What's new with "earn it" / "chat control" and impact on free software with and to and encryption?

Hello!

First, i please you to note my English is not perfect and i thank you in advance to answer in simply word. (And apologies me if some of my sentence are not perfect)

As said in the title, I’d like to know that happen with this law or project of law witch ask all software and all data storage system made in USA to give a backdoor to the American government?

With this law how to trust and American software? (or hardware)

1 Like

Link to the law?

This is from 2020.

From EFF:

Signal:

“think of the children” angle, right

The UK has a campaign like that these days too, nowhere to hide or some sth.

Anyway, not sure if it directly impacts F-Droid since we don’t offer such services.

Yeah… We will destroy your rights and freedoms because we care about children.

We are going to destroy private property for the middle and lower classes, you will have nothing and you will be happy because we care about climate change.

We’re going to inject experimental medical treatment into children who don’t even need it because we care about your health.

Always the same story.

What do you mean? I think there is a lot of software with and to and encryption here (mail with PGP, Silence, Jitsi and similar …) In F-Droid there is a lot of software witch normally grant to communicate with confidentiality.

It’s different to ask to have an exceptional access for some people suspected by a judicial authority than suspected all citizen of all country in the world of being murderer or sexual predator…

Yes, I’m afraid of the kind of liberty we will leave to our children…

So if i understand (with my French-English :smile:). The “earn it law” seen to be active but Signal and other American software still claim to be with and to and encryption. To me, it seen to don’t be logical.

Maybe as Licaon suggest, it may be useful to see the law for understanding it.

In case it can help, may i suggest to put a flag on software of F-Droid to see, the national law apply to software proposed?

To add a detail, i think, if they want to break some communication encrypted, they can, i see that google have an quantum computer
ordinateur quantique Google-Nasa
I’m not sure they can break all the encrypted flow…

As I read it, it’s about the messaging services themselves, not about the “apps delivery”.

OK, i understand what you mean.
In this point of view, you’re probably right.
In the point of view of an user I’m waiting for a free software to be informed of the privacy term (i hope so with private software, but with less trust… :smile: )

I’m a little familiar with this, the earn act actually has not passed so it’s not a passed law.
So what it’s about is, the government wants to see messages including encrypted and what it does is it removes the section 230 protections from a website or app if they don’t comply.

If it did pass it would affect big and small websites and apps.
If an app did not comply, then after losing the section 230 protections for not complying they could be sued for any and every illegal thing a user would post or publish on a website (think places like Facebook or Instagram posts or Youtube comments. Which it’s a lot of money to lose.

As of now, it’s not law.

As of now there is actually no law in place weakening encryption in the u.s. but many attempts to make it happen but failed.

On top of that this would not affect f-droid because all the apps (or most) are not directly controlled by F-droid but other companies or individuals, those people are the ones that would be affected but not app store, unless F-droid was encrypting personal messages which (that I know of) they are not, but it’s instead the app individual app maintainers.

[I edited this post a few times if you already ready i’d recommend reading it again for more helpful information involving the earn it act.)

It was reintroduced recently: https://www.techdirt.com/articles/20220131/22423648395/senates-new-earn-it-bill-will-make-child-exploitation-problem-worse-not-better-still-attacks-encryption

[WebArchive] https://web.archive.org/web/20220202111802/https://www.techdirt.com/articles/20220131/22423648395/senates-new-earn-it-bill-will-make-child-exploitation-problem-worse-not-better-still-attacks-encryption

This happens alot in the us where bills get introduced but as long that the politicans voting don’t jump on it (which the news articles or other sources online would tell you if you keep up with this stuff.) then it’l just end like the last time it was introduced so untill theres an actual vote on it I wouldn’t worry too much untill then.

That’s why these types of bills usually fail, sure the 2 or 3 of the politicans that created it might reintroduce the earn act because it’s what they want in law but if other politicans don’t jump aboard it goes nowhere.

