have
conceived of the type and size of employers we have today.

That employers have abused their power over employees to control their private
lives is a matter of historical fact (see the Ford Sociological Department:
[https://jalopnik.com/when-henry-fords-benevolent-secret-
poli...](https://jalopnik.com/when-henry-fords-benevolent-secret-police-ruled-
his-wo-1549625731)). Clearly, we need legal protections for workers to prevent
these types of abuses of power.

------
cataphract
So, this seems to be the gist of the article.

> [I]t’s not possible to identify [child exploitation material] without also
> having the ability to identify any and all other types of material — like a
> journalist communicating with a source, an activist sharing a controversial
> opinion or a doctor trying to raise the alarm about the coronavirus.

Other people suspect that the real goal of the bill is to force
facebook/WhatsApp et al to do away with end-to-end encryption, which would be
the only way the companies could police the material (and AG Barr has
"expressed his desire for this outcome":
[https://blog.ericgoldman.org/archives/2020/03/the-earn-it-
ac...](https://blog.ericgoldman.org/archives/2020/03/the-earn-it-act-
partially-repeals-section-230-but-it-wont-help-children.htm) )

~~~
0xy
The EARN IT act is not about child exploitation at all. Because the effect
will be the opposite -- it'll be pushed underground and away from law
enforcement's reach.

It will put children in direct danger in order to further the actual goals of
the legislation, which is to effectively ban E2EE in order for the
intelligence community to put more deep surveillance in place.

~~~
c3534l
I agree. These things are really about expanding bulk collection programs, not
about catching whoever the big bad guy is at the moment.

~~~
0xy
Australia's metadata retention law was sold as a child protection scheme, and
immediately after it was made into law it was repeatedly abused by
intelligence employees to spy on girlfriends, used to investigate petty crimes
and given out to any government agency who asked for it including local
councils and tax agencies.

As soon as it's law, the children are irrelevant. This is mass surveillance
legislation, and child protection is the shiny marketing.

------
AdmiralAsshat
The scary part about the EARN IT act is that I've written both my congressman
and my senator (both Democrats), and they're completely on board with the
"Think of the children!" bullshit justification for this. I _really_ expected
better out of Mark Warner.

~~~
snarf21
Fear-mongering wins elections. It is a sound bite. "Senator Mark Warren thinks
we should protect criminals who exploit children!!!!!" The general voter
doesn't care about the rest of the details. People are afraid to be on the
wrong side of it. If this doesn't pass, then even a single case is proof that
we should have voted yes on EARN IT.

~~~
the8472
Why does "think of the children" work but "senators want to look into your
bedroom" doesn't?

~~~
filoleg
Because you can come up with all sorts of rebuttals from certain individuals,
like "I don't care if they invade my privacy, they are welcome to look into my
bedroom all they want, there is nothing interesting there". We already see a
form of that reasoning from people regarding personal data tracking, saying
stuff like "i have nothing to hide".

On the other hand, you cannot come up with a similar simplistic argument when
someone brings up "think of the children" without giving out some really bad
soundbites of yourself. You cannot just say "well, I don't care about
children, it wouldn't affect them much anyway" without being represented as a
heartless moron by the opposition.

Disclaimer: this is just all for the sake of the argument. I, personally, am
very strongly against this "think of the children" bs tactic and am fully in
favor of E2E encryption. It is just sad that the "think of the children"
argument is so effective solely due to the emotional appeal and how difficult
it is to fight against that argument without coming off in poor light.

~~~
triceratops
Flip the script: "Senators want to look into your children's bedroom".

Weakening encryption endangers _everyone_ , children included. I don't want my
kids to be using digital products that can be backdoored by bad actors.

~~~
filoleg
That move would be pretty high-risk/high-reward, but I would be for sure
cheering if/when that happens.

------
seph-reed
> The same New York Times investigation found that law enforcement agencies
> devoted to fighting online child exploitation “were left understaffed and
> underfunded, even as they were asked to handle far larger caseloads.” The
> National Center for Missing and Exploited Children (NCMEC), established by
> Congress in 1984 to reduce child sexual exploitation and prevent child
> victimization, “was ill equipped for the expanding demands.” It’s worth
> asking, then, why EARN IT does not instead empower these agencies with
> additional resources to solve crimes.

This is a very striking point that I think even the least tech aware person
could understand.

