Unintended consequences: New legislation in the U.S. Senate to crack down on child exploitation online may lead to limits on encryption, many critics say. The EARN IT Act would give Attorney General William Barr the authority to create new rules to protect children, potentially including encryption backdoors, as Barr as called for, Wired.com reports. The bill put new conditions on Section 230 of the Communications Decency Act, which has for years protected websites from lawsuits targeting user-generated content and comments.
Voluntary steps: Meanwhile, Google, Facebook Microsoft, Twitter, Snap, and Roblox have agreed to adopt 11 voluntary principles to prevent online child sexual exploitation, CNet notes, although some critics have also suggested these rules are the first step toward weakening encryption.
Not so fast: In other encryption news, security certificate issuer Let’s Encrypt has delayed a plan to revoke more than 1 million certificates because of a recently discovered bug in its CAA (Certification Authority Authorization) code, Ars Technica reports. But because of confusion over a very short window for websites to renew their certificates, Let’s Encrypt gave them more time.
Bad certificates: Meanwhile, hackers have come up with a way to disguise malware as security certificate updates, Dark Reading says. Security vendor Kaspersky has observed that visitors to some websites are being greeted with a warning about the site’s security certificate having expired. When users download the recommended update, they end up with malware instead.
Value of your privacy: Think tank the Technology Policy Institute has tried to put a number on the value of online privacy. The average Facebook user would want to be paid US$3.50 a month for having his or her contact information shared on the social media site, Privacy News Online says. In other words, people don’t place much value on their privacy. According to the study, people would also want $8.44 per month for sites to share their bank balances, and just $1.82 a month to have their device location data shared.
It’s up to all of us to take action to protect encryption, protect our data, and protect one another.