So as now, for you, this sort of affirmation reed en Wikipedia in this page seen to be true or false :

La législation américaine actuelle permet à l’État fédéral d’imposer à WhatsApp, comme à toute autre entreprise américaine, l’introduction de failles de sécurité ou de portes dérobées tout en lui interdisant d’en informer ses usagers, comme l’a révélé Edward Snowden

translation (by Reverso) :

Current US legislation allows the federal state to impose on WhatsApp, as on any other US company, the introduction of security breaches or back doors while prohibiting it from informing its users, as revealed by Edward Snowden

I knows that not all things in Wikipedia are true…

I know it says whats app but that doesn’t involve encrypted mesages but it just involve unencrypted mesages.

For example, an unencrypted server would have to give the gov a way into mesages when requested of certion users, so basicallyba backdoor into user accounts data. (think of Facebook profiles and messages which use to always be unencypted) they could just go in and see pretty much everything.

An encrypted server would have to send the mesages too the gov as well but would not be required to unencrypt them unless under very specific cerconstances. Such as the gov having any proof of a crime being comited by a user. So the gov would just be stuck with the encrypted text.

For instance, why doesn’t the F-Droid website at least have a banner warning about it?

For those who don’t know, it’s a US anti-encryption bill that has potential to essentially end digital privacy as we know it by putting legal pressure on software and hardware vendors to implement backdoors like those proposed by Apple

The Senate Judiciary Committee has already voted to advance it, the only thing that can stop it now is overwhelming public pushback…

The FOSS community seriously needs to mount a SOPA-style campaign to raise awareness, but instead there’s a deafening silence…

This wouldn’t impact the store diectly and F-droid isn’t mainly focused on encryption (not saying they don’t look at it at all) it’s an app store that focuses on hosting different kinds of open-source apps it would make more sense for specific end to end encryption app maintainers to speak out about this because these groups would be the people directly affected not necesarily the F-droid app store

as: they only host the encrypting apps but not the encrypted messages and texts. If you want real and legal encryption you need to start using offliine encryption apps such as (the apps are both on f-droid

Standard Notes: an offline note encrypting app although it does have the option of backing up online which if earn passes i’d suggest not to.

I found an interesting app that will basically allow you to do your own encryption on apps that do and don’t even support encryption, your friend and you would need the same app to decrypt it and the password. Since it is your own encryption and not the websites it’s harder to install a backdoor then if you were using their own encryption.

The app is called SimpeTextCrypt

I believe it should still be mentioned as well, if only to spread awareness.

Who knows, government these days may say some bs preventing F-Droid from hosting any apps to do with Encryption/Privacy…
They are sneaky, would not put anything past them.

Well how about

or

or

Right but in the u.s making just one appstore (or all) banned from offereing any app especially apps that are legal currently would be a bit tougher and take many years. [They would had loved to be able to ban Tiktok in the us.] Especally if a law like the earn it is passed. Because they already have the power to get encrypted messages decrypted through the tech companies themselves from the earn it act, so what extra benefit would the gov really get from banning encryption apps all together. All that would do is take away data that they could be collecting. The key is that the goverment wants that data if these apps don’t thrive on app stores people will be less likely to put very sensitive data that they are trying to hide from the gov.

Why would they bother if

In France, for now, we have a limited right to use encrypted software

So, I suppose this level is not enough to ensure privacy against secret services but maybe enough against advertising (publicitaire) spying

I am sure, societies witch collaborate with governments melt the two activities spying for governments and spying for advertising. In France, i know (from an commercial instructor) Laposte have files on every household, number of persons, age… Something we currently don’t know an normally forbidden by french law.

I am not sure this 3 things are not so far :
-protection against phishing / piracy
-protection against public commercial spying
-protection against government mass spying

In France, i have difficulties with bank, insurance, administrative services, asking us to send by classics e-mails ID cards or equivalents sensitives documents. Thanks to protonmail, it’s now more easy to find a secure way to respond them. (they provides links to sends encrypted message an documents to people witch don’t use encrypted e-mails)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.