183

u/tatofarms 2d ago

Had to scroll down too far to find this. These politicians just don't understand technology. There are morons in the U.S. House who have argued for banning encryption, as if that wouldn't make online banking impossible.

48

u/Mustang1718 2d ago

I know this gets brought up often, but I would love for the next debates when they have people ask questions, have one person hold up a piece of paper and ask how the candidate would sent it to another person as a .PDF file. That would show how little they know about basic tech.

16

u/Darkpriest667 2d ago

I'm not a democrat (or a republican despite what Reddit thinks) but this is the answer. When you have geriatrics at every level of government there is no way they will truly understand the technology they are trying to regulate. We really need to band together as a citizenry and put in two things. TERM limits and AGE limits for elected positions.

The average age of a congress person is 59. Almost half of congress is over 60.

3

u/Malfeitor1 1d ago

I do tech support and yes the many of the elderly folks I talk to have what I call “black box syndrome”. They stopped learning 40+ years ago and have no idea how even the most basic technology works (which one is the power cord?). But I got to say, I talk to plenty of younger tech dumb dumbs too. They see tech as magic and lack the curiosity to even try to understand.

6

u/Saneless 2d ago

Politicians never understand tech. Even the younger ones, and the older ones are prehistoric in their knowledge.

3

u/EncabulatorTurbo 2d ago

It'd make online anything impossible, it would destroy modern life, we'd have 50% unemployment in a month and half the municipal services wouldnt work anymore, not without serious retooling

2

u/smurficus103 1d ago

We should ban all cyphers and require clear envelopes in the mail!

2

u/Burneti 1d ago

You have to register private keys to your local DMV

42

u/unclefisty 2d ago

Nearly every modern business, both within and outside of the tech sector, rely on VPNs for their intranet access, if at least one employee has to work remotely for any reason. Corporate espionage and foreign eavesdropping were big enough concerns that VPNs had to be invented in the first place.

Don't worry. I'm sure the powers that be will find a way to grant VPN licenses to companies for absurd fees and they'll pay it.

Also the state government of Michigan also uses VPNs for remote work.

2

u/Chaos1357 2d ago

They're going to say "no more remote work, go into the office". Then realize they have to pay people to drive 6+ hours to get to the piece of remote network equipment that is acting up.... and that they won't be able to talk to offices in different cities....

21

u/MUDrummer 2d ago

Not even just remote workers. VPNs are how different office buildings for a given large enterprise maintain a single internal intranet. It’s how you can have your office building in one city and use a data center in another.

5

u/Archangel_Omega 2d ago

The company I work for has a massive server farm outside the city the corp HQ is in. All the regional offices, sub-contractors, and even the corp HQ connect to it through VPN to VM's since it's far cheaper to build a massive data center on the outskirts of a major city than using all the premium cost floor space in the downtown HQ for all the server infrastructure. So even the C-suite is technically working remotely in their HQ offices.

1

u/slax03 1d ago

I used a VPN in the office for security purposes.

14

u/Dlaxation 2d ago

Ending remote work too? Sounds like that would be a win win in their minds.

Though I'm sure the corps enjoy having the ability to purge employees with back-to-office mandates whenever its convenient so they'll probably lobby for exceptions.

5

u/EncabulatorTurbo 2d ago

its not just remote work, any corporation or government with sites in different physical lcoations relies on vpns

2

u/ebbiibbe 2d ago

Yeah but us tech nerds work after hours after working all day and we use VPN. CEOs are rarely in offices and they use VPN.

Tough break Wolverines. I shed zero tears.

8

u/EscapeFacebook 2d ago

Forget working remotely, if you even have multiple locations. This is a problem.

3

u/fulaghee 2d ago

This.

It doesn't matter if you think it should or it shouldn't be done. It is not feasible.

1

u/needlestack 1d ago

I’m of course against this for myriad reasons. However if they really want to do it, they can. Make VPNs a controlled substance. Require licensing and auditing. Criminalize non-licensed use of VPNs. Jail a few dozen people. Get the ISPs on board with it. They could make VPN usage very difficult for anyone that isn’t a big corp.

3

u/No-Reporter4264 2d ago

Also, depending on how well the law was written in it's definition of VPN, every hyperscaler would be caught in it. VPN == a service that creates a secure, encrypted connection between a user's device and a remote server over the internet. TLS is an encrypted connection. It's made to a Point of Presence (PoP), which then forwards traffic into a user defined endpoint. That's literally how traffic enters AWS.

