Senator Blumenthal Is Super Mad That Zoom Isn't Actually Offering The End To End Encryption His Law Will Outlaw
from the also-should-acquaint-himself-with-the-1st-amendment dept
Richard Blumenthal has been attacking internet services he doesn't understand since before he was even a US Senator. It has carried over into his job as a Senator, and was abundantly obvious in his role as a co-sponsor for FOSTA. His hatred of the internet was on clear display during a hearing over FOSTA in which he flat out said that if smaller internet companies couldn't put in place the kind of infrastructure required to comply with FOSTA, that they should go out of business. Blumenthal's latest ridiculous bit of legislation lose your Section 230 protections. And while Blumenthal likes to pretend that the EARN IT Act doesn't target encryption, he also lied about FOSTA and insisted it had no impact on CDA 230 (which it directly amended).
But Blumenthal has now taken his ridiculousness up a notch. Following the (legitimately concerning) reports that the suddenly incredibly popular videoconferencing software Zoom was not actually providing end-to-end encrypted video chats (despite its marketing claims), Blumenthal decided to step in and play the hero sending an angry letter to the company, while linking to the Intercept's original story about Zoom's misleading claims about encryption:
Millions of Americans are now using @zoom_us to attend school, seek medical help, & socialize with their friends. Privacy & cybersecurity risks shouldn’t be added to their list of worries. I'm calling for answers from Zoom on how it handles our private data. https://t.co/CEg1P3T3S1 pic.twitter.com/Vl9XyvxZjb
— Richard Blumenthal (@SenBlumenthal) March 31, 2020
The letter highlights a number of recent claims that have been made about Zoom's security and privacy practices -- some of which are very significant (and a few that aren't as big a deal) -- including the end to end encryption claims:
Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?
And this is a legit question and I think it's good that a Senator is asking that. I just think that this particular Senator is the wrong messenger, given his active role in trying to make it impossible for companies like Zoom to offer end-to-end encryption in the first place, as Riana Pfefferkorn (the Associate Director Surveillance & Cybersecurity at Stanford's Center for Internet and Society) pointed out:
You are a co-sponsor of a bill that everyone, including you, knows is a Trojan horse for banning end-to-end encryption. Your bill would FORCE Zoom to do a crappy job protecting privacy and security. #EARNITAct https://t.co/T4DTzaciyB
— Riana Pfefferkorn (@Riana_Crypto) April 1, 2020
And it gets worse. As Pfefferkorn also points out, Blumenthal's claims to be so concerned about cybersecurity and privacy ring hollow when just last month he straight up claimed that you have no right to privacy online:
.@SenBlumenthal is pretending to care about your privacy online. Last month, he took the position that you have no right to privacy online. Here's where he says so: https://t.co/6Je88DqIc3 pic.twitter.com/iLEzsmTck9
— Riana Pfefferkorn (@Riana_Crypto) April 1, 2020
This was in a weak attempt to "respond to concerns" raised about the EARN IT Act. In one of the responses, concerning government mandates for scanning content and how that interacts with the 4th Amendment, Blumenthal, quoting Neil Gorsuch, claims that there's no reasonable expectation of privacy for any content you put online:
In the Ackerman opinion cited by tech companies as raising Fourth Amendment concerns, Gorsuch suggested that the third-party doctrine will protect evidence of CSAM found by a company that privately searched. When a company has terms and conditions that enable it to privately search, there is no Fourth Amendment violation because users lose their reasonable expectation of privacy. Gorsuch stated that “The [Supreme] Court has, after all, suggested that individuals lack any reasonable expectation of privacy and so forfeit any Fourth Amendment protections in materials they choose to share with third parties.”
Of course, as Pfefferkorn further points out, Blumenthal's broken analysis of the Ackerman opinion leaves out some important information. But, still, Blumenthal seems to constantly be talking out of both sides of his mouth. He doesn't believe in an expectation of privacy for content posted online, but he also wants to slam a company for not keeping information private. He doesn't want companies to have end-to-end encryption, but he's angry at Zoom for not having end-to-end encryption.
