a Better Bubble™
So we've noted that a lot of the U.S. politician accusations that Huawei uses its network hardware to spy on Americans on behalf of the Chinese government are lacking in the evidence department. The company's been on the receiving end of a sustained U.S. government ban based on accusations that have never actually been proven publicly, levied by a country (the United States) with a long, long history of doing exactly what it accuses Huawei of doing.
To be clear, Huawei is a terrible company. It has been happy to provide IT and telecom support to the Chinese government as it wages genocide against ethnic minorities. It has also been caught helping some African governments spy on the press and political opponents. And it may very well have helped the Chinese government spy on Americans. So it's hard to feel too bad about the company.
At the same time, if you're going to levy accusations (like "Huawei clearly spies on Americans") you need to provide public evidence. And we haven't. Eighteen months of investigations found nothing. That didn't really matter much to the FCC (under Trump and Biden) or Congress, which ordered that U.S. ISPs and network operators rip out all Huawei gear and replace it to an estimated cost of $1.8 billion. Yet just a few years later, the actual cost to replace this gear has already ballooned to $5.8 billion and is likely to get higher:
"The FCC has told Congress that applications to The Secure and Trusted Communications Networks Reimbursement Program have generated requests totaling about $5.6 billion – far more than the allocated funding. The program was established to reimburse providers with 10 million or fewer customers who must remove Huawei Technologies Company and ZTE equipment."
That's quite a windfall for companies not named Huawei, don't you think?
My problem with these efforts has always been a nuanced one. I have no interest in defending a shitty global telecom gear maker with an atrocious human rights record which very well may be a proven to be a surveillance lackey for the Chinese government. Yet at the same time, domestic companies like Cisco have, for much of the last decade, leaned on unsubstantiated allegations of spying to shift market share in their favors. DC is flooded with lobbyists who can easily exploit both xenophobia and intelligence worries to their tactical advantage, then bury the need for evidence under ambiguous claims of national security:
"What happens is you get competitors who are able to gin up lawmakers who are already wound up about China,” said one Hill staffer who was not authorized to speak publicly about the matter. “What they do is pull the string and see where the top spins.”
But some experts say these concerns are exaggerated. These experts note that much of Cisco’s own technology is manufactured in China."
So my problem here isn't necessarily that Huawei doesn't deserve what's happening to it. My problem here is generally a lack of transparency in a process that's heavily dictated by lobbyists, who can hide any need for evidence behind national security claims. This creates an environment where decisions are made on a "noble and patriotic basis" that wind up being beyond common sense, reproach, and oversight. That's a nice breeding ground for fraud.
My other problem is the hypocrisy of a country that doesn't believe in limitations on spying, complaining endlessly about spying, without modifying any of its own, very similar behaviors. AT&T has been proven to be directly tethered to the NSA to the point where it's literally impossible to determine where one ends and the other begins. Yet were another country to ban AT&T from doing business there, the heads of the very same folks breathlessly concerned about surveillance ethics would explode. What makes us beyond reproach here? Our ethical track record?
And my third problem is that the almost myopic, focus on Huawei has been so massive, we've failed to take on numerous other privacy and security issues, whether that's the lack of a meaningful federal privacy law, the rampant security and privacy issues inherent in the Internet of things space (where Chinese-made hardware is rampant), or election security with anywhere close to the same level of urgency. These all are equally important issues, all exploited by Chinese intelligence, that see a small fraction of the hand-wringing and action reserved for issues like Huawei.
Again, none of this is to defend Huawei or deny it's a shitty company with dubious ethics. But the lack of transparency or skepticism creates an environment ripe for fraud and myopia by policymakers who act as if the entirety of their efforts is driven by the noblest and most patriotic of intentions. And, were I a betting man, I'd wager this whole rip and replace effort makes headlines for all the wrong reasons several years down the road.
GameGuru is a non-technical and fun game maker that offers an easy, enjoyable and comprehensive game creation process that is designed specifically for those who are not programmers or designers/artists. It allows you to build your own game world with easy to use tools. Populate your game by placing down characters, weapons, and other game items, then press one button to build your game, and it's ready to play and share. GameGuru is built using DirectX 11 and supports full PBR rendering, meaning your games can look great and take full advantage of the latest graphics technology. The bundle includes hundreds of royalty-free 3D assets. It's on sale for $50.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Senator Richard Blumenthal has now admitted that EARN IT is targeting encryption, something he denied for two years, and then just out and said it.
