AXEL.org

Legal

You Can’t Crack Good Encryption But You Can EARN IT

You Can't Crack Good Encryption But You Can EARN IT

Encryption is a hotly debated topic these days. Privacy advocates love it; governments and law enforcement are less enthusiastic. One of the most significant discussions regarding encryption at the moment is the United States’ EARN IT Act. This controversial piece of legislation could have major privacy implications moving forward.

The EARN IT Act’s journey

On March 5, 2020, a bipartisan group of U.S. politicians, including Sen. Lindsey Graham (R-South Carolina), Sen. Richard Blumenthal (D-Connecticut), Sen. Dianne Feinstein (D-California), and Sen. Josh Hawley (R-Missouri) introduced the EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act. The legislation aimed to curb online child sexual exploitation through the creation of a national commission.

The commission

The act establishes a government commission consisting of 19 appointed individuals from various sectors. It includes high-ranking officials from the Department of Justice, the Department of Homeland Security, the Federal Trade Commission, as well as representatives from top law enforcement agencies, constitutional law experts, survivor groups, and more.

The commission would be responsible for devising a set of “best practices” that online companies would need to follow to maintain immunity from liability regarding third-party content posted on their platform. Congress would review and approve the list of mandated best practices. Once approved, the commission would need to certify companies as compliant with the policies before they received immunity. Simply put, immunity is not guaranteed. Online organizations would have to “earn it” (see what they did there?)

Businesses that do not follow the standard set of best practices would need to prove they have reasonable alternative methods to prevent child exploitation on their platform. As deemed by the commission, those who do not meet the minimum standards would be liable for lawsuits from sexual exploitation victims.

Amendments to the bill

This summer, while making its way throughout the Senate Judiciary Committee, lawmakers altered the bill to empower the states to form their own rules. The commission would still be retained along with its guidelines for best practices. However, it is now up to the states to bring civil and criminal lawsuits against content platforms that don’t do enough to prevent child exploitation.

In either form, the EARN IT Act, at its core, attempts to erode the legal protections stipulated by Section 230 of the Communications Decency Act of 1996. And It could create obstacles for the use of encryption technologies.

Section 230

The Communications Decency Act of 1996 is a component of the more comprehensive Telecommunications Act of 1996. This was the first law that incorporated the Internet into broadcast regulations. Section 230 of the CDA states:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

This means that content platforms aren’t liable for the content people post on them. It protects them from all sorts of nasty legal situations.

The most current form of the EARN IT Act affords states more leeway to decide whether a content platform is culpable for sexual crimes committed against minors.

The effect on encryption

So, how does this relate to encryption? If passed, the EARN IT Act significantly weakens the utility of it. The first iteration never specifically mentioned encryption, although the implications to the technology were evident. If, for instance, the government held social media websites liable for facilitating child exploitation via encrypted messages, why would the platform ever allow encrypted messages in the first place?

The whole point of encryption is that the centralized platform doesn’t have the keys to decrypt messages between two private parties. This ensures privacy and that Big Brother isn’t watching over your shoulder. Section 230 prevented roadblocks to encrypted communications. But, if the government can hold the content of encrypted messages against a business in civil or criminal cases, the organization has a massive incentive not to offer encryption services.

The amended EARN IT Act that passed through the Senate Judiciary Committee does mention encryption. In fact, it stipulates that end-to-end encryption by itself is not a reason to remove the Section 230 protections for a company. On the surface, this looks like a more reasonable bill. However, it suggests that organizations scan messages before being encrypted to check for suspicious exploitative content. If any is present, they would have to forward them to the proper government authority for closer scrutiny. The practice is called “client-side scanning.”

So, would this really allow for end-to-end encryption? It appears to undermine its usefulness when companies scan every message before transmission.

Far-reaching consequences

AXEL is a data custody and privacy advocate. Our file sharing and storage platform, AXEL Go prioritizes privacy and security. We provide the option to use encrypted password protection for all shared files.

We understand that this is a complex issue, and we want to prevent the exploitation of minors. However, this legislation could have a chilling effect on privacy and the future of encryption.

Encryption is a tool. It isn’t only useful for criminals. Privacy is a right for everyone, and this technology helps facilitate it. It doesn’t just hide your data from governments and corporations, but also malicious agents. Data breaches happen on a daily basis. If the hackers only score encrypted data, the haul ends up being useless. It helps prevent identity theft, as well as stolen credentials and payment information. Encryption is a part of the solution, not the problem. We can usher in a better online experience. One that isn’t fraught with invasions of privacy and data collection. Client-side scanning of all messages is not on the path toward this future.