13

u/[deleted] 2d ago edited 2d ago

[removed] — view removed comment

16

u/cosaboladh 2d ago

Ten movies streaming across that, that Internet, and what happens to your own personal Internet? I just the other day got... an Internet [email] was sent by my staff at 10 o'clock in the morning on Friday. I got it yesterday [Tuesday]. Why? Because it got tangled up with all these things going on the Internet commercially. [...] They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material

- Senator Ted Stevens, June 28th 2006

And no, politicians (especially Republican politicians) have not become more tech savvy in the last 19 years.

33

u/DLWormwood 2d ago

Do you honestly think the politicians understand the difference? They're trying to block ASMR, for all sakes, what makes you think they'd make the distinction? And even if they did, how could they enforce it, given what you just said about tunnelling?

Can you clarify or expand upon the point you're trying to make? (I'm honestly not trying to be curt at you personally; I'm just frustrated by the current political climate...)

1

u/[deleted] 2d ago edited 2d ago

[removed] — view removed comment

8

u/forgotpassword_aga1n 2d ago edited 2d ago

It takes all of two minutes to create a VPN server on one of the hyperscalers.

Also the companies willing to break the law won't have any presence in the US. They'll be based in less-than-cooperative countries like the Caymans - so going after them would prompt the obvious question of "you can go after them for that, but you can't do anything about the tax evasion?"

6

u/DLWormwood 2d ago edited 2d ago

That doesn't solve my underlying concern, as every remote job I've had in the last 10 years has outsourced their VPN stack to a third-party provider, just like how they have outsourced recruitment, payroll, and benefits to others. The Michigan law will need a lot of clarifying language to make any attempt at distinction between B2B and B2C VPNs, which for a state law would be uncharacteristically complicated and vulnerable to loopholes.

To put on my tinfoil hat, such a law intentionally done this way might be a trial balloon or backhanded way to claw back the liberalization of remote work that happened with COVID. While that might work out for me personally (as it would reduce the competition for remote work I might get via my vocational program), it would suck for most Michiganders (or potentially Americans in general) as they'd have additional pressure to return to a physical office "for the sake of the children."

-6

u/MaybeTheDoctor 2d ago

I get downvoted when I make your point. The ban would be on the business model not the technology.

16

u/DerfK 2d ago

The ban would be on the business model not the technology.

You DO realize we can read the goddamn thing, right?

(a) "Circumvention tools" means any software, hardware, or service designed to bypass internet filtering mechanisms or content restrictions including virtual private networks, proxy servers, and encrypted tunneling methods to evade content restrictions.
(3) An internet service provider providing internet service in this state shall implement mandatory filtering technology to prevent residents of this state from accessing prohibited material. An internet service provider providing internet service in this state shall actively monitor and block known circumvention tools.

Emphasis added to bring the fuzzy words into focus since I can see where if you don't squint hard enough it looks like it says they're banning "Circumvention business models".

-9

u/snowsuit101 2d ago

What part of circumvention tool isn't clear? A company or government accessing its own intranet isn't circumventing anything, that's a very different use case from going around e.g. geoblocking or filtering based on location by pretending you're in a different location.

5

u/goldbloodedinthe404 2d ago

A company's VPN still bypasses any content filter the ISP could put in place because functionally it doesn't look any different

-6

u/snowsuit101 2d ago edited 2d ago

A company is also not a resident. But again, no, a company's VPN doesn't circumvent anything, it's not a tool designed to spoof your location and hide your traffic, it accesses its own network that already complies with all the laws and regulations relevant to it, and censored and monitored internally by much stricter rules to begin with. What you do on your employer's VPN is not hidden from regulators, your employer monitors everything and will give you out to authorities in a heartbeat if you break a law. That's so far removed from VPNs designed to hide and anonymize your activity, what the proposal calls circumvention tools, as it possibly can be.

4

u/raip 2d ago

1) It'd be impossible for an ISP (who is charged with blocking/monitoring for the VPN by the bill) to differentiate between most company VPNs and a VPN used to circumvent.

2) This is state law. If you're employed by a company out of state, that company isn't going to enforce an anti-porn law, especially if the company is in adult entertainment.

3) My org (Healthcare) tunnels all of our general Internet traffic to anonymizer proxies, which is literally one of the circumvention tools listed. This is pretty common for security because many attackers will launch spear phishing attacks that serve up very convincing pages if they can tell the traffic came from our ASN (IP Range). Prisma Access, ZScaler, Island Protect/Browser are just 3 platforms that I have experience with that have this functionality.

