A New Bill Attacks What May Be the Most Important Law on the Internet
The EARN IT Act would give the DOJ even more power to censor the internet
We already know the Trump administration, led by Attorney General William Barr, wants to find a way to ban end-to-end encryption — a vital security protection used by millions of Americans on their phones every day. Now a bipartisan group of senators, including leading Democrat Sen. Richard Blumenthal, are bizarrely trying to help Barr irreparably damage Americans’ privacy.
The latest salvo in the government’s long-running war on encryption comes in the form of the EARN IT Act (that’s short for “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act”), a bill that attempts to help blunt child exploitation on the internet. A multitude of critics say it will do little to stop the problem, but it will provide the Justice Department and other federal agencies much more power to both censor the internet and give them the ban on encryption they have clamored for for years.
The rise of end-to-end encryption over the past several years has been the one bright spot in the ever devolving landscape of privacy on the internet. Services like Apple’s iMessage, WhatsApp, and Signal provide important protection to their users by encrypting messages so that only the sender and receiver of the information can access the content of the communications. This means that even Apple and Facebook, the owner of WhatsApp, cannot see what people say on its platforms — and therefore the government can’t order them to hand over private messages either.
“This bill is not about ending encryption,” Blumenthal said at a hearing Wednesday. “Encryption is fully compatible with preventing child abuse and exploitation material on these internet sites.”
Except that’s not what any experts are saying. Wired called the EARN IT Act “a sneak attack on encryption.” Electronic Frontier Foundation (EFF), the premiere online civil liberties organization in the United States, declared that the bill “could fulfill a long-standing dream of U.S. law enforcement: the end of private, encrypted messaging on the internet.” Leading cryptography expert Matthew Green wrote, “I can’t stress how dangerous this bill is.” Riana Pfefferkorn, associate director at the Stanford Center for Internet and Society, labeled it “disastrous” and a violation of “the constitutional rights of online service providers and users alike.”
Here’s how the draft of the EARN IT Act works, as described by EFF: “EARN IT would strip away Section 230 [of the Communications Decency Act] protections, offering them only to internet companies who followed a list of ‘best practices’ set up by a government commission of 15 people. This commission, set up in the name of protecting children, will be dominated by law enforcement agencies.”
The commission will then be able to withhold protections from tech companies if they refuse to comply with the commission’s recommendations, which will inevitably include an encryption ban.
The advocates of the EARN IT Act point to the fact that the bill doesn’t explicitly call for a ban on end-to-end encryption. But the entire process is set up to do just that — and it’s potentially even more dangerous than Barr’s overt attempts to pressure Facebook and Apple over the past year, since it makes it easier for the bill’s advocates to muddy the waters and confuse the public. Sen. Blumenthal even attempted to argue at a hearing about the bill on Wednesday that encryption is not at issue. But every single expert who has read the bill understands that’s a primary end goal, and the bill’s authors refuse to explicitly state they won’t use it to attack encryption.
As I’ve written previously, the vilification of Section 230 — known to civil liberties advocates as “the most important law on the internet” — is often false or purposefully ignorant. The law gives civil liability protections to companies like Facebook and Google for content users post online — primarily so they can’t be sued for false information users post. (For example, it protects news outlets like Medium so they can allow readers to comment on articles). It’s the backbone of free speech on the internet. However, it’s also the law that critics of tech companies have misguidedly targeted to hold tech companies more accountable.
Many senators and the Justice Department clearly recognize they can use the newfound interest in punishing tech companies to their advantage by rewriting the statute to give the government far more power over users’ privacy rights as well. As Stanford’s Pfefferkorn has written, the Justice Department already has plenty of tools to go after perpetrators of sexual abuse: “This proposal does not arise in a regulatory vacuum. There’s already an existing federal statutory scheme criminalizing CSAM and imposing duties on providers. And it already allows providers to be held accountable for CSAM on their services, without any need to amend Section 230.”
So why not better enforce the laws already on the books? Clearly our politicians want to weaken everyone else’s privacy as well.
End-to-end encryption offers powerful protection against mass surveillance, and is a vital tool that can be used by doctors, lawyers, journalists, and many other high-risk individuals — including many of the politicians who choose to demonize it, yet still rely on apps like Signal to protect their campaigns from state-sponsored hackers.
Given that the Trump administration has shown a willingness to use any means to track down immigrants and punish its political enemies, why would any Democrat be willing to hand its Justice Department any new powers?
There are many ways to tackle the problem of child exploitation online without sacrificing the privacy and security millions of Americans rely on on a daily basis to protect themselves and their private information.