Also, the acronym EARN IT is marketing genius for the US. I can really easily
see that convincing a lot of people of its validity just because it's kind of
sassy/obstinate and for some reason Americans gobble things like that up. "You
want encryption? Well why don't you EARN IT by not being a pedophile. - Karen
2020"

~~~
0xy
The EARN IT act is not really to prevent online child exploitation. It can't
be. Because this act will push the people involved in those practices
underground to places that cannot be censored like Tor.

In fact, the EARN IT act puts children directly in danger.

When evidence of child exploitation is pushed out of the regular internet, it
becomes much harder to discover and prosecute.

~~~
JoeSmithson
Do you have any experience in investigating online child sexual offences?

I am just wondering what basis you are making claims like "the EARN IT act
puts children directly in danger".

------
enitihas
I never understood one thing about American Politics. A lot of folks who are
fierce advocates for people being able to keep weapons, go quickly up in arms
against encryption. As if the guns somehow can't harm the children. Even
though the US has had so many school shootings, it seems a lot of politicians
are still hell bent on saying encryption harms children, while guns somehow
don't land in the conversation.

~~~
0xy
Playing devil's advocate, it's easy to say there are far more victims of CSA
and child pornography than of school shootings among children.

Personally speaking, I think opponents of encryption and guns are in the same
anti-freedom camp. Neither should be banned or regulated because all arguments
in favor of those things I find to be dishonest or questionable.

Gun deaths are on a consistent downward trend for the last 30+ years despite
record gun and ammunition sales. Plotted on the same chart, you'll find as gun
sales increased the amount of gun deaths was decreasing at the same time. This
isn't to say they're correlated, my argument is that they're not correlated in
either direction (and so a ban argument makes no sense).

~~~
_hl_
> Playing devil's advocate, it's easy to say there are far more victims of CSA
> and child pornography than of school shootings among children.

Is there any decent data that backs this up? Anecdotally, I have always felt
like CSA is a fairly niche issue that is blown way out of proportion, but I
don't know how/haven't bothered to confirm or deny this belief.

EDIT: I found this:
[https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4311357/](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4311357/)
which seems way too high. Then again it's not exactly something the victims
would openly talk about in most cultures, so maybe I'm severely
underestimating the prevelance of the issue?

Nevertheless, if it is true that 95% of perpetrators are well known to the
victim, that doesn't sound like this abuse is happening online. So I don't see
how backdooring E2E could possibly help here.

~~~
DanBC
About 1% of the male population has a sexual interest in children. Most of
these people will never act on that interest, but some of them do go on to
commit offences.

There is a range of jargon, and that makes searching for information a bit
trickier.

OCSE = online child sexual exploitation. CSEA = Child sexual exploitation and
abuse. CSAM = child sexual abuse material.

Here are some UK stats:

> Law enforcement agencies in the UK are currently arresting around 450
> individuals and safeguarding over 600 children each month through their
> efforts to combat online CSE.

> In the UK alone, it is estimated there are 80,000 people who present a
> sexual threat to children online.

> Statistics from the National Crime Agency (NCA) show that last year 2.88
> million accounts were registered globally across the most harmful child
> sexual abuse dark web sites, with at least 5% believed to be registered in
> the UK.

These are good reports, although they're obviously written from a child
protection viewpoint.

[http://www2.paconsulting.com/rs/526-HZE-833/images/WePROTECT...](http://www2.paconsulting.com/rs/526-HZE-833/images/WePROTECT%202019%20Global%20Threat%20Assessment%20%28FINAL%29.pdf)

[https://homeofficemedia.blog.gov.uk/2019/06/25/fact-sheet-
on...](https://homeofficemedia.blog.gov.uk/2019/06/25/fact-sheet-on-online-
child-sexual-exploitation-and-abuse/)

[https://www.iwf.org.uk/report/iwf-2019-annual-report-zero-
to...](https://www.iwf.org.uk/report/iwf-2019-annual-report-zero-tolerance)

>> Nevertheless, if it is true that 95% of perpetrators are well known to the
victim, that doesn't sound like this abuse is happening online

But that abuse often gets put online, or is traded to access other images.

~~~
suizi
How do we know 1% of the male population has such an interest?

How do we know it is often put online? Surely, it's incredibly stupid to
upload evidence of yourself committing a crime? How much is happening behind
closed doors that does not? Can we even tell?