And that's not the end of the problems with Blumenthal's approach here. While some of the privacy concerns he raises are legit, he lumps them in with ones that are not. For example, for reasons that make no sense at all, he seems to think the relatively new practice of Zoombombing -- in which (often racist trolls from the worst parts of the internet) find publicly linked Zoom events and pop in to be total assholes -- is on par with the other (often legit) security questions raised by Zoom's security practices. Right after his question about end-to-end encryption he asks:
What measures has Zoom put into place to detect and prevent Zoombombing -- intrusions and abuse targeting Zoom meetings? What are the policies governing such abusive behavior, what detection mechanisms are in place, how can users report abusive intrusions, and how quickly does Zoom respond to such incidents?
While there are plenty of questions about how companies can deal with such things, this is not an issue that is under the government's purview. Indeed, as annoying as Zoombombing is, and as quickly as I'm sure Zoom has been working on technology tools to allow meeting hosts to deal with the issue, most Zoombombing is still 1st Amendment protected speech, and a Senator has no business insisting that Zoom silence such activities. And yet, that seems to be exactly what he's focused on doing:
I am calling on Zoom to take urgent & aggressive action to stop the racists, trolls, & peddlers of hate that are silencing & bullying communities. Check out these steps from the @ADL on protecting yourself. https://t.co/Zyium6IflW
— Richard Blumenthal (@SenBlumenthal) April 1, 2020
In that tweet he says: "I am calling on Zoom to take urgent & aggressive action to stop the racists, trolls, & peddlers of hate that are silencing & bullying communities." Yeah, the 1st Amendment (the one you swore to defend) might want to have a word with you about that, Senator. I'm all for Zoom coming up with tools for users of its service to help prevent such trollish behavior, but seriously, these kinds of stunts are not at all new on the internet and have been around for literally decades. That doesn't make the juvenile behavior any less annoying or problematic, but it's not the role of any government official to insist that a company censor people for protected speech, no matter how trollish.
Separately, of course, this ignores that Zoom had already put in place a detailed plan for how to stop Zoombombing over a week before Blumenthal sent the letter. The company still could do more, and it's worth noting that it has since released a detailed plan to deal with the newly raised security and privacy concerns, including a 90 day freeze on all feature development to have the engineering team focus on privacy and security issues. That didn't take Senator Blumenthal's grandstanding -- and, of course, if Blumenthal's EARN IT Act passes, that would make Zoom's job that much more difficult.
I know that Senator Blumenthal loves to grandstand over tech issues, but it might help if he understood the technology, the law, and the Constitution before making such a fool of himself. Unfortunately, for over a decade he's shown a decided lack of interest in doing any of those things, and I guess he has no intention of starting now.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: earn it, encryption, fosta, free speech, privacy, richard blumenthal, section 230, security, trolls, zoombombing
Companies: zoom
Reader Comments
Subscribe: RSS
View by: Time | Thread
Hmmph
A politician making disingenuous, self-serving yet ideologically (his own) harming statements due to an extreme ignorance of the subject matter (or blindness caused by that ideology). Who woulda thought?
[ link to this | view in chronology ]
Re: Hmmph
In other news: The sky is blue, water is wet, and [Insert Politician Here] is both an idiot and a hypocrite.
More at 11.
[ link to this | view in chronology ]
Re: Hmmph
Trickle down. Coming from the Trump, who will then tell us his lies were for our own good.
Black is white, water is dry, and the best part is we pay them!
[ link to this | view in chronology ]
Re: Re: Hmmph
Senator Blumenthal is a Democrat. He takes his orders from Chuck Schumer.
[ link to this | view in chronology ]
If zoom did have real end to end encryption, its users might be able to avoid those who drop in uninvited.