If you’d like a secure, private file sharing and storage platform, download AXEL Go. It’s an easy-to-use program available on Windows, Mac, iOS, and Android devices. It uses secure technologies such as blockchain, the InterPlanetary File System (IPFS), and the aforementioned password encryption to ensure your data stays safe and confidential. Sign up for one of our free, Basic accounts and you will receive 2GB of free online storage, along with enough of our AXEL Tokens to fuel thousands of shares across our decentralized network.

A Primer on Blockchain for the Legal Industry

A Primer on Blockchain for the Legal Industry

Blockchain technology is a hot topic. Worldwide spending on blockchain initiatives is expected to triple to over $14 billion by 2023. The legal industry is a sector especially prone to disruption by this trend. Legal professionals should inform themselves of the implications to stay ahead of the curve and reap the benefits of this game-changing technology. 

A true disruptor

The legal industry is a notorious slow mover when it comes to technological adoption. While practices such as automated billing, digital document storage, and the use of accounting software are all commonplace today, you will still find plenty of good, old-fashioned paper documents in any law firm.

In the case of blockchain, however, slow-adopters may find themselves suddenly uncompetitive. That’s because the technology has many important benefits that could transform how the industry operates. But first, a quick introduction to the main concepts. 

What is blockchain, exactly?

Many legal professionals have heard the term but may not understand what blockchain technology actually does. It’s okay, you’re busy folk. 

So, your 22-year old nephew drives a nicer car than you since he struck it rich in the Bitcoin game a few years ago. That’s blockchain, right? Yes, blockchain technology powers cryptocurrencies such as Bitcoin, but it is so much more than that. 

A blockchain is a category of Distributed Ledger Technology. It can record transactional information in a way that cannot be altered. These transactions are verified by individual computers called nodes on a decentralized network. 

Transaction data is stored on “blocks”, which, when verified, are pooled and added to a “chain” of previous blocks.  Each block has a unique, cryptographic alphanumeric “hash” assigned to it. A block contains its hash and the hash of the previous block. 

Once a block is on the chain, information within the block can’t be changed. If there are any alterations, the unique hash changes, which changes all subsequent hashes up the chain, breaking it. The blockchain is carried by all of the nodes in a given network. This means if a single node is hacked to alter a transaction, all of the other nodes see it as invalid and the changed blockchain is voided. 

This makes a blockchain a very secure way to register transactions. But, how could it apply to the legal industry?

Benefits to the legal industry

There are two main benefits to integrating blockchain into your Legal Tech strategy: cost reduction and increased data integrity. 

The savings possible through the use of blockchain technology is enormous. Blockchain can automate many tedious legal procedures. Smart contracts and digital signatures could be used to reduce the amount of manual paperwork that needs to be filled. This alone would save money on paralegals and low-skill labor you typically have to bill your clients. 

This increases accessibility to the legal system. Lower-income people can afford to become clients when they aren’t charged for the mundane aspects that chew up a significant amount of time. Lawyers can either charge less or receive better margins, depending on their goals. A firm that can charge lower prices and save time for their clients would have a major competitive advantage in the marketplace. 

Superior data integrity is the other important benefit. Legal files are some of the most sought-after data targeted by hackers. Files are typically not stored on a blockchain, as the blocks tend to hold relatively small amounts of data. However, transactional info about where and to whom the files were sent can be stored on the blockchain. This allows for undeniable chain-of-custody verification. Remember, data on a blockchain can’t be altered without the malicious agent gaining control of the majority of the nodes on the network. With hundreds or even thousands of nodes, this becomes impractical. Therefore blockchain becomes an essential tool for confidential contracts or digital evidence sequestration.  

The power of smart contracts

While smart contracts have been mentioned as important, you may not understand the term. It’s an important concept when analyzing blockchain’s effect on the legal profession. 

Legal professionals are obviously familiar with standard contracts. Perhaps Party A agrees to buy certain property from Party B, if certain conditions are met by Party B before a specific time. Traditionally, this transaction could take days or weeks to complete. Smart contracts aim to reduce the transactional friction.

A smart contract is a piece of code integrated into a blockchain that holds all the necessary conditions for a potential transaction. Once these conditions are met by both parties, the smart contract executes and the transaction is made. Essentially, they automate the agreement without the need for human verification. And, since it takes place on the blockchain, it is not able to be reversed. 

