SURVEILLANCEThere’s a Cop in My Pocket: Policymakers Need to Stop Advocating Surveillance by Default
All this year, U.S. leaders have attempted to pass a wave of misguided online security bills, designed to break that encryption and place Americans in a panopticon of surveillance by default. Encryption, cybersecurity, and technology policies, like the RESTRICT and EARN-IT Acts, with nonexistent tradeoffs address symptoms, not problems, and they do it badly.
Encryption is like a baby. It comes with problems, but you wouldn’t solve them with blunt force. If your baby is crying, or your baby is messy, you wouldn’t cut your baby in half (that is, if you’re not a psychopath). You can either protect and raise your baby in its full form or you don’t have one.
The same applies to encryption today. Your devices either maintain their end–to-end encryption or they don’t. You have no safe way of building “end-to-half” encryption, chopping off an arm or a leg or two, of making exceptions for government authorities while guaranteeing your private data is safe from prying eyes.
All this year, U.S. leaders have attempted to pass a wave of misguided online security bills, designed to break that encryption and place Americans in a panopticon of surveillance by default. Lawmakers have embarked on the unadvisable mission of cutting the encryption baby in half. They are demanding one set of legal exceptions that would allow the police to enter your digital home through the backdoor, all while preserving the iron front gates of encryption for everyone else.
The problem is, once everyone else–malicious Chinese hackers, bank fraudsters, and identity thieves–learn how to break through the flimsy backdoor, all that encryption is rendered useless, and the privacy and personal well-being of Americans everywhere is at risk. American lawmakers such as Sen. Lindsay Graham (R-SC) and Sen. Maria Cantwell (D-WA) say that they’re clamping down on threats from child sexual abuse material (CSAM), TikTok, and China’s spy campaigns. But the bills they advocate for–which include the RESTRICT ACT and the EARN-IT Act, along with alarming anti-privacy bills in the UK and France–pull the rug out from the foundations that have made America the global leader in connectivity and innovation. They are a fundamental attack on the internet’s openness and vibrancy, and stand to harm the constitutionally guaranteed due process rights of U.S. citizens.
The proposed bills all share an alarming characteristic: they turn your phone into a cop in your pocket by switching privacy expectations to “surveillance by default.” The wave of surveillance-by-default bills has swelled since the beginning of 2023. In March 2023, U.S. Senator Mark Warner introduced the RESTRICT Act, a bill that would permit the Secretary of Commerce to ban tech companies from six countries–China, Cuba, Iran, North Korea, Russia and Venezuela–from conducting business in the United States.