[ link to this | view in chronology ]
Re:
They're talking about meetings that were intentionally made available to the public. Anyone who saw the link could join. You can't claim they weren't invited since the entire world was literally invited. End to end encryption has nothing to do with that and would not have prevented anything since the user had a legitimate link to the meeting.
[ link to this | view in chronology ]
Re: Re:
If you say so.
[ link to this | view in chronology ]
Re: Re:
I know this may be from left field but please update your UI Info Suite Mod for Stardew!
[ link to this | view in chronology ]
Surely the only questions worth asking here is how the hell did he get elected in the first place and are those who voted him in completely fucking stupid?
[ link to this | view in chronology ]
People who elected him stupid?
Short answer to your question: Probably. At least perfectly willing to elect someone who misrepresented himself as a combat veteran of Vietnam.
This isn't a 'swift boating' thing, where someone unquestionably served in combat but where there are arguments over how he performed. This is outright, blatant, inarguable lying; him saying he served in Vietnam during the Vietnam war. When in fact he never went further from Connecticut than Washington DC.
To get more than a blurb about this, you'll have to do some digging. His Wikipedia page, for instance, has done some massive damage control/scrubbing, implying the usual 'misspoke' and he wasn't 'clear or precise'. But he was extremely clear that he fought as a Marine in Vietnam in combat . When he did no such thing.
It boggles the mind when these cowards assume some reporter isn't going to actually do due diligence, and also assume actual combat veterans aren't going to be outraged about him stealing valor.
[ link to this | view in chronology ]
Another example of those in government desperately trying to not only out-stupid each other, but even to out-stupid themselves.
[ link to this | view in chronology ]
If only they'd say this...
Gov't: Does Zoom provide end-to-end encryption, as the term is commonly understood by cybersecurity experts, for video conferences? Please describe when end-to-end encryption is available for users and how the personal data is encrypted?
Zoom response: "No, we were trying out some functionality where we installed a backdoor that would allow someone like law enforcement to be able to intercept communications, because ZOMG terrorists. Someone else unlawfully used it. Who'd have thunk it?"
[ link to this | view in chronology ]
Nice display of Cognitive dissonance I'd say.
[ link to this | view in chronology ]
How about this?
Most senators and congresspeople have contact addresses.
Richard Blumenthal may not respond to your entreaties, but there are 49 more senators, and ALL of the House that may read your email (or even mail!).
We didn't succeed with SESTA-FOSTA, but we did with SOPA. We certainly won't succeed with the EARN-IT act unless people write in.
So what are you doing, still reading my comment? Get busy!
And even you foreign readers - "I may not be represented by you, but we ARE watching the US. Vote thoughtfully."
[ link to this | view in chronology ]
Re: How about this?
99 more Senators, not 49...
[ link to this | view in chronology ]
Being a bombastic asshat worked for Andrew Cuomo to become Governer of NY, why not Richard Blumenthal to further his polical ambitions? Wondering - is he up for election this year??
[ link to this | view in chronology ]
When pandering to fools, act foolish
I shudder to think of how stupid those that elected him are, or how utterly disastrous the other choices have been if he was considered the better option.
[ link to this | view in chronology ]
Re: When pandering to fools, act foolish
Connecticut is heavily Democrat. Blumenthal was the Democrat incumbent and was the first politician in the state to get 1 million votes when he was reelected in 2016 even with a history of lying about having served in Vietnam.
[ link to this | view in chronology ]
Re: Re: When pandering to fools, act foolish
... Which doesn't change anything I posted, but okay?
[ link to this | view in chronology ]
There's a bad actor in the US supply chain that does in fact claim to interrupt all end to end encryption globally already.
It seems credible that it is not actually possible with the current configuration of the internet.
I know how to make a good algorithm for it but I don't think I could get around the network controls to implement it.
[ link to this | view in chronology ]
Re: not actually possible with the current configuration of the
Yes, secure end-to-end encryption is possible. People do it every day.
[ link to this | view in chronology ]
Hypocrisy in full display
[ link to this | view in chronology ]