the KIDS act passed the house today. 267-117, 47 not voting.
that's not great. but it's not the whole story.
a few things got worse right before the vote too. the language that explicitly protected encryption, saying the bill couldn't be used to force platforms to weaken it, got quietly stripped out on Friday. that safeguard just doesn't exist anymore.
but this isn't over. it heads to the senate next, and the senate is genuinely not on board. blumenthal and cantwell, two of the senators who wrote the original KOSA, are saying they don't want this version near a markup. blackburn, a republican and the other original author, called the missing duty of care provision a red line.
worth being clear here, blackburn isn't on our side. she wants the policy stronger, not gone. but that's still a crack we can use. her opposition means the house version has zero guaranteed path through the senate as written, and a stalled bill is a bill that isn't law yet. use her objection, don't trust her motive.
senate commerce hasn't even scheduled a markup yet. that's the next pressure point. this thing has died or gotten majorly rewritten at this stage before.
contact your senators: find yours here. tell them you don't want the house version anywhere near a vote.
and remember, if you have to, contact your senators scared. anything helps.
OKAY, SO, bad news on the privacy front, these two dipshit senators are trying to advance the Stop CSAM Act in the must-pass NDAA bill, and they're seemingly doing it right under our noses.
Which, stopping pedos sounds good, but this bill will not do that.
The EFF has more on it, but the long and short is what it will do is basically outlaw encryption as inherently suspect by way of people being potentially liable if anyone could do anything with it, and it carves out Section 230 to do so.
Which, if you don't know, means that websites are gonna massively overcorrect and ban basically anything that could set it off, and if you don't think that's a big deal, remember that the last time that happened was FOSTA-SESTA, which kicked off the censorship wave that fucked over a lot of sites including Tumblr, and also didn't do dick for its stated purpose of stopping sex trafficking.
It's currently in the Senate Judiciary Committee, so if you see any of your state's Senators in the list of members, CALL THEM ASAP, and even if they aren't, call your senators and especially your House reps and tell them you do not want this censorship law rammed into a must-pass bill without public debate.
If you don't know who they are, you can find your senators and house reps here, and CALL THEM ASAP, they snuck this in quickly and under the radar and we don't have a lot of time, and even if you're not in the US please boost this message, not just to Tumblr but to other platforms, a lot of sites you use every day are based in the US so this will affect you too!
A random sequence in an innocuous GPS message field is likely encrypted traffic from the U.S. military's system for remotely updating crypto
Murdoch, a professor of security engineering and head of the Information Security Research Group at University College London, presented evidence that a 176-bit GPS sequence labelled “Subframe 4, Page 17” is encrypted material from the Pentagon’s Over-the-Air Distribution (OTAD) network, which delivers cryptographic keys to military personnel around the world.
“I think the evidence that it's for key transmission—for use in distributing the keys for accessing the military GPS signals—is pretty strong now,” Murdoch said in a call with 404 Media. He noted that the military has “specialized receivers that have the ability to have keys loaded into them” and “presumably have the ability to decrypt these special messages.”
In his new article, Murdoch described how this “forgotten 176-bit slot in the world’s most successful navigation signal turned out to be its quietest and most consequential broadcast.”
Murdoch first spotted the sequence more than a decade ago while he was a graduate student tasked with writing a decoder for raw GPS data while working on a project funded by the European Space Agency.
I'm on a tour with my new book, the international bestseller Enshittification: catch me next in Miami, Burbank, Lisbon! Full schedule here.
While "tech exceptionalism" can be a grave sin (as with the "move fast and break things" ethos that wrecked so much of our world, especially its labor markets), there are ways in which tech is truly exceptional, in the sense of bringing forth capabilities and affordances that have never existed before, in all of human history.
