Will Nevada Kill End-To-End Encryption Next Week?

by
Mike Masnick
from Techdirt on (#6KCGQ)
Story Image

Last month, we wrote about Nevada's Attorney General filing an absolutely preposterous, but extremely dangerous, legal filing, demanding that a court bar Meta from offering end-to-end encryption for its messaging apps. Almost everything about this request was crazy. First, Nevada sued Meta, with vague, unsubstantiated claims of harm to children," and then it filed a demand for a temporary restraining order, blocking Meta from using encryption, giving the company basically a day to respond.

This all seemed weird, given that encryption has been available in tons of places for many, many years, including on some of Meta's messaging offerings going back years. Why was it suddenly so necessary to stop them immediately? Nevada also claimed that Meta offering encryption was a deceptive trade practice" because it says it's offering encryption to keep people safer when, according to Nevada, it's inherently harmful.

Thankfully, the court did not issue the immediate TRO, but asked the parties to brief the issue and appear for a hearing next Wednesday. Earlier this week, a bunch of organizations, including the ACLU, EFF, Fight for the Future, Internet Society, Signal, and Mozilla all filed an amicus brief that I'd describe as 43-pages of what the fuck is this, I don't even..."

The State's motion for a preliminary injunction attempts to substitute the judgment of the Attorney General's office for a national policy developed over decades of discussion with multiple stakeholders. The State paints a picture of E2EE as solely a danger to children. But the reason that E2EE has been widely adopted is that it prevents crime-crime affecting both children and adults. The State has many avenues for pursuing its child-safety investigations without this extraordinary order. It is especially ill-advised to upend decades-old, encryption- specific policies based on a reinterpretation of a broad, general purpose law such as the Nevada Unfair and Deceptive Trade Practices Act, N.R.S. 598.0903-598.0947.

While the Attorney General may disagree, the assertion that E2EE is good for children is a mainstream point of view and not properly classified as deceptive" (Mot. at 16-17). Millions of children have long used E2EE platforms such as WhatsApp and iMessage. It can hardly be unconscionable" for Meta to upgrade its product to meet the security and privacy standards that other exceedingly popular products-ones the Attorney General has not challenged have offered to the public for years.

The motion for a preliminary injunction that would stop Meta from providing secure communications to its users is baseless and dangerous. Meta's provision of end-to-end encryption by default to all Messenger users is not deceptive or unconscionable, meaning the State is unlikely to succeed on the merits. To the contrary, because E2EE protects consumers, its continuation will not cause irreparable harm and in fact benefits the public interest (a preliminary injunction factor the State does not discuss). Clark Cnty. Sch. Dist. v. Buchanan. 112 Nev. 1146, 1150, 924 P.2d 716, 719 (1996). The Court should reject the State's request.

The overall brief is fantastic. It points out, among other things, that historically most conversations were ephemeral and not recorded, and law enforcement didn't think that people talking to each other was an inherent threat to children.

Society has long recognized that people thrive when we have the ability to engage in private, unmonitored conversations. Sharing confidences enables people to form friendships and intimate relationships, obtain information about sensitive matters, and construct different identities depending on the audience. We know this from our own lives, whether engaging in pillow talk, meeting a friend for a walk, or forming an invitation-only club. Important, human things happen when we can be confident that no one is listening in.

Before the Internet, these conversations were not recorded or preserved. Our words vanished into the air as they were spoken. Unless someone was eavesdropping, conversations were private, secret, and unrecoverable. Police could not access these interactions. Mail carriers did not make copies of letters and senders and recipients were free to write in code or foreign languages and to destroy the documents after they had been received.

In any other era, a claim that government may obligate us to record and preserve our conversations, just in case investigators wanted to review them later. would be laughably ridiculous. It would simply have been beyond the pale to suggest that people could be required to record their conversations in a language that law enforcement could readily understand and access. Basic conversational privacy was assumed, and rightly so.

The brief gives many examples of why end-to-end encryption makes everyone, including children, more secure. It highlights how many government agencies have endorsed encryption.

But also, importantly, it highlights just how stupid this demand is, given that Nevada law enforcement has plenty of ways to investigate criminal actions, even when there is encryption in messaging. After all, Meta has access to metadata, and any victims can directly provide the content to law enforcement as well.

Riana Pfefferkorn (who also signed onto the brief as an amicus) also wrote a column about this case. She notes that Nevada's request would not only make children less safe, but it's extremely unlikely that this destruction of encryption would remain local to Nevada.

If the court grants the Nevada AG's latter-day request after this month's hearing, the resulting injunction won't just affect Nevada's children. Anyone (adult or child) who talks to them, or is mistakenly identified by Meta as being one of them, will no longer get default E2EE on Messenger either. Plus, a successful request in Nevada might inspire copycat demands elsewhere. That multi-state social media addiction lawsuit against Meta that I mentioned above? It has 42 state AGs as plaintiffs. A copycat injunction for Messenger would mean no more default E2EE for most of the country's children (and a significant number of adults, as said).

Hopefully those other state AGs would pick a wiser course than this one rogue state AG has chosen. Consumer protection regulators have spent years telling Meta to do better at protecting user privacy. Making Messenger E2EE by default is the best thing Meta has done in that regard in a long time. The Nevada AG's own complaint against Meta says that [i]n the digital privacy ecosystem, this is a move that might be lauded." Yet rather than laud it, the Nevada AG is trying to undo it. He would rather force Meta to give the state's youngest users worse digital privacy and security than everyone else. That isn't promoting child safety online; it's undermining it. Even more astonishing, he's trying to rebrand default E2EE as an unconscionable and deceptive trade practice. Strong encryption isn't a violation of consumer protection; it's a vindication of it.

The Nevada AG's request is so wildly contrary to well-established best practices and long-standing interpretations of consumer protection law that it would almost be funny if it weren't so dangerous. We can only hope the judge in Nevada laughs him out of court. The children of Nevada deserve better than this.

Hopefully, the court agrees.

External Content
Source RSS or Atom Feed
Feed Location https://www.techdirt.com/techdirt_rss.xml
Feed Title Techdirt
Feed Link https://www.techdirt.com/
Reply 0 comments