
Bill Proposed to Outlaw End to End Encryption - WA9ACE
https://www.judiciary.senate.gov/press/rep/releases/graham-cotton-blackburn-introduce-balanced-solution-to-bolster-national-security-end-use-of-warrant-proof-encryption-that-shields-criminal-activity
======
dang
Proposed bills almost never go anywhere [1], so barring something highly
unusual, it's best to wait for a state change with more signal, a.k.a.
significant new information (SNI) [2].

[1]
[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20bills&sort=byDate&type=comment)

[2]
[https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...](https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=by%3Adang%20%22significant%20new%20information%22&sort=byDate&type=comment)

~~~
simplertms
Australia passed an assistance and access law a couple of years ago that
forces messaging providers to provide access to E2E encrypted messages. But of
course Signal and WhatsApp can’t do it because of the nature of the
encryption.

In a completely dystopic move towards a surveillance state the government in
Oz has been on tech companies’ cases to give them back door access.

Better not to be complacent. These things start as just winning easy political
points but erode digital citizen rights over time as we normalize surveillance
states.

~~~
throwaway9d0291
The consequences of the bill were widely misreported. From the day it was
passed it had strong exceptions. Have a look at section 317ZG:
[http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214...](http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214/s317zg.html)

You need to keep in mind that the tech media in Australia is just as rabid for
clicks as the mainstream media, if not more rabid.

What the bill requires is that companies give _targeted_ assistance where they
can do so _without_ compromising anybody else's security.

For example removing or weakening E2E encryption is absolutely not permitted
by this bill, let alone required.

What might be permitted, for example, is adding a hard-coded list of account
IDs to an app and if a user is in this list, the app sends plaintext to law
enforcement. This would not impact anybody save the people who have been
targeted.

------
cmdshiftf4
>Incentivizes technical innovation.

>Directs the Attorney General to create a prize competition to award
participants who create a lawful access solution in an encrypted environment,
while maximizing privacy and security.

Is this a joke?

~~~
vsareto
>This type of “warrant-proof” encryption adds little to the security of the
communications of the ordinary user

>"It adds so little but we actually need to remove it because we can't see it"

It'd be funny except for the senate.gov URL

~~~
johnchristopher
I think what they mean to say is “ordinary users don't need crypto for
everyday conversations”. Which leads to “if you got nothing to hide...”.

------
madamelic
The hilarious part is the widespread demand for encrypted communication
happened because of privacy invasions by the government.

The Streisand Effect for communication.

------
bonestamp2
The funny thing is, the government spying on citizens without a warrant is
what popularized this technology with consumers to begin with. So, are we
really going to trust them to get a warrant next time?

------
jonas_kgomo
Does this mean we could no longer use WhatsApp, FaceTime, Signal, and other
simple peer-to-peer projects ? Export of cryptography was written for the Cold
War but still affects developers today. It wouldn't be a surprise if that is
the case since Daniel Bernstein already took a case against US Dept Justice.

[https://en.wikipedia.org/wiki/Bernstein_v._United_States](https://en.wikipedia.org/wiki/Bernstein_v._United_States)

------
echelon
We're becoming more Orwellian day by day.

And our children's children will wake up in a world that looks like communist
China. Where every move we make is monitored, every interaction is scored, and
every associate we have implicates us.

Computers are a fantastic gift, but they're being used to turn us into cattle.

~~~
bonestamp2
> every move we make is monitored, every interaction is scored, and every
> associate we have implicates us

If Snowden is telling the truth, and he seems very credible, we're basically
there already. E2E encryption is among the most promising ways to retain our
Fourth Amendment right (to have protection against unreasonable searches).
Taking away E2EE is akin to taking away our fourth amendment right.

I don't want terrorism or other criminal activity, and I'm sorry if this makes
some security roles more difficult, but the bill of rights must still be
honored. I hope this argued well and goes to the supreme court if necessary.

------
feross
“A society grows great when old men plant trees in whose shade they know they
shall never sit”

The average age of US Senators is 61.8 years, nearly the oldest in U.S.
history. Our policy-makers are seniors who won't be around to suffer under the
consequences of their bad policy.

------
marricks
Oh don't worry folks, it only applies to "terrorists and other bad actors".

God how terrifying, luckily its just 3 arch republicans proposing it, Graham,
Cotton, Blackburn.

God knows though during the next national security crises all democrats will
be onboard.

~~~
_jal
> God knows though during the next national security crises all democrats will
> be onboard.

Not if Pelosi leaves/is supplanted, which I think could happen in the next
congress. She's the major Dem arm-twister on intelligence issues; there are
several others who are likeminded, but she's the power center.

And a lot of the younger Dems are far less impressed with the
intelligence/natsec boogie-man presentations and more aware of
privacy/security issues.

------
meddlepal
This is inevitable whether this bill passes or not. There's simply too many
political points to score here and little downsides as far as the government
is actually concerned.

~~~
madhadron
Unless it says that credit card companies are not liable for fraud due to
intercepted encryption, I would think they would be some of the strongest
opponents of this.

~~~
meddlepal
I haven't read the bill, but these kinds of things generally get amended at
some point with all kinds of exceptions of which I am sure defense
contractors, finance, and maybe health care will be exempt.

------
Animats
It's not in the bill system at "congress.gov" yet.

~~~
Animats
It's not S.4051, but no bill text or summary yet.

[1] [https://www.congress.gov/bill/116th-congress/senate-
bill/405...](https://www.congress.gov/bill/116th-congress/senate-bill/4051)

------
mark-r
So is this broad enough to make https illegal?

~~~
_jal
That is almost certainly already compromised. If the NSA cannot create
arbitrary certs trusted by your browser, I'd be utterly shocked.

There have been several cert-vendor compromises publicized over the years -
how many weren't publicized/discovered, and now many were not compromises, but
rather subversions?

------
scarface74
And this is the same government that HN users consistently want to “regulate
tech”.....