While smart contracts won’t completely erase the need for traditional legal contracts, they could disrupt business-as-usual. If future regulation confirms smart contracts are legally binding documents, lawyers will need to inform themselves about the technology and integrate it into their offerings. 

Interesting potential use-cases

Presently, it’s a real Wild West out there regarding blockchain and the legal industry. While there are a few scattered firms accepting cryptocurrency as payment, the wide adoption of blockchain technology still lags. Regulatory uncertainty and the overall inertia against the adoption of new technology have contributed to this reluctance. Dig a bit deeper into the untapped possibilities, however, and you’ll find some very exciting applications. 

Blockchain could disrupt the field of IP (Intellectual Property) law. Through the use of non-fungible tokens, unique work or property can be represented and timestamped on an immutable ledger. This would go a long way toward clearing up IP disputes between parties. It would be an irrefutable way to prove ownership. 

As previously mentioned,  another useful application is related to chain-of-custody. This term refers to how evidence in a legal proceeding is handled from point A to point B. Blockchains could prevent tampering, as every piece of evidence would have to be logged in the ledger. It closes many weak points throughout the chain and inconsistencies would be spotted immediately. 

Property law could also transform due to blockchain technology. It’s one of the areas where a reduction in paperwork and intermediaries would lower transaction costs substantially. Once widely available, it’s difficult to imagine the majority of clients opting for the more manual version. 

Additionally, Blockchain could be used to host public documents and process Freedom of Information Act (FOIA) requests. Attorneys in need of a theoretically public document can find themselves waiting for months or years! If these documents were all put on a blockchain, there would be no worry about manipulation or hacking. The public could search for the necessary information without the need of a meandering bureaucrat to pour through what can only be imagined as an Indiana Jones-esque secret warehouse of long-forgotten files. 

Then there’s the burgeoning market for blockchain-savvy lawyers. In case you hadn’t noticed, blockchain is big business these days (your nephew’s Porsche is proof enough). Businesses and consumers alike need legal assistance on cryptocurrency holdings, smart contracts, digital IP, and all else blockchain. It’s an entirely new field where those truly invested will be able to make a name for themselves and flourish. 

Hopefully, you now see how blockchain is poised to change the legal industry forever. Even If your firm is not planning to work with any blockchain-related clients, it would be good to investigate its practical usefulness. And, with the technology becoming more ubiquitous, you may even be presented with blockchain legal scenarios from current clients in the near future. Don’t get caught unaware. 

A secure solution for your sensitive information

Few professions require the file privacy lawyers do. Those in the legal industry need solutions that ensure their documents are accessible and secure.

AXEL is at the forefront of the data security movement. Our revolutionary file-sharing platform, AXEL Go, is the perfect application for legal professionals. AXEL Go is an intuitive file-sharing program backed by blockchain technology. Files aren’t housed in a central location. Instead, they’re divided into many pieces and distributed to our verified network of nodes. This, combined with our optional AES-256 password encryptions guarantees privacy. Keep your sensitive data out of the hands of malicious agents with the help of AXEL Go.  Download it today and receive 2GB of free storage. 

Why Data Breaches are so Damaging and how the Law has Failed Consumers

Very few times in history have a group of people sat down with the purpose of writing a set of new laws to improve society. Instead, what usually happens is that laws are written to solve specific problems. This leads to a litany of laws piling up over the decades. While it could always be debated how effective a particular law might be at accomplishing its goal, the rapid pace of technological advancement over the past 20 years – especially as compared to the pace of the lawmaking process – has introduced new challenges as laws become quickly outdated, sometimes even by the time they take effect.

The results of this are acutely apparent in the cross-section between the fields of cybersecurity and consumer protection, namely data breaches.

The magnanimity of consumer protection laws in the United States were written for a society concerned with immediate product safety and compensation for resulting injuries, not for the nebulous and incalculable injuries that may be sustained by potential millions when private records are exposed.

Why are data breaches so damaging?

The unique problem of data breaches stems from the fact that the breach of privacy carries in of itself no specific harm. Instead, it is the later misuse of information that has been breached that may lead to ensuing harm. However, with data breaches occurring on a near-daily basis, the causality of specific financial or reputational damage is nigh impossible to link to a single breach causally; with our laws written around the concept of calculable damages being the source of justified remuneration, we are left constantly and increasingly victimized but unable to seek just compensation.