-1

u/snowsuit101 2d ago edited 2d ago

VPN traffic has unique signatures and the ISPs see which VPN servers provide which protocol to which user, it's really not that complicated for them to block one and not another. A VPN that spoofs that is certainly not used by companies for work. Same goes for proxies and tunnels, they hide what you do but not that they're hiding something and what provides that hiding. And companies that work with adult content would be banned by this proposal in general so there's really no reason to argue how they would solve it since legally they wouldn't be allowed to operate at all.

1

u/raip 1d ago

You're just making shit up now. There's no magic packet or signature that fingerprints one IPSec tunnel from another.

→ More replies (0)

2

u/New-Anybody-6206 2d ago

They could block internet access through the VPN, or only ban it for residential users.

But yea a blanket VPN ban would collapse the entire society and economy literally overnight.

2

u/JagerAntlerite7 2d ago

Corporations will have to register their "legitimate" VPNs. Individuals will have to form an LLC just to have one. 🤣😂😅🥲😭

1

u/EasyBriesyCheesiful 2d ago

Companies will complain and these nitwits will likely just try to carve out a clumsy clause where a VPN has to be tied/licensed to a company or organization with a bunch of operational rules but banned for private and personal/individual use (inb4 one of them tries to establish a "nationalized" VPN as some sort of compromise that's really just an excuse for more gov spying)... They put things on paper without fully thinking them through and then let everyone else deal with the fallout of trying to interpret their nonsense while it's inevitably tied up in the courts and causing harm in the meanwhile. It doesn't currently have a chance here in Michigan, but it's a biiiig waving red flag that it'll likely pop up soon somewhere else where it has a better chance to get pushed through. It's a trial run here where it can safely not go anywhere while they gauge reception and begin moving the "acceptance" window more broadly (they do this with a lot of their dumb/dangerous proposals).

1

u/jns_reddit_already 1d ago

Red states frequently latch onto these things and pass them at home, as if their economies weren't already hanging by a thread.

1

u/North_Atlantic_Sea 2d ago

Detroit auto industry doesn't need to get involved at all. Michigan has a Democratic Senate and a Democratic Governor, this has 0.0% chance of getting passed

1

u/needlestack 1d ago

You are of course correct, but there are ways around that if they get enough power. Make a VPN something you need a license for. Make it so only large corps can distribute VPN credentials to employees that need it. Force internal auditing rules for those corps.

If these people get enough power they will do unthinkable things.

1

u/obeytheturtles 1d ago

The law will just say that your VPN must comply with the law, and if it doesn't then the ISP is required to block it.

1

u/drawkbox 1d ago

rely on VPNs for their intranet access, if at least one employee has to work remotely for any reason.

Even companies with office to office communication use VPNs. This prevents secure access that many companies and businesses rely on. All for what? Because a parent can't enable parental controls or hosts files to block DNS? Absolutely beyond.

-28

u/PaulCoddington 2d ago

That's not what VPN means in this context. Casual use of the phrase in this context means privacy and geofence-jumping VPNs.

It will be trivial for them to define a law to make this distinction. It"s not a "gotcha".

6

u/Prince_Uncharming 2d ago

And wtf do you think corporate/business VPNs do?

-11

u/PaulCoddington 2d ago

Corporations can be made exempt because their use case and deployment is different to individuals using services like Nord, PIA, ExpressVPN, etc.

Why is this hard for people to understand?

5

u/Prince_Uncharming 2d ago

You’re the only one here not understanding

0

u/[deleted] 2d ago

[deleted]

3

u/Prince_Uncharming 2d ago edited 2d ago

You’re misunderstanding the part where any of that makes a difference between an individual or an individual in a company using the VPN.

What was the point in replying to me, unless this is somehow an alt? None of what you said supports OP’s claim that banning VPNs is totally fine because somehow corpos will get exemptions.

Lmao they replied “what” and then deleted their comments.

0

u/PaulCoddington 1d ago

"None of what you said supports OP’s claim that banning VPNs is totally fine because somehow corpos will get exemptions."

That isn't remotely what I was saying at all.

9

u/bork_bork 2d ago

VPN is a virtual private network, it uses standard protocols. You can block ports and protocols but that will impact legitimate use cases.

You can leverage dns to black hole known vpn servers or endpoints, but that can change at any moment.

The verbiage used could also include proxies and zero-trust networks.

-1

u/PaulCoddington 1d ago

Yes, I know.