------
showerst
That article said nothing. Here's the bill text for the curious:
[https://www.congress.gov/bill/116th-congress/senate-
bill/339...](https://www.congress.gov/bill/116th-congress/senate-
bill/3398/text)

------
gnicholas
This was the least informative article I’ve ever read on TC. It does not make
clear how the ability to protect sources is endangered.

Can’t journalists continue to protect sources by not naming them, and
communicating via encrypted apps? What is changing?

~~~
colejohnson66
The EFF has a good write up that explains what’s actually wrong with it[0].

[0]: [https://www.eff.org/deeplinks/2020/03/earn-it-act-
violates-c...](https://www.eff.org/deeplinks/2020/03/earn-it-act-violates-
constitution)

------
the8472
Do cloud providers require section 230 protection for mere hosting? Or does
the buck stop at their customers operating user-facing services on their
infrastructure?

------
smsm42
I read the whole article and couldn't understand what the proposed legislation
actually proposed, specifically rather in vague "it's gonna cause problems!"
way. Completely terrible journalistic work. Ironically, in an article
emphasizing how important it is to protect journalists.

~~~
suizi
The article doesn't really add much that we didn't know already (through other
articles). You can search EARN IT on here or EFF for details or Signal's
write-up on it. They want to hold people liable for "reckless endangerment"
for offering anything that could be used to facilitate child exploitation.

Encryption by it's very nature makes it very difficult to pursue, Barr has
pushed much rhetoric of what he would push in the committee for this bill, and
the writers of the law refuse to specifically exempt encryption despite having
many opportunities to do so.

------
suizi
[https://news.ycombinator.com/item?id=23040209](https://news.ycombinator.com/item?id=23040209)
CLOUD Act may also be attack on encryption.

------
whylie
I like the sound of that. I hear the words "according to someone familiar with
X" far too often. Not interested in speculation, hearsay, gossip, scapegoat to
promote one's own intentions...Lazy and agenda ridden through and through.

------
supernova87a
Sometimes I wonder if there are unintended side consequences of an explosion
in the ability of people to be private and have all their concerns / issues
kept private (or more strongly, anonymous). And sometimes it makes me feel
like an old Scalia for asking whether privacy is really a fundamental right.
Or at least, whether we're fully considering the downsides of privacy as
strongly as its benefits.

Privacy now lets us hide things that we didn't want others to intrude upon.
That may be a good thing. But I can also imagine that a byproduct of
increasingly stronger privacy is that the social function of monitoring and
group shaming of bad behavior is diminished. You no longer are allowed to know
what your neighbors are doing, or speak up because someone's privacy might be
violated. People used to know what taxes their neighbors paid. If you didn't
want to be gossipped about, you didn't engage in certain behaviors.

It cuts both ways I think. People now can report on things privately, yet
increasing privacy itself enabled more bad behavior.

Privacy (and anonymity) allows people to get help that they previously felt
ashamed to raise or report. That may be a good thing. But maybe it also lets
smaller and smaller (more individual) concerns take the stage away from things
that are bigger more pervasive but less attention-grabbing important issues.
Maybe we become a more individual-focused society because we gravitate towards
paying attention to individual stories of troubles.

I don't know. I'm not an expert in this area. But I wonder if sometimes
privacy isn't overdramatized by its advocates and painted with the positive
brush when there are negatives as well.

~~~
snarf21
This is the "I've nothing to hide" fallacy. The question will become: who gets
to decide? Who will watch the watchers? If everything you say and do is
captured, it won't be societal norms but some singular point of view based on
who is in power. Governments have shown an inability to protect citizen's
rights when give this kind of power. Look at China and North Korea and Russia
for proof. We don't have to conjecture about this, we know. Absolute power
corrupts absolutely. I prefer freedom with consequences.

Honest question: do you know your neighbors are doing _today_ , pre EARN IT
passing?

~~~
supernova87a
Well, I'm certainly not advocating for the "you've got nothing to hide"
position. I'm not even actually engaging on the specific topic of this thread,
the journalistic vs. anti-crime etc aspect of privacy.

What I'm talking about is that the technologically-driven, everyone-of-course-
wants-more-privacy natural inclination will produce certain side effects that
you may not realize. And at some point governments (or social networks, down
to the neighbor-level) will be powerless to counter -- and again I'm not even
talking about those anti-terrorist/anti-crime points. I mean the gradual
degradation of a sense of community. There's a bunch of writings on this
topic.

~~~
suizi
The fall of close knit communities could be attributed to the rise of
urbanisation, rather than privacy.

