Submitted by anarchyinbedrock1990 in Privacy

I know we've all been distracted with Corona, but there is a bill being passed by Lindsay Graham, called the EARN IT act. It's supposed to help curb/curve child porn online, but in the process stripping end-to-end encryption away for everyone. Has anyone heard about it or read about it? The Electronic Freedom Foundation has a few good articles written on this topic if anyone's interested.

12

Comments

You must log in or register to comment.

Grace wrote

That's a shame. That's what I hate about this country, it sneaks in devious laws on supposedly helpful bills everyone can agree on, and if you disagree you're a monster.

8

anarchyinbedrock1990 OP wrote

It is! I wrote three congresswomen about it, and one said while it may end encryption it's main goal is to stop child erotic material. As if she didn't care. And the sad thing is, that was from the progressive one! The other two said they would take into consideration my concern and keep an eye if the EARN IT act passes their desk. So I guess that's better than nothing!

7

Grace wrote

Interesting, isn't writing to your congressmen worthless?

7

anarchyinbedrock1990 OP wrote

I guess? It's the first time I've written to them, though. Technically, I signed an already written out petition, but I did my civic duty nonetheless, lol.

4

celebratedrecluse wrote

so your government spies on the entire world, this "EARN IT" bill is basically just legalizing openly what they will do in secret anyway: tap all of your communications

3

kore wrote

i am still extremely skeptical that the five eyes can break e2ee.

3

celebratedrecluse wrote

anyone can break encryption which is computed on devices with backdoors

most people in the world use android, specifically the most out-of-date and unmaintained versions of android. Everything from the processor, peripheral firmwares, OS, root applications, user applications, it's all totally fuck

2

kore wrote

do you have specific references where i can learn about this? in terms of mobile phones, who knows what goes on in the baseband but i would love to see proof of concept attacks based on the ways you mentioned

3

celebratedrecluse wrote (edited )

https://web.archive.org/web/20200411222306/https://securityaffairs.co/wordpress/101094/malware/android-apps-hidden-backdoors.html

https://blogs.fsfe.org/larma/2017/signal-backdoors/

https://www.reddit.com/r/privacy/comments/3srhxh/signal_on_android_google_play_services/

https://www.makeuseof.com/tag/7-free-google-services-that-cost-you-battery-life-privacy-android/

https://www.huffpost.com/entry/why-googles-spying-on-use_b_3530296

https://securitywithoutborders.org/blog/2019/03/29/exodus.html

https://www.schneier.com/blog/archives/2019/06/backdoor_built_.html

https://www.bleepingcomputer.com/news/security/second-chinese-firm-in-a-week-found-hiding-backdoor-in-firmware-of-android-devices/

https://www.bloomberg.com/news/articles/2013-07-03/security-enhanced-android-nsa-edition (this is hypothetical, but if USA intelligence provides code with unknown backdoors they have developed, even open sourcing the code would not necessarily expose the vulnerabilities as the tools to break into devices may be uniquely developed by the NS agency. This was also right around the Snowden leaks time)

https://www.theverge.com/2013/6/6/4403868/nsa-fbi-mine-data-apple-google-facebook-microsoft-others-prism

https://proclivitiesprinciplewisdom.wordpress.com/2019/05/24/global-surveillance-infrastructure-used-by-fbi-cia-and-nsa/

Google Play Services alone basically fucks up any possible security on the vast majority of Android devices. Don't use android.

https://gs.statcounter.com/android-version-market-share/mobile-tablet/worldwide

As far as old versions, phones are locked to certain versions of android in order to motivate people to buy the new ones. There are old phones out there still running android 4 and 5, although most are between 6 and 9. This means a substantial portion of android phones do not have any mac randomization, for instance. As far as security maintenance, that stops after 2-3 years tops, and is dependent on both Google and the manufacturer collaborating to maintain the devices. Therefore only Pixel phones of recent purchase are "secure", which entails of course handing over even more of your digital information and private life to a single USA company (Google)

https://www.tomsguide.com/us/old-phones-unsafe,news-24846.html

2

kore wrote

thank you very much, i will check these out!

1

anarchyinbedrock1990 OP wrote

Isn't most e2ee based on government/military encryption code? Like 256 authentication or whatever it is.

2

kore wrote (edited )

key exchange is moving toward diffie hellman elliptic. aes256 is still popular for symmetric but so is blowfish. cryptographers have analyzed aes256 endlessly and no one has shown a practical attack

2