Thursday, March 30, 2023

The 'Insanely Broad' Restrict Act Could Ban Much More Than Just TikTok

Image: NurPhoto/Contributor

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The RESTRICT Act, a proposed piece of legislation which provides one way the government might ban TikTok, contains “insanely broad” language and could lead to other apps or communications services with connections to foreign countries being banned in the U.S., multiple digital rights experts told Motherboard.

The bill could have implications not just for social networks, but potentially security tools such as virtual private networks (VPNs) that consumers use to encrypt and route their traffic, one said. Although the intention of the bill is to target apps or services that pose a threat to national security, these critics worry it may have much wider implications for the First Amendment.

“The RESTRICT Act is a concerning distraction with insanely broad language that raises serious human and civil rights concerns," Willmary Escoto, U.S. policy analyst for digital rights organization Access Now told Motherboard in an emailed statement. 

Do you know anything else about the RESTRICT Act? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act is led by Senators Mark Warner (D-VA) and John Thune (R-SD). The pair introduced the bill earlier this month, which is deliberately not limited to just TikTok. 

Under the RESTRICT Act, the Department of Commerce would identify information and communications technology products that a foreign adversary has any interest in, or poses an unacceptable risk to national security, the announcement reads. The bill only applies to technology linked to a “foreign adversary.” Those countries include China (as well as Hong Kong); Cuba; Iran; North Korea; Russia, and Venezuela.

The bill’s language includes vague terms such as “desktop applications,” “mobile applications,” “gaming applications,” “payment applications,” and “web-based applications.” It also targets applicable software that has more than 1 million users in the U.S.

“The RESTRICT Act could lead to apps and other ICT services with connections to certain foreign countries being banned in the United States. Any bill that would allow the US government to ban an online service that facilitates Americans' speech raises serious First Amendment concerns,” Caitlin Vogus, deputy director of the Center for Democracy & Technology’s Free Expression Project, told Motherboard in an emailed statement. “In addition, while bills like the RESTRICT Act may be motivated by legitimate privacy concerns, banning ICT services with connections to foreign countries would not necessarily help protect Americans' privacy. Those countries may still obtain data through other means, like by purchasing it from private data brokers.”

Escoto from Access Now added, “As written, the broad language in the RESTRICT Act could criminalize the use of a VPN, significantly impacting access to security tools and other applications that vulnerable people rely on for privacy and security.”

“Many individuals and organizations, including journalists, activists, and human rights defenders, use VPNs to protect their online activity from surveillance and censorship. The RESTRICT Act would expose these groups to monitoring and repression, which could have a chilling effect on free speech and expression,” Escoto wrote.

(Many VPN companies engage in misleading marketing practices which exaggerate their importance and alleged security benefits. Used correctly, and with a provider that does not introduce its own issues such as logging users’ traffic, VPNs can be a useful tool for digital security). 

Rachel Cohen, communications director for Senator Warner, responded by telling Motherboard in an email “This legislation is aimed squarely at companies like Kaspersky, Huawei and TikTok that create systemic risks to the United States’ national security—not at individual users.” She added “The threshold for criminal penalty in this bill is incredibly high—too high to ever be concerned with the actions of someone an individual user of TikTok or a VPN.”

With the bill’s introduction, Warner and Thune instead pointed to other foreign-linked companies that may pose their own security and privacy issues.

“Before TikTok, however, it was Huawei and ZTE, which threatened our nation’s telecommunications networks. And before that, it was Russia’s Kaspersky Lab, which threatened the security of government and corporate devices,” Warner said in a statement at the time. “We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren’t playing Whac-A-Mole and scrambling to catch up once they’re already ubiquitous.” 

Sens. Tammy Baldwin (D-WI), Deb Fischer (R-NE), Joe Manchin (D-WV), Jerry Moran (R-KS), Michael Bennet (D-CO), Dan Sullivan (R-AK), Kirsten Gillibrand (D-NY), Susan Collins (R-ME), Martin Heinrich (D-NM), and Mitt Romney (R-UT) are co-sponsors of the proposed legislation

Both Vogus and Escoto pointed to another potential solution: the U.S. passing a more fundamental privacy law.

“If Congress is serious about addressing risks to Americans’ privacy, it could accomplish far more by focusing its efforts on passing comprehensive privacy legislation like the American Data Privacy and Protection Act,” Vogus said.

Update: This piece has been updated to include comment from Senator Warner’s office.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.



from Hacker News https://ift.tt/ahDCHtw

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.