Some would argue that even more problematic is the irreparable nature of many of the most severe data breaches. Once a name and social security number are leaked, that identity is permanently and irreversibly at risk for being used fraudulently. While one could always apply for a new social security number, the Social Security Administration is extremely reluctant to issue new identities, and while that is a debate for another time, it goes to show just how difficult it can be to recover from a breach. Victims are permanently marred and at increased risk for future injuries resulting from a single breach, no matter how much time has passed.

Because of the damage resulting from a data breach being so far removed temporally and causally from the actual breach itself, adequate compensation is rarely won, if it is even sought. Was it the Equifax breach, the MoviePass breach, or one of the innumerable other breaches this year that resulted in your identity being stolen and used to take out fraudulent loans a decade from now?

Moreover, even if you should find that it was MoviePass’ negligence that leads to your identity being stolen, what compensation can you seek from a company that has been defunct for years? Our laws were not written to address these issues adequately. Our legal system often does not ponder questions of uncertainty and possibility, and that’s the perfect summary of what victims face in the aftermath of a breach; uncertainty and possibilities.

For all the uncertainty victims face, the solutions going forward as a country are equally opaque.

It would be easy to write some draconian law to punish companies for exposing private data, but as is often the case, that could have unintended consequences, such as pushing data overseas where even looser security and weaker privacy laws may exacerbate the problem. Instead, it’s going to take a significant shift in our collective-consciousness over how data is handled.

Laws written for managing telecommunications and transmissions in that era are being used to handle complex cybersecurity and data privacy cases.

This can’t come just from one party though; companies need to seriously consider what data they need to collect, and what information needs to be retained on a long-term basis. Consumers have to take ownership of their data and demand a higher quality of service from corporations and governments over how their data is collected and used.

As a whole, we must recognize the value of data, and the dangers we expose ourselves to by collecting it (and why it might even be best to not collect data at all in many circumstances).

Just like holding valuables such as gold and art entails a security risk, so too does data. If people started treating data like the digital gold it really is, maybe then we could all come together to work out a solution.

But until then, I’ll be keeping my data to myself.

Keeping Up in Court

It’s the day before the big hearing.  The Motion was perfect; Opposition just ok – no surprises, and your Reply crushed it.  This is the second time you will be arguing your Summary Judgment Motion.  A Rule 56(f) Opposition carried the day six months ago; but it’s more than ripe this time around.

You sit down to download all three pleadings to your iPad; with exhibits they total about a foot-thick of paper.  But, in PDF format, the files are too big for the storage left on the device.  To make matters worse, you wanted to download a few other things for the hearing as well – their Opposition from the last hearing (since it makes a few arguments that help you this time around), the latest round of discovery responses (a perfect Interrogatory answer from their CIO exists), and a bunch of photos of your client’s product and their infringing product that your expert just testified to at his deposition last week.

The next two hours are spent deciding if you really need all the exhibits to the pleadings, what else you really need, and considering what you could take off your iPad.  WASTED TIME and ADDED STRESS.   As if you need either of those on the day before the hearing.  Finally, you decide to leave the Opposition exhibits and the new expert photos off the download, and remove a few unrelated things from the iPad and off you go.

Let’s take the worst-case scenario, and play it out.  During argument opposing counsel brings up a document from her exhibits – that you did not think was important enough to address in your outline – and it’s not on your iPad.  She also talks for a while about your expert’s deposition and two of his photos – which you don’t have either.

As prepared and articulate as you may be, you simply cannot address the nuances of her arguments on those three pieces of evidence since they are not right in front of you.  Motion DENIED.

I understand that in this hypothetical you could have hand-carried the documents to court.  But the point is, even when we carry twelve inches of material to court and/or download all the related pleadings, every now-and-then a question is asked or argument made related to a document we just did not have.  Sure, sometimes the judge will give us more time to address the evidence, but would it not be better to just have access to your entire case file – no matter how big?

This scenario happened to me a few times in my 18 years of litigation.  Sure, there was more than one time where I simply forgot to grab part of the file on the way to court.  But far more often, opposing counsel would bring up something completely unrelated to the issue, or from a prior hearing or long-ago completed discovery.  Every now and then, a judge would ask for something very specific or something silly like a date of service on Interrogatory packet #3.  In these instances the ability to access all your documents can be the difference between winning or losing your case. It’s important for any attorney to do their research on finding the best file management tools to ensure they have the important information on hand at all times.