An open letter to Senator Bob Casey on end-to-end encryption March 7, 2020 on Drew DeVault's blog

To Senator Bob Casey, I’m writing this open letter.

As your constituent, someone who voted for you in 2018, and an expert in software technology, I am disappointed in your support of the EARN IT Act. I am aware that encryption is a challenging technology to understand, even for us software engineers, and that it raises difficult problems for the legislature. The EARN IT Act does not protect our children, and it has grave implications for the freedoms of our citizens.

The mathematics underlying strong end-to-end encryption have been proven to be unbreakable. Asking service providers to solve them or stop using it is akin to forcing us to solve time travel or quit recording history. Banning the use of a technology without first accomplishing a sisyphean task is equivalent to banning the technology outright. Ultimately, these efforts are expensive and futile. The technology necessary to implement unbreakable encryption can be described succinctly on a single 8.5"x11" sheet of paper. I would be happy to send such a paper to your office, if you wish. The cat is out of the bag: encryption is not a secret, and its use to protect our citizens is a widespread industry standard. Attempting to ban it is equivalent to trying to ban algebra or trigonometry.

Citizen use of end-to-end encryption is necessary to uphold our national security. One way that child abuse material is often shared is via the Tor secure internet network. This system utilizes strong end-to-end encryption to secure the communications of its users, which makes it well-suited to hiding the communications of child abusers. However, the same guarantees that enable the child abusers to securely share materials are also essential for journalists, activists, watchdog groups - and for our national security. The technology behind Tor was designed by the US Navy and DARPA and the ability for the public to use it to secure their communications is essential to the network’s ability to delivery on its national security guarantees as well.

Protecting our children is important, but this move doesn’t help. Breaking end-to-end encryption is no substitute for good police work and effective courts. Banning end-to-end encryption isn’t going to make it go away - the smart criminals are still going to use it to cover their tracks, and law enforcement still needs to be prepared to solve cases with strong encryption involved. Even on the Tor network, where strong end-to-end encryption is utilized, many child abusers have been caught and brought to justice thanks to good investigative work. It’s often difficult to conduct an investigation within the limits of the law and with respect to the rights of our citizens, but it’s necessary for law enforcement to endure this difficulty to protect our freedom.

End-to-end encryption represents an important tool for the preservation of our fundamental rights, as enshrined in the bill of rights. Time and again, our alleged representatives levy attacks on this essential technology. It doesn’t get any less important each time it’s attacked - rather, the opposite seems to be true. On the face of it, the EARN IT Act appears to use important and morally compelling problems of child abuse as a front for an attack on end-to-end encryption. Using child abuse as a front to attack our fundamental right to privacy is reprehensible, and I’m sure that you’ll reconsider your position.

As freedom of the press is an early signal for the failure of democracy and rise of tyranny, so holds for the right to encrypt. I am an American, I am free to speak my mind. I am free to solve a simple mathematical equation which guarantees that my thoughts are shared only with those I choose. The right to private communications is essential to a functioning democracy, and if you claim to represent the American people, you must work to defend that right.

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~sircmpwn/ [mailing list etiquette]

Articles from blogs I read Generated by openring

Command PATH security in Go

Today’s Go security release fixes an issue involving PATH lookups in untrusted directories that can lead to remote execution during the go get command. We expect people to have questions about what exactly this means and whether they might h…

via The Go Programming Language Blog January 19, 2021

Status update, January 2021

Hi all! This month again, my main focus has been wlroots. I’ve focused on the internal renderer refactoring (the so-called “renderer v6"). A lot of the work has now been completed, and all backends now use the new interfaces under-the-hood. With the help …

via emersion January 18, 2021

What's cooking on Sourcehut? January 2021

Another year begins, and hopefully with better prospects for us all. SourceHut has emerged from 2020 relatively unscathed, thankfully, and I hope the same is true of most of our users. A body which, by the way, today numbers 19,647 strong, up 623 from Decemb…

via Blogs on Sourcehut January 15, 2021