Protect your privacy by protecting encryption
Don't willingly take the locks off your house.
What happened: Last week, the Florida Social Media Use by Minors (SB 868) legislative proposal failed to pass the Florida legislature; it was indefinitely postponed and withdrawn from consideration. On the surface, the bill appeared promising: it aimed to protect minors online. However, there is an important issue with this bill and others like it.
There’s a part of the bill that is a major problem, where it suggests:
“requiring social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a warrant or subpoena”
In other words, give them a way to access the personal data of users on these sites without user consent. Today, websites use end-to-end encryption to ensure that user data is protected and cannot be accessed by anyone other than the user (or with the user's consent). This bill ultimately challenges rights to data privacy by requesting a way around encryption. It’s basically asking that these sites give every government agency a key to unlock every house in the world — or to remove the locks on every house entirely.
End-to-end encryption is the gold standard to ensure that only the sender and receiver see the contents of a message between them - no one else can jump in the middle with a wiretap or have a golden key that gives them access to the messages and data. Only the user can access or grant access to their data. It’s important because it not only keeps whatever the user said or did private, but also keeps that information safe from attackers. Additionally, it prevents data from being used against the user by law enforcement, unless the user consents to its access. Without end-to-end encryption, your data is easier to access by people you might not want to have it.
A world with limited end-to-end encryption, or ways to circumvent it, will result in more valuable data being stolen. Instead of attacks that steal and sell usernames and passwords, it will be attacks that steal and sell thousands of your DMs, IMs, photos, or files from Instagram, Facebook, iMessage, iCloud, Google Drive… the list goes on.
It is imperative that we do not allow governments to pass and enforce these kinds of rulings.
Take note: This bill is not the first and it won’t be the last to challenge encryption. In the UK, Apple was ordered to remove its Advanced Data Encryption feature (and is currently battling that out behind the scenes), Russia requires telecoms and Internet providers to provide decryption keys upon government request through the Yarayova Laws, China requires commercial organizations to provide the government access, and Sweden and the EU are considering similar laws under the message of child safety, among many other countries.
There will always be competing priorities when it comes to safety online and data privacy. However, we cannot afford to go so far as to remove the locks from your house so that law enforcement can get inside faster, because it also means attackers can too.
⬇️ Share your perspective with me below. ⬇️