One obvious way in which tech is exceptional: its flexibility. Digital computers are "Turing-complete, universal von Neumann machines," which means that they are engines capable of computing every valid program. They are truly general purpose. We have many other general purpose machines, of course, but they are simple things, like wheels. Computers are unique in that they are both complex and universal, and every computer can run every program. Just as we don't know how to make knives that only cut in beneficial ways, we also don't know how to make computers that only run desirable programs.
Every computer can run every program, including ones that the user doesn't want (viruses), or that the manufacturer doesn't want (ad-blockers). No one knows how to make a computer that is almost Turing-complete. There's no such thing as "Turing-complete minus one." We can't make a computer that only runs the programs the manufacturer has authorized – all we can do is criminalize the act modifying your own computer to do what you tell it to, even if the manufacturer objects:
I've devoted a lot of my life to exploring the policy implications of this amazing fact, but that's not the only amazing, exceptional thing about technology. There's at least one other way in which modern digital technology has produced something that is genuinely, civilizationally novel: encryption.
Encryption – scrambling data so that it can only be read by its intended recipient – is an age-old project for both the authorities (who used ciphers to keep their secrets safe since the time of the Caesars) and for those who would overthrow them (revolutionary movements have always used codes to protect themselves from the authorities they sought to dethrone).
But WWII ushered in a new era, in which encryption (and attempts to break it) went digital, as Alan Turing and the codebreakers of Bletchley Park turned themselves to a computer-aided mathematics of scrambling and descrambling. In the decades that followed, a modern form of encryption emerged, one that was powerful beyond the wildest dreams of the Caesars and their revolutionary adversaries.
Modern, computerized encryption can scramble data to the point where it is literally unscramblable by an unauthorized party. In the eyeblink moment between you pressing the camera button on your phone and the resulting image being saved to its mass storage, the bits that make up that image are scrambled so thoroughly that even if every hydrogen atom in the universe were made into a computer, and even if all those computers were put to work guessing at the key, we would run out of time and universe before we ran out of keys.
Even futuristic, experimental technologies like quantum computing that may revolutionize codebreaking are also revolutionizing scrambling itself:
https://signal.org/blog/pqxdh/
The history of encryption is seriously fraught. Until the early 1990s, the NSA classed working encryption as a munition and banned civilian access to a whole branch of mathematics. It wasn't until Cindy Cohn – then a lawyer for the Electronic Frontier Foundation, now its executive director – convinced a court that the First Amendment protected the right to publish computer code, that we were all able to gain access to this essential technology, which today safeguards your messages, files, banking transactions, and the software updates for your car's brakes, your pacemaker, and the informatics on airplanes. Cohn has announced her retirement from EFF in 2026, and while she will be sorely missed, we do have her memoir, Privacy's Defender, to look forward to:
The legalization of encryption was a starting gun for the internet itself, as true information security entered the picture and pervaded every part of service design. Every security crisis, every scandal (e.g. Snowden), jolted the effort to encrypt the internet forward, and in this way, much of the internet lurched into a state we can call "encrypted by default."
But even as this privacy-preserving technology was perfected and made ubiquitous, something weird and contradictory happened: mass surveillance also took off online. The ad-tech industry – and its handmaidens, the data-broker industry – rigged the game so that our private activities were only encrypted in such a way as to defend their privacy, but not ours. Our data is encrypted in transit to the servers we interact with, and when it is at rest on those servers' mass storage devices, but it is not encrypted in a way that prevents companies from data-mining it, or decrypting it and selling it on or giving it away or combining it with surveillance data purchased or traded from others.
