The EARN IT Act Is a Sneak Attack on Encryption

The EARN IT Act Is a Sneak Attack on EncryptionJune 5, 2020 x

The EARN IT Act Violates the Constitution

Do you remember Trump tweeting about revoke 230? Well this is what that was about!

REVOKE 230!
— Donald J. Trump (@realDonaldTrump) May 29, 2020

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predetors, but it’s really about forcing the tech companies to break their encryption schemes:

The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners of Internet platforms to “prevent, reduce, and respond” to child exploitation. But far from mere recommendations, those “best practices” would be approved by Congress as legal requirements: if a platform failed to adhere to them, it would lose essential legal protections for free speech.
It’s easy to predict how Attorney General William Barr would use that power: to break encryption. He’s said over and over that he thinks the “best practice” is to force encrypted messaging systems to give law enforcement access to our private conversations. The Graham-Blumenthal bill would finally give Barr the power to demand that tech companies obey him or face serious repercussions, including both civil and criminal liability. Such a demand would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their users’ security, making all of us more vulnerable to online criminals.
EARN IT works by revoking a type of liability called Section 230 that makes it possible for providers to operate on the Internet, by preventing the provider for being held responsible for what their customers do on a platform like Facebook. The new bill would make it financially impossible for providers like WhatsApp and Apple to operate services unless they conduct “best practices” for