Why no campaign against the ongoing attack on encryption in the West?

Here’s the situation: at this very moment, the West is seeking to undermine end-to-end encryption, quite likely through backdooring every one of our devices. The EARN IT Act in the US, Chat Control in the EU, and the Online Safety Bill in the UK are all awful bills that must not be allowed to pass.

However, none of the pro-privacy groups appear to be responding to this as resolutely as they should; everyone should be speaking up and making as much noise as they can about the fundamentals of digital privacy being threatened, yet nobody is taking the lead to break the silence and start a serious protest. There just seem to be a few open letters, nothing more…

Do you recall the far less harmful SOPA? These days, the digital rights movement really went all out. Wikipedia even went offline for a day, and the Internet was blanketed with banners! Later, a similar demonstration against the repeal of Net Neutrality took place.

This time, there is nothing but utter quiet. Does this mean that all pro-privacy groups have been compromised? Is it just utter despair? What the hell is going on?

I do remember hearing about the EARN IT bill in the US but I haven’t come across any updates since.

Maybe folks don’t feel like it’s as urgent because it seems to have stalled out in different ways. Because Big Tech companies, as well as IT in general, probably use encryption at different levels of their businesses, I would hope that they would speak up when things go serious.

It also seems that the EARN IT bill isn’t going after encryption outright, but instead making encryption suspicious by painting companies who use it as not being compliant with the mission of ‘keeping kids safe.’ It may be harder to push back on this from a PR perspective because the main rebuttal you will hear is to think of the children.

Personally, I go back and forth between wanting to being an advocate for digital rights and feeling defeated. If I can’t convince folks to use Signal, how am I supposed to help take on these government proposals? Just venting for this last part.

Several points. In no particular order:

  • “The West” is almost a meaningless term. Oh, I’m sure you mean the USA/Canada/Eastern and Central Europe/Australia, but there’s so many edge cases and minimal cultural overlap between all of them that I honestly think it’s better to retire the term.

  • There is quite a lot of pushback about it. It just doesn’t get reported in the news for various reasons. “I don’t see it” is not the same as “it’s not there”. The EFA, for example, is very concerned with it, as is the APF. In the US the EFF is very active in this area. And that’s just the ones that I know about - I’m sure someone who’s more connected to different organisations would be able to point you to others.

  • If there’s a cause you think is important that isn’t getting attention, rather than complaining about it, why not try to get people involved? It’s possible they just don’t know! Talk to your local representatives, connect with any activist groups or political parties who you think would be sympathetic - remember, you don’t have to agree with everything your local (for example) libertarian group says in order to work with them on protecting privacy, or data security, and anyone who says you do is more concerned with networking than actually improving the world. Or start something yourself!

Is there a specific proposal you’re concerned about? If it’s in your country, then you can talk about it more directly. If it’s a proposal elsewhere that you’re concerned will be ported over, work locally to prevent the portage. Maybe even though you’re working locally, it will help inspire groups within that area, or you could help support each other in certain ways.

If you’re concerned about a general trend or vibe, that’s harder to address, but although it makes me want to puke to say the words, things like “consciousness raising” is your best bet. Most often people just don’t understand why these things matter, and you’ll never make any progress unless other people do understand. And if they do understand and genuinely don’t care, well, that’s their right too. Democratic society is - ideally - a conversation, but you can’t have a conversation if one party refuses to share their view and just expect other people to follow their preferences.

I’ve been thinking about doing something similar in my country. We passed some laws that I’m not fond of, and I’ve heard that some are being considered that make me concerned. So I’m going to start out writing to my representatives, and maybe connect with local groups. Not sure how much I can help, but better to try and fail than not try.

2 Likes

The problem is that, while most people see it, they don’t do anything about it. It’s obvious that the government is committed, even in modern days, with all our encryption and security enhanced operating systems, they want to ingest everything. They want it all in a huge database so they can query it and to say they did it. For them, it’s a win-win: they suffer zero weaknesses in data pwnage and show the world they are the global superpower to fear when it comes to cyber strength. They started XKeyScore to prove a point about bulk data collection both domestically (USA) and abroad (14EYES). The idea that they are going to give this thought up is asinine and people are slowly realizing that having Nothing To Hide™ doesn’t make someone impervious to surveillance on a nation-state or even domestic level, because most governments (especially in the “west” where it’s legal to wiretap in the name of national security protection) are working together to accomplish this goal and every privacy bill, they come closer to it. TEMPORA and ERIN are large examples of this exploitation of your data. ANd, to top this off, they have the nerve to use the same systems (Tor, I2P, mixnets, etc.) they want to break, against the people whom use the systems they wish to be broken. Make sense? Nope, because it’s not supposed to. They acknowledge that Tor minimizes OPSEC exposure, and they use it to communicate internally across encrypted connections such as SHADOWCAT.