Since the very beginning many of us have pointed out that the EARN IT Act will undermine encryption (as well as other parts of the internet). Senator Richard Blumenthal, the lead sponsor on the bill, has insisted over and over again that the bill has nothing to do with encryption. Right after the original bill came out, when people called this out, Blumenthal flat out said "this bill says nothing about encryption" and later claimed that "Big Tech is using encryption as a subterfuge to oppose this bill."
That's been his line ever since -- insisting the bill has nothing to do with encryption. And to "show" that it wasn't about encryption, back in 2020, he agreed to a very weak amendment from Senator Leahy that had some language about encryption, even though as we pointed out at the time, that amendment still created a problem for encryption.
The newest version of EARN IT replaced Leahy's already weak amendment with one that is a more direct attack on encryption. But it has allowed slimy "anti-porn" groups like NCOSE to falsely claim that it has "dealt with the concerns about encryption." Except, as we detailed, the language of the bill now makes encryption a liability for any web service, as it explicitly says that use of encryption can be used as evidence that a website does not properly deal with child sexual abuse material.
But still, through it all, Blumenthal kept lying through his teeth, insisting that the bill wasn't targeting encryption. Until yesterday when he finally admitted it straight up to Washington Post reporter Cat Zakrzewski. In her larger story about EARN IT, I'm not sure why Zakrewski buried this point all the way down near the bottom, because this is the story. Blumenthal is asked about the encryption bit and he admits that the bill is targeting encryption:
Blumenthal said in an interview that lawmakers incorporated these concerns into revisions, which prevent the implementation of encryption from being the sole evidence of a company’s liability for child porn. But he said lawmakers wouldn’t offer a blanket exemption to using encryption as evidence arguing companies might use it as a “get-out-of-jail-free card.”
In other words, he knows that the bill targets encryption despite two whole years of blatant denials. To go from "this bill makes no mention of encryption" to "we don't want companies using encryption as a 'get-out-of-jail-free card'" is an admission that this bill is absolutely about encryption. And if that's the case, why have their been no hearings about the impact this would have on encryption and national security? Because, that seems like a key point that should be discussed, especially with Blumenthal admitting this thing that he denied for two whole years.
During today's markup, Blumenthal also made some nonsense comments about encryption:
The treatment of encryption in this statute is the result of hours, days, of consultation involving the very wise and significant counsel from Sen. Leahy who offered the original encryption amendment and said at the time that his amendment would not protect tech companies for being held liable for doing anything that would give rise to liability today for using encryption to further illegal activity. That's the key distinction here. Doesn't prohibit the use of encryption, doesn't create liability for using encryption, but the misuse of encryption to further illegal activity is what gives rise to liability here.
This is, beyond being nonsense word salad, just utterly ridiculous. No one ever said the bill "prohibited" encryption, but that it would make it a massive liability. And he's absolutely wrong that it "doesn't create liability for using encryption" because it literally does exactly that in saying that encryption can be used as evidence of liability.
The claim that it's only the "misuse of encryption" shows that Senator Blumenthal (1) has no clue what he's talking about and (2) needs to hire staffers who actually do understand this stuff, because that's not how this works. Once you say it's the "misuse of encryption" you've sunk encryption. Because now every lawsuit will just claim that any use of encryption is misuse and the end result is that you need to go through a massive litigation process to determine if your use of encryption is okay or not.
That's the whole reason why things like Section 230 are important, because they avoid having every company have to spend over a million dollars to prove that the technical decision they made were okay and not a "misuse." But now if they have to spent a million dollars every time someone sues them for their use of encryption, then it makes it ridiculously costly -- and risky -- to use encryption.
So, Blumenthal is either too stupid to understand how all of this actually works, or as he seems to have admitted to the reporter despite two years of denial, he doesn't believe companies should be allowed to use encryption.
EARN IT is an attack on encryption, full stop. Senator Blumenthal has finally admitted that, and anyone who believes in basic privacy and security should take notice.
Oh, and as a side note, remember back in 2020 when Blumenthal flipped out at Zoom for not offering full end-to-end encryption? Under this bill, Zoom would be at risk either way. Blumenthal is threatening them if they use encryption and if they don't. It's almost as if Richard Blumenthal doesn't know what he's talking about regarding encryption.
stLouIST
