Don’t let ISPs block strong encryption protocols
TLDR: Mozilla asked leaders of a powerful House panel to investigate the data collection practices of Internet service providers after several large ISPs were found to be lobbying against the non-profit’s plan to encrypt users’ browsing data.
What’s happening this week: Mozilla urged senior members of the House Energy and Commerce Committee this week to reject Internet service providers’ lobbying efforts to prevent encrypted Domain Name System (DNS) lookups in Mozilla Firefox and Google Chrome browsers. Major ISPs, including Comcast, have been pushing back against efforts to encrypt users’ browsing history data.
Marshall Erwin, Mozilla’s Senior Director of Trust and Security Mozilla Corporation, said in a letter that the non-profit’s experience rolling out encrypted DNS data shows that “a congressional examination of ISP practices may uncover valuable insights, educate the public, and help guide continuing efforts to draft consumer privacy legislation.”
Why it matters to startups: Strong encryption is critical for startups and users alike. Encryption protects all kinds of important products and services secure from malicious actors, and many startups use strong security practices as a competitive advantage. Weakening encryption protocols — or even blocking encryption efforts in general — would make users’ data more vulnerable to outside intrusion, potentially destroying the reputation of a small startup on a bootstrap budget.
Large telecom companies should not attempt to weaken the security of users’ personal data simply because it might not be beneficial to their bottom line. ISPs have falsely claimed that allowing platforms to encrypt DNS data will cause a “radical disruption” to the Internet, and make it more difficult for law enforcement officials to do their job. If ISPs are successful in their efforts to lobby lawmakers against encrypted DNS data, it could have a snowball effect that leads to the weakening of encryption protocols across the board, impacting large platforms and small startups alike.
We’ve already seen law enforcement officials and the Department of Justice push back against efforts to provide users with end-to-end encryption. Last month, Attorney General William Barr called on Facebook to intentionally create a vulnerability in WhatsApp and the platform’s other messaging services in order to allow law enforcement officials access to encrypted messages— a request that Engine and other privacy organizations opposed.
ISPs cannot be allowed to leverage officials’ hysteria around encryption to weaken consumer privacy and security. Just last week, Sen. Ron Wyden (D-Ore.) and Rep. Anna Eshoo (D-Calif.) wrote Attorney General Barr to express concerns about DOJ’s “misguided, hypocritical efforts to pressure technology companies like Facebook into subverting the encryption that protects their messaging apps to enable government access.”
Pushing a false narrative about encryption harms both consumers and online platforms. Mozilla’s call for Congress to examine the data practices of ISPs is the correct approach, because it will allow lawmakers to further strengthen user privacy and security. Both the House and Senate are continuing to pursue federal data privacy legislation that will protect users’ personal information. The Senate Commerce Committee is also reportedly planning to hold a hearing before the end of the year to examine a variety of data privacy bills that have been introduced by lawmakers.
If lawmakers were truly concerned about consumers’ personal data, they would encourage the use of encryption and work to craft a federal data privacy framework that does not stifle innovation and competition. Startups rely on the trust of their users to grow and thrive. Strong encryption and privacy protocols are the tools that allow this to happen.
On the Horizon.
The Senate Judiciary Subcommittee on Crime and Terrorism is holding a hearing at 2:30 pm this afternoon to examine how companies are exposing user data to “criminals, China, and other bad actors.”
Engine, the Coin Center, and the Blockchain Association will be holding the first panel in our blockchain education series at 11 am this Thursday, November 7th. We’ll be discussing some of the core concepts of digital assets and distributed ledger technologies, including the different types of digital assets and how they differ from real assets. Learn more and RSVP here.