The reason you’re not seeing these privacy and anonymity advocacy groups is, well, it’s because they have either been infiltrated or have given up modernizing and standardizing general rules of the game for the layman. It’s dangerous work. It gets people imprisoned to run a service like Riseup, where connections are anonymous and E2EE is forced by default, and where people are generally using those services to conduct activity that their governments call “domestic terrorism”. It’s a term dedicated to those who commit access violations and misuse of computer networks. It’s heavily refined in FISA courts; considering the NSA can label any person who uses an access device for browsing a pseudo-/anonymous network a domestic terrorist, it seems kind of like an overstep of their boundary, but they don’t see it this way.

Eat it all up and index it for perusal by analysts to provide near-instant (in some cases, it actually is) purveyance of a specific individual’s entire record of online activity. It’s not so much that they are getting better, they are being persistent in this effort, and they are using more and more vague terminology, the same as they do for gun control and vaccine mandates. They like to also slip things into bills at the last minute, so it makes it harder to get anything done and harder for legitimate bills to pass. The legitimate ones all have too vague of wording or they are presented in such a way it’s not easy to disseminate perversion of privacy rights from the actual reason for being handed down the line.

The people that really get anything done are the people that are running services providing anonymous activity in digital communications and that are doing it because it’s the right thing to do - not because it’s something to benefit individually but as a whole. Netizens should all work together to promote standards in encryption, deniable communications, anonymous networking and other avenues covered by digital rights.

most competent folks are labeled “f.u.d.” conspiracy theories madness. many people have been locked up, threatened or worse because of trying to teach reality of these dangers.

i personally know not a single person i can teach any of this to. no one care until it is to late.

inconvenience breeds complacency

I feel like this really comes down to the size of the internet and economic incentives more than anything. Not only was the internet a much smaller place in 2011, making it easier to coordinate such events, but SOPA and PIPA were far more harmful to corporations than any modern-day anti-encryption bill is. SOPA would have not only censored most of the internet, but it would have legally interfered with DNS which is an insane concept.

On the other hand, Google, et al., are not similarly concerned with anti-encryption laws because their business is literally built on collecting your data, unencrypted.

U.S rant

On a somehow even more bleak note, the United States government seems a lot less concerned with the demands or concerns of its citizens these days, which probably does not bode well for any sort of protest. The protest only works if they care about your opinion in the first place.

IMO, in the United States specifically (but maybe in some other countries as well), the ongoing encroachment of totalitarian, anti-encryption, anti-security bills is merely a symptom of much larger structural issues with the government and society as a whole. I think less people are concerned with anti-encryption bills specifically because there are much larger issues that need to be resolved.

2 Likes

What sucks about this situation is that privacy respecting tools are the infrastructure you need to organize against an authoritarian government. If we have larger problems to face but don’t preserve our right to privacy (which nowadays includes computers), we give even more advantage to the government.

Caveat: I’m not trying to argue one way or another about the state of the US. I think the principle stands regardless.

Edit: Not that we don’t all know this. Just spelling it out, I guess.

2 Likes

Yes, it is to be expected. But what I find most perplexing is that not even privacy-friendly projects are sounding the sirens and attempting to alert their users.

One day, many Signal users could open it only to be shocked by a message like, “Signal is no longer accessible in your location owing to the recent prohibition on end-to-end encryption.”

It’s incredibly strange and unsettling.

Why, for instance, is there not a huge banner at techlore.tech warning visitors of the threat and instructing them on how to contact their representatives?

1 Like

Patience. It has worked wonders for me in this journey. Some of what seemed like an overwhelming task, has been realized bit-bit for me over the years. People built bad cyber habits over two decades, it will take at least another to fix them

1 Like

I see what you’re saying, and you’re not wrong, but I think the idea is that as soon as you get overtly political like that you immediately risk alienating a whole bunch of your audience. Right or wrong, most people see political discussions and ideas as ripe for hostility and arguments of dubious value and even more dubious relevance (justified, really), and so tend to explicitly avoid that kind of overt political messaging. So if Techlore had a big banner saying “TALK TO YOUR REPRESENTATIVE ABOUT E2EE BECAUSE THIS BILL IS BAD” or whatever, a whole lot of people would click away and not get the good information about e.g. 2FA or whatever. So that would lead to less people being secure and such, which is counter to their stated mission of bringing privacy to the masses.

Also, at the risk of being patronising, why some bills or laws or whatever are good or bad kind of require a degree of understanding of the dynamics and such. Like, without knowing how encryption works, can you explain why a government-mandated anti-encryption or anti-E2EE messaging law is such a terrible idea even if you totally trust the government (which most people do at least somewhat? So there’s an order of operations aspect at play here.