This isn't an inevitability: it's a choice. The ubiquity of surveillance in the age of encryption is a policy choice. The reason companies don't encrypt our data so that they can't use it against us is because they don't have to. Congress hasn't updated American consumer privacy law since 1988, when they passed a law that prohibits video store clerks from disclosing our VHS rentals:
Why hasn't Congress updated our privacy rights since Die Hard was in theaters? Because American cops and spies love commercial internet surveillance. Tech companies and data brokers are a source of fine-grained, off-the-books, warrantless surveillance data that the American state is totally dependent on. There is no difference between "commercial surveillance" and "government surveillance" – they are a fused symbiote and neither could survive without the other:
Governments have hated encryption since the Clinton era, and have been attempting to subvert it since computers came in beige boxes and modems screamed in agony every time you tried to look at the internet:
It's no mystery why we don't have federal bans on facial recognition – if we did, ICE wouldn't be able to nonconsensually, warrantlessly steal your face and store it for 15 years (at least):
Why did the EU allow Ireland to facilitate mass surveillance for a decade after the GDPR's passage? Because European authorities also hate encryption and say that it is a "totally erroneous perception that it is everyone's civil liberty to communicate on encrypted messaging services":
The internet could be the most privacy-preserving communications medium in history. Instead, it has ushered in an era of nightmarish surveillance. This isn't a technology problem. It's a policy problem. Criminals spy on us online because our governments wanted to spy on us online, so they let corporations spy on us online.
Imagine what the internet would look like today if, in its early regulatory moments, our elected representatives had demanded privacy, rather than trying to ban it. Sure, some corporations would have spied on us anyway, and criminals would have done their best to compromise our privacy, but criminals and rogue firms wouldn't have been able to attract capital to engage in conduct that was likely to give rise to massive fines and criminal prosecutions for violating the privacy laws Congress never bothered to write for us.
Think of it this way: sure, there are e-commerce sites that are just scams, that take your money and never ship you goods. Those sites don't have IPOs, they're not listed on stock exchanges, and they get shut down or blocked. They exist in the shadows, not in the light. Imagine if that was the kind of commercial surveillance industry we'd gotten: marginal, shadowy, illegal, forever on the run. There would still have been some bad privacy invasions, but these would have been crimes, not Harvard Business Review case-studies:
(And before you email me about that one time Paypal closed your account and kept your money or Ebay wouldn't give you a refund, sure, that's right, those things suck, and the companies should face penalties for them, but their business model isn't stealing money from their customers; but Google and Meta and Apple's business model is 100% stealing data from their customers.)
Instead of treating data theft the way we treat monetary theft, we're now increasingly treating monetary theft like data theft. The legislative formalization of cryptocurrency will now allow companies to steal your money with the same blissful lack of consequence as Google faced for stealing your private information:
https://www.citationneeded.news/issue-89/
We're rounding the corner on a decade since the beginning of the fight against Big Tech, and the efforts to cut it down to size. These keep foundering on the political economy of crushing an all-powerful monopolist – namely, that it is all-powerful.
Breakups, taxes and fines are all forms of redistribution, which seek to address the harms of monopoly after the monopoly has been formed. The failure to make privacy protections as inviolable as financial protections is a missed opportunity for predistribution. Bans on data collection, mining, and sale would have prevented these monopolies from forming in the first place. Predistribution is far more effective than redistribution:
It's amazing to realize that the privacy-invading internet has somehow beaten the encrypted internet. It's crazy that the only entity that will promise to encrypt your data beyond the reach of a data broker, an ad-tech giant, or a government is a ransomware criminal, who will also encrypt your data beyond your reach:
It didn't have to be this way. This wasn't a technology failure. It wasn't a commercial failure. It was a policy failure. Since the 1990s, whenever push came to shove, governments decided that they would rather preserve their ability to spy on us than keep us safe from private spying.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
The public has spoken against it, the backlash was there, then Germany started opposing it too and the Danish proposal seemingly stopped.
But now suddenly on the 12th of November they're going for another push, in a rather deceptive manner.
Here are the new tweaks to the proposal and how they're trying to go about razing what eu is about and your privacy online:
Learn about the EU Chat Control proposal and contact your representatives to protect digital privacy and encryption.
Just before a decisive meeting in Brussels, digital rights expert and former Member of the European Parliament Dr. Patrick Breyer is soundin