Cryptocurrencies Can’t Comply With US Anti-Encryption Bills

Cryptocurrencies Have No Way to Comply With US Anti-Encryption Bills

Numerous bills that threaten encryption are moving through the U.S. Senate and could be a threat to technology that defends users’ privacy, according to industry pros.

These bills include the Lawful Access to Encrypted Data (LAED) Act and the Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act. While the LAED was only recently introduced to the Senate, the EARN IT act has been around for months, and has been amended several times.

Privacy advocates and product designers believe that such legislation would also diminish people’s privacy to a huge degree, basically changing existing technology and have an impact on everything from messaging and file sharing to privacy coins.

Zcoin Project Steward Reuben Yap said about the LAED Act:

“The government basically would have mass surveillance powers into all of our communications. It’s saying, ‘Let’s drop the pretense and let’s just go for it.’ I think it’s really scary. It’s not just about cryptocurrencies as a whole though, it’s really about freedom.”

The bills in question

Supported by three Republicans, the LAED Act is aimed at ending encrypted communications by creating a backdoor for law enforcement to use. The bill lays out a legal framework for law enforcement to access encrypted data with a court order.

The explicit goal of the EARN IT Act is to stop the spread of child exploitative content online, such as child sexual abuse imagery, though its impact could be far wider. In an initial draft, this was going to be accomplished through stripping tech companies of liability protections for the content posted on their websites. These protections now exist in Section 230 of the Communications Decency Act, which prevents social media companies such as Facebook, Twitter and Reddit from content liability.

According to an earlier draft of the EARN IT Act, companies would lose Section 230 protections if they didn’t follow the recommendations of a federal commission on child exploitative content. This could make companies such as WhatsApp, which provides end-to-end encryption, liable for communications on the platform, unless they revoked end-to-end encryption.

“They communicate using virtually unbreakable encryption. Predators’ supposed privacy interests should not outweigh our privacy and security,” said Attorney General William Barr at an event the day the bill was introduced.

Barr has long been a critic of encryption, dating back to his days in the George W. Bush Administration.

The most recent version of the bill discards the commission idea, delegating power to state legislatures to bring lawsuits against companies. It also adds an amendment that explicitly protects encryption. But organizations like Electronic Frontier Foundation (EFF), Center for Democracy and Technology and Internet Society argue that the bill might respect encryption in name, but not in practice.

Tools such as client-side scanning, which could be used to check for child exploitative content, employs software to check files which are being sent against a database of “hashes,” or unique digital fingerprints. If it detects a match to certain kinds of images, they could be blocked, with the recipient notified, or the message could be forwarded to a third party without user knowing about it. Organizations like EFF have stated that this violates encryption on a fundamental level.

In a public statement, Republican Sen. Tom Cotton of Arkansas and one of the sponsors (with Sens. Lindsey Graham and Marsha Blackburn) of the LAED said:

“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity.”

He added:

“Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet.”

Child sexual abuse imagery is proliferating at an alarming rate on the internet. In 2019, tech companies reported around 70 million pieces of exploitative child content to authorities. Criminals also often use encrypted communications. EncroChat, an encrypted communications platform, protected criminals and their communications from the police, until law enforcement managed to infiltrate it.

But weakening tools that protect everyone’s privacy may not be the best solution, according to privacy advocates.

The implications for tech and cryptocurrency

Yap, of Zcoin, said many kinds of technology could feel the impact of the bill’s broad sweep.

The LAED Act is aimed at electronic devices and operating systems. Providers of “remote computing services” are included, supposedly to cover cloud computing services such as Dropbox.

However, Yap noted that the bill’s definition of remote computing services can be stretched to include cryptocurrencies as well, because financial transactions are definitely just another form of electronic communication.

He said:

“Given the trajectory of this legislation, people in the cryptocurrency industry, especially those like Zcoin [that] are privacy-focused, will very likely be affected. It could mean that ‘providers’ of a privacy cryptocurrency that provided service to more than 1,000,000 users in the US are required to insert a backdoor.”

Ian Dixon, a Nevada-based programmer who previously mined Bitcoin and runs a validator on a privacy-oriented blockchain network, said the U.S. bills targeting encryption are repackaged attacks on privacy, just with different language:

“It doesn’t really seem possible to enforce, but it would essentially make blockchains illegal in general. There is no way for Ethereum, Bitcoin and other cryptocurrencies to comply.”

Matt Hill, the co-founder of Start9 Labs in Colorado, which creates decentralized internet tech, says that both pieces of legislation are falling into the same category, even if they are different in flavor:

“The ultimate meaning is the same, which is that if you are a service provider of privacy or encryption, you are going to be subject to the whims of politics. We hope politicians and our political system stays rational, and upholds individual rights to privacy, but if they don’t you are going to be subjected to force, whether it’s building a backdoor or handing over user data.”

Hill said that even if these bills don’t pass, the very fact they’re sitting on the table and being taken seriously should be enough of a warning sign for us to start thinking outside the political box.

“Privacy is not safe in their hands,” said Hill. “So we have to protect privacy with technology, as opposed to with laws.”

This is privacy-by-design tech, the kind that Start9 Labs develops, including a server that lets users run their own private networks and cut out middlemen who would otherwise have access to their data.

Start9 Lab’s tech is built such that it can’t hand over any user data, even if legally compelled to, because it doesn’t have it. It creates the tech but doesn’t run the services on it. Given its products are open source, they can still run and protect user privacy, even if the company is shut down.

Encrypted communications are regularly used by people such as dissidents and journalists, and are often a means of protecting sources or organizing in authoritarian countries. There is a risk that if the U.S., which has long held itself up as an example of freedom and democracy, passes bills which eradicate end-to-end encryption, other countries would do the same, and use such legislation to crack down on dissent.

Finally, backdoors inevitably get used by bad guys, not only law enforcement.

“There’s no such thing as a backdoor just for good guys,” said Daisy Soderberg-Rivkin, a fellow focusing on children and technology at the R Street Institute, a policy think tank in Washington, D.C. “This opens up users’ information to a whole mess of bad actors.”