United States, Congress, University Of Maryland Center For Health And Homeland Security discussed on The CyberWire
And joining me. Once again. Is Ben Yellen. He is from the University of Maryland Center for Health and Homeland Security. Also my co host on the caveat podcast Ben Great to have you back interesting Article Came by from Mash -able And this is something you and I have been talking about quite a bit over on caveat and that is the earned act which is Something making its way through Congress but It's gotten a response from the folks who make the signal APP which is end to end encryption Communications APP allows you to text and have audio conversations and video and so forth They're saying they may pull out of the US market. If this earn it act goes through a help us understand what's going on here. Sure so the earned act was introduced in the United States Senate. And you know you and I love Legislative acronyms eliminating abusive and rampant neglect of interactive technologies. Act of Twenty Twenty. They even included the word. It the acronym so that high praise absolutely. The bill has a bipartisan sponsors. And it basically is a way to make companies comply with best practices in terms of encryption based on the recommendations of a government-appointed commission. Now the way they will try to enforce these best practices is to remove the protections under section two thirty of the communications decency. Act as your listeners. Know and we've talked about the caveat that act as shields companies from liability based on what the users post on those applications or services if the earn it acts were to be an accidental law and the commission put together regulations that were critical of end to end. Encryption services like signal then signal could be subject to a number of lawsuits under section two thirty of the Communications Decency Act and what signal is saying is it would not be worth it for us to do business within the United States if we were subject to those lawsuits I think their fear is certainly a legitimate one. The commission is largely going to be at the direction of the attorney. General the Attorney General of the United States. William bar is a foremost One of the foremost critics of end to end encryption encryption generally he supports a back door for the government to access information he has his legitimate reasons behind it. This bill is intended to curb child abuse. Child pornography those types of things But he is very hostile to the concept of encryption and if he has his hand in putting these regulations together you know this is likely going to be something that signal will choose not to comply with because it would go against the mission of their messaging service and if they fail to comply they would be subjecting themselves to legal liability and would have to leave the market And they let their their users know about this In a long blog post basically said. Look if you enjoy our application you better start making some calls to your senators Right now this. Has BIPARTISAN SUPPORT? There is a lot of opposition among privacy groups. And we need you are users to make your voice heard to tell your members of Congress that you value our service value end to end encryption and you think earn it act is gonNA undermine that surface well in a lot of folks Make the point which which I think is correct. That encryption is is not exotic so if we're trying to protect ourselves from bad guys there's nothing keeping a bad guy from going off. Shore of the United States and finding some encryption some end to end encrypted APP. That's available somewhere else and making use of it right. And in that sense the sort of introduced a perverse incentive for people to use overseas applications applications. That you know aren't headquartered in the United States because as you say this. This encryption is going to excess. It's just whether you know. The commission rights into regulation that this type of encryption doesn't comply with the Commission's best practices and thus companies are going to be subjected to this flood of lawsuits. So I think you're right that any bad guy could find encrypted application. There are a lot of them out there especially those that originate outside of the United States. I think that's a large purpose for such widespread opposition to this piece of legislation in Congress. And I actually just commenting on that. Opposition it's interesting because for people who don't know a lot about digital privacy when you read the Plain Language of this act. It seems like a no brainer. You know we're trying to protect against child exploitation. Let's put best practices in place to ensure that you know the government can get bad guys if it needs to. So it's good that the that these privacy groups And you know some of these applications like signal that have a loyal user. Base are are getting their voices heard on this matter. I isn't it sort of That phrase best practices. Isn't that a bit loaded in this case it? Is You know. Best Practices as consultant. Speak so you know I'm always. I'm always wary of fat term. They're using best practices but when you're threatening to remove a liability shield not really best practices. It's more like do this year. Get sued so that's company Nice Company. You've got here abuse. Shame if anything were to happen to it exactly. Yeah like this is a good idea for you. It will be good idea for engage in these practices. Not You're going to be sued at business if you don't comply so yeah definitely is a loaded term all right. We'll bend yell and thanks for joining us. Thank you dave. And that's the cyber wire links to all of today's stories. Check out our daily briefing at the cyber wire dot com and for professionals in cybersecurity leaders. Who WANT TO STAY. Abreast of this rapidly evolving field sign up for Cyber Wipro. It'll save you time and keep you informed. Listen for us on your Alexis. Smart Speaker to thanks to all of our sponsors for making the cyber wire possible especially are supporting sponsor observed approved point company and the leading insider threat management platform learn more at observant dot com cyber wire. Podcast is proudly produced in Maryland out of the startup studios of data tribe with their CO building. The next generation of cybersecurity teams and technologies are amazing. Cyber wire team is Elliott Peltzman Peru precaut- Stefan vizier. Kelsey bond. Tim No Dr Joe. Kerrigan Herald. -Tario Ben Yellen Nick Valenti Gina Johnson Bennett Mobile Chris Russell John Patrick Jefferson. Rick Howard. Peter Kilby I'm Dave Bittner. Thanks for listening so you back here tomorrow..