Under U.S. Code §230, social media companies and internet service providers alike are currently classified as media channels, and accordingly, not legally liable for the accuracy of information made available through them, as publishers are.

Trump’s executive order would remove immunity for social media companies when they engage in “editorial conduct” such as removing posts or adding their own commentary. The difference provides Twitter, YouTube and others powerful incentives not to restrict what can be posted, or to add “warnings” or “Context” links to sources disputing the information posted by their users.

In early March, Senate Judiciary Committee Chairman Lindsey Graham (R-SC), U.S. Senators Richard Blumenthal (D-CT), Josh Hawley (R-MO) and Dianne Feinstein (D-CA) introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) that threatens the legal immunity of internet service providers under the same §230 until and unless they can prove they have “earned” it—by acting as the government’s agents in spying on their customers.

In other words, internet service providers (ISPs) will henceforth be judged as guilty until they prove their innocence.

Under the guise of “protecting the children,” the EARN IT Act would grant immunity only to ISPs certifying that they have complied with unidentified “Best Practices” for preventing child exploitation. Congress will develop these “Best Practices,” in secret at a later date, and could well “compel internet service providers to break encryption or be exposed to potentially crushing legal liability.”

Government’s utilizing this strategy to attack privacy and encryption is certainly not new. In 2014, President Obama’s Attorney General Eric Holder issued similar warning of the dire threat that privacy and encryption pose “to entice trusting minors to share explicit images of themselves.” Government officials seemingly cannot stand the thought that Americans have any information that it is not privy to, and setting up false straw men is their tried-and-true means of manufacturing a crisis already being addressed by industry.

While the bill’s sponsors claim the Act is needed to “Encourage Tech Industry to Take Online Child Sexual Exploitation Seriously,” ISPs already take it extremely seriously, providing millions of reports annually, including more than 70 million images of child abuse in 2019 alone.

Meanwhile, government has repeatedly shown that information in its hands is regularly used as fuel for abuse of the innocent. And Apple, Facebook, and other major Silicon Valley firms assert that “undermining their security protocols would make all of their users vulnerable to malicious cyberactivity, a view most independent experts share.”

In short, when government forces open “backdoors” into encrypted information, bad guys (whether its own agents or outsiders) are sure to follow.

So while the EARN IT Act would likely provide no meaningful additional protections from child exploitation, it would definitely produce a very chilling effect on the encryption that currently protects millions of Americans from cyber-attacks and malicious online actors—as well as on the development of stronger and better cybersecurity in an increasingly online world.

Especially with the Coronavirus shut-down forcing all of us to conduct increasing amounts of our personal and professional activities online, there could be no worse time to weaken the current encryption that provides us important security and privacy protections, nor disincentivize improvements to it.

Would that the media shone as bright a light on Congress’ threats to all Americans as it directs on Trump’s critiques of Twitter.

The post Media Up In Arms Over Twitter, Remains Silent on EARN IT Act’s Threat appeared first on The Beacon.

The Government Accountability Office (GAO) reported in 2011 that ED still hadn’t implemented security controls recommend in 2009 by its own Education Office of the Inspector General (IG). And, just this week the GAO again documented ED’s numerous information security weaknesses and deficiencies.

As. Rep. Mark Meadows (R-NC) summed up, “You know, the headline should read: ‘Department of Education Gets an F’.” (Starting at 46:31, first video)

According to the committee website:

The U.S. Department of Education is responsible for managing the portfolio of over 40 million federal student loan borrowers holding over $1.18 trillion in outstanding debt obligations. The Department also manages other student aid programs, such as the Pell Grant program that annually serves 8.3 million students. These programs often require applicants and their parents to provide the Department with their PII [personally identifiable information].

In FY2014, the IG found that, “While the Department made progress in strengthening its information security program, many longstanding weaknesses remain and the Department’s information systems continue to be vulnerable to serious security threats.”

The committee also highlighted many more alarming security deficiencies:

• ED has at least 139 million unique social security numbers in its Central Processing System (CPS).
• ED, however, has ignored the IG, which documented 6 repeat findings and 10 repeat recommendations in its most recent report.
• ED scored NEGATIVE 14 percent on the Office of Management and Budget (OMB) CyberSprint for total users using strong authentication.
• ED earned an “F” on the Federal Information Technology Acquisition Reform Act (FITARA) scorecard.
• ED’s National Student Loan Database (NSLD) gives 97,000 accounts/users access to borrower data, but less than 20 percent have had background checks for security clearance.
• ED’s systems are so vulnerable IG investigators hacked into them and had unfettered access for hours—all without detection.

So committee members’ harsh words should come as no surprise. As Rep. Will Hurd (R-TX) put it:

IG reports show that since 2011 there was no mechanism to restrict the use of unauthorized devices on the network. Having the ability to find devices on your network, does it really take four years to figure that out? ... This is completely unacceptable. This is the kind of issue that the American people are completely frustrated with.

Absolutely.

A leading reason why is that those of us in the real world would face consequences for such lack of performance. As a result of private-sector security breaches in recent years, chief information officers (CIOs) and other executives resigned or were fired, and their companies have paid tens of millions of dollars in legal settlements and other corrective actions.

No so in the land of Fed ED.

When pressed by Committee Chair Jason Chaffetz (R-UT) to answer the basic question of how many data centers ED is responsible for, Dr. Danny Harris, ED’s CIO, responded, “I don’t know, Mr. Chairman.” (Starting at 43:26, first video)

After hearing Inspector General Kathleen Tighe confirm that her agents had, in fact, breached ED’s systems undetected, an exasperated Rep. Meadows asked Harris: “Are you willing to stake your reputation and your job on the fact that the system is secure?” “I am, sir,” was Harris’ initial reply, until he back-pedaled about resigning if there was ever a breach.

Ultimately, Rep. Meadows asked Harris how confident he is on a scale of one to 10 that there will not be a breach. “Seven,” said Harris. (Starting at 49:31, first video).

In response, Rep. Jody Hice (R-GA) demanded to know, “How in the world can you give yourself a 7 out of 10 when you’re using technology that isn’t even supported?...When can we expect the system to be secure?” (Third video clip; or 101:56 first video).

Harris didn’t have a response, but he promised that he and his colleagues are working really, really hard. So a whole lot of effort but no good answer. Sounds like Common Core math.

* * *

For the authoritative examination of the history and impact of the U.S. Department of Education and the need for innovative reforms based on educational choice and opportunity, see the Independent Institute’s widely acclaimed book, Failure: The Federal Misedukation of America’s Children, by Vicki E. Alger.

The post U.S. Department Flunks Data Security ... Again appeared first on The Beacon.