NEW
Bipartisan EARN IT Act Poses Serious Threat to Encryption

The latest update on the endless war between those pushing to guard freedom of speech and privacy on the internet and those pushing to increase government oversight over the worldwide network is not good news for anyone belonging to the former group. That’s because a new, bipartisan bill is currently being circulated amongst congress, dubbed the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or “EARN IT,” which, if passed, would effectively grant the federal government the ability to disallow the use of effective end-to-end encryption on every platform operating in the U.S.

The EARN IT Act, which is being sponsored by Senators Lindsey Graham, Josh Hawley, Dianne Feinstein, and Richard Blumenthal, is an amendment to Section 230 of the 1996 Communications Decency Act (CDA). Section 230 (the common name for Title V of the CDA), says, most critically, that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

 

This snippet of law from Section 230 is monumentally important because it prevents internet services providers (ISPs), platforms like Google or Facebook or Twitter, as well as messaging apps like WhatsApp or Signal, from being held legally responsible for illegal information that’s shared on their networks. In other words, section 230 allows these companies to not be held liable if people are sharing illegal information utilizing their tools.

Section 230 is so crucial to internet privacy and development, in fact, that the Electronic Frontier Foundation refers to it as “the most important law protecting internet speech,” and says that it is “perhaps the most influential law to protect the kind of innovation that has allowed the Internet to thrive since 1996.”

With its proposed amendment, EARN IT would effectively do away with the default legal shielding provided by Section 230, and instead would require corporations to earn that protection by passing inspection from a national commission made up of 19 members, including the Attorney General, The Secretary of Homeland Security, and The Chairman of the Federal Trade Commission. (And yes, the EARN IT act is meant to reference the fact that corporations will need to earn their Section 230 protections should this law pass.)

Regarding inspection, the bill says that the EARN IT commission would utilize “best practice” guidelines that it would develop itself to decide which companies have earned protection under Section 230. According to the March 5 draft of the bill:

“The purpose of the Commission is to develop recommended best practices that providers of interactive computer services may choose to implement to prevent, reduce, and respond to the online sexual exploitation of children, including the enticement, grooming, sex trafficking, and sexual abuse of children and the proliferation of online child sexual abuse material.”

The downstream effect of this amendment to Section 230, and the establishment of this national commission as a gatekeeper to the protections it provides, would, according to many reputable sources discussing the bill (including the EFF, Stanford Law School’s Center for Internet and Society, and the ACLU), result in the federal government having a so-called “backdoor” for accessing encrypted messages. This, in turn, would seriously degrade end-to-end encryption, which is “a system of communication where only the communicating users can read the messages [being shared].”

Although it may seem like a leap to assume EARN IT would undoubtedly crush the freedom and privacy provided by end-to-end encryption, especially considering the fact that the bill never even references the system of communication by name, common sense forces that conclusion. If EARN IT passes, companies would subsequently be faced with a dilemma: either weaken their end-to-end encryption methods in order to allow the national commission to have its backdoor to make sure “best practices” are being observed, or lose the protections provided by Section 230, and be made vulnerable to an unthinkably massive inundation of lawsuits.

Bipartisan EARN IT Act Poses Serious Threat to Encryption_1

Sen. Lindsey Graham discussing the EARN IT act at a March 2020 hearing. USSenLindseyGraham

It should be noted that there are, of course, some legal experts out there who don’t think EARN IT is nearly as bad as its opponents claim it is, and also may, in fact, help to curb the sharing of illegal content online—specifically in regards to child pornography and other “sexual abuse materials.” But it should also, likewise, be noted that several of the key sponsors of the bill, from both sides of the political aisle, have been looking for a way to diminish the efficacy of end-to-end encryption for some time. Senator Graham, for example, told representatives from Apple and Facebook in December of last year that “My advice to you is to get on with [providing warrant-compatible encryption voluntarily], because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.”

What do you think about the EARN IT act? Do you fear that the bill, should it pass, would greatly diminish the efficacy of end-to-end encryption? And would you trust a small national commission to decide which companies are or are not observing “best practices” when it comes to what their users are sharing on their platforms? Let us know your thoughts in the comments!

Feature image: Blogtrepreneur