US senate "Lawful Access Bill"

it would give the Justice Department the ability to require that manufacturers of encrypted devices and operating systems, communications providers, and many others must have the ability to decrypt data upon request. In other words, a backdoor.

The bill is sweeping in scope. It gives the government the ability to demand these backdoors in connection with a wide range of surveillance orders in criminal and national security cases, including Section 215 of the Patriot Act, a surveillance law so controversial that Congress can’t agree whether it should be reauthorized.

What can I say? Get your encryption before it is illegal?

Just my opinion… but…

WOW! I’m not surprised. The US is way ahead of the rest of the world when it comes to peeping and SMRCing. And the US criticizes China? (case in point Tiennamen Square vs. Kent State - just say’n s’all) and dozens more.

Historically, even pre-internet days with BBS’s, DataPac, and the such, businesses and government wanted in on our privacy. Not long ago police had to physically follow suspect citizens around, bug phones and hide microphones in homes. Now we buy, and then pay fees to carry the bugs with us wherever we go. In short, we buy our leash, and tell it things we wouldn’t tell our Mums or best friends and leave it in the cloud in perpetuity.
And government and policing still aren’t happy?

Every time government gets nosier, something new comes along to try to protect our rights to privacy, or is pushed further underground. When ‘they’ started peeping our email data, someone created PGP. As peeps and pervs develop laws and ways and means, PGP and Right to Privacy tools just gets better. PureOS is a great example.

Europe, Mid-East, and some Asian countries are painted as being behind, when it appears some are way ahead when it comes to peoples privacy. Yes, those governments peep and SMRC too, but their people have rights to say No to a web page half covered with a ‘We Use Cookies so accept or get lost’ privacy extortion gobbledygook.

The government in the US should review it’s hypocrisy starting with peeping verses it’s own Fair Information Practices Principles (FIPP) - but that makes sense.

If the Internet is seen as Progress, why in Hades does the US still believe in Congress?

When they force chips into newborns (for their protection of course) and our children are not worried about sleeping while being watched (protected), and lazy social media-washed brains of most millennial’s welcome embedded leashes, those with free minds will get by without melding with government/corporate data collectors.

Want privacy in communication? 01000111 01100101 01110100 00100000 01100001 00100000 01110000 01101001 01100111 01100101 01101111 01101110 00101110.

~s~

This kind of thing generates a lot of international distrust in US hardware. Which, on the plus side, might be good for international competition and possibly for open (and more auditable) computer platforms.

Welcome to the club, dude! We are already there in some sense: Russian law requires service providers to store all the communications history of every user (which includes recording all the traffic from all the users in case of telcos) for a while (currently — half a year) and share the data encryption keys for encrypted user data (messages, etc.) with our national security agency without court order since 2016.

In other words, any national security officer has the technical ability to read anything I write to anyone in any legally allowed messenger now and then without any serious effort.

The U.S. are latecomers to the game, obviously. Welcome to the club! There is an Iraqi/Afgan military phrase associated with this: “Embrace the suck.”

wait ! so they are basically saying that our society will have less crime if they do this ?
looks like they are treating encryption like MUNITION. it’s kinda’ similar to gun control laws - what do you think ?
to me this is SO stupid - what crime didn’t exist before encrypted digital devices ?

so if this gets passed - in case of free-software - you would be able to SEE the code for the backdoor - unless it’s closed-hardware/ proprietary software involved …

as a side note - when using Linux i have NEVER experienced a “random” internet connection disconnect from my ISP …

Good thing Veracrypt is French.

Meh, is it as bad as it seems? Ship the Librem 5 without the encryption enabled. The user installs it and it is all FLOSS, so there is no company to sue.

(best I could do with the Purism emoji library)

I think some people are interpreting it as a law that would in the end force manufacturers to install some backdoor that they control, that the user does not control, since that is necessary to allow them access to the device in case law enforcement asks for it. Then Purism’s whole idea of putting the user in control would become illegal. But I don’t know, that interpretation is probably too paranoid.

I said “sue”, but clearly meant “prosecute”.

You may be right, I was reading it as forcing Purism to provide encryption keys, but if they don’t hold keys there is nothing to give. It could very well really mean they they will force Purism to build an NSA spy gateway into the phone, which they can’t legally do, based on their founding documents as a social purpose company. Catch 22.

In such a scenario, i believe Purism would simply not be allowed to do business. Since complying would violate their founding documents and non-compliance would violate federal law. It’s belly up or re-found as a more mainstream company with different principles. Maybe it wont go this far. This time. But it is ever inching closer. On all fronts, freedoms,privacy and the right to not be monitored and catalouged is being infringed upon and corporations make so much money that they are so far ahead by the time the next bill and the next inch is taken, they already have the infrastructure and tech to meet all demands and tease "But this is what we could really do if you let us!

Government to individual. We see you have encryption that does not have the our mandated back door to let us read it. That is a violation of the law, the jail time for that is xx years, and a maximum fine of yy. If you give us the logins, perhaps the Prosecutor will go easy. Plea bargain, and a minimum fine. Now the individual is either going to jail for not providing encryption, or they have a conviction. If they ever do anything the government does not like, they automatically have violated their plea bargain, go to jail.

The government to country. We are glad that you use https to secure your connection. Now to facilitate our surveillance to stop pedophiles and terrorists, you must install a version of the browser that lets us into your connection, to watch your every keystroke, every bit of information that is sent to your computer. Else we, your government, will put you on our to-do list. Tor? Same thing.

imho forcing a camera deeply up into the anus of the ppl would shed blood … maybe thats the way to get back our freedom… never mind…

+1 for the individual having CONVICTION but not for having “A” conviction …

Probably yes.

No doubt they (the government) will cop a lot of flak. Would they do that unless they were going to gain a lot?

That would undermine at least part of Purism’s product and service offering.

More of a concern though is that even a whiff of something like this is enough to kill sales - and this is a stench not a whiff.

It is unclear how such a law would interact with Purism’s existing warrant canary.

It is unclear how such a law would interact with open source.

Any chance of linking to relevant documentation?

Yes, but… I will not comply. Neither should you, or anyone else who gives a shit. I know it’s not easy, but you have to draw a line somewhere. Pardon the TL;DR, but…

When my kids were little, they were getting propagandized by the State, the schools of the People’s Republic of California. The propagandists told them that if I ever spanked them, they should call 911, because spanking them was child abuse. One day, as kids occasionally do, one boy misbehaved. Since he had the cover of the PRC, he decided that he could leverage that to force me to abdicate my authority to discipline him. I went to the phone and told him that I would dial the number for him, but that he should consider the consequences. If I called, the deputies would come to take my children and put them into foster care. As their father, I had a commitment to prevent that, so I would defend them with my very life. Of course, if I did not comply, the deputies would gang up on me to take me in… and I would resist. That resistance would give them the excuse to pull their guns and my continued resistance would give them the excuse to shoot me. This I would do to protect them. I picked up the phone and asked my son if he wanted me to dial for him. He was a strong-headed 11 year old boy and pissed off just then, but he decided against involving the law.

The thing is, there is point where you cannot compromise. I have worked for my nation’s military for over 40 years, but if the scenario you describe comes to pass, will certainly find an unplanned retirement, perhaps a new home (behind bars), because I will not comply.

knock on wood - if he would have made the opposite choice would you have STILL have dialed the number ?

Ho… I’m glad he didn’t make me make that choice – he was fully capable of going there. At the time, about 25 years ago, I think the answer would have been “yes”. Now, if my granddaughter were to put me in that same position, I would probably resist until they produced the guns (which could still go very badly), but only because she would be unlikely to end up in foster care (she does have parents and they don’t live with me). She is that same son’s daughter, and although she shares many personality traits with her father, she is less likely to push it as far as he did.

With my decidedly radical outlook, I often think that it is nothing short of amazing that I’ve kept a security clearance and never been arrested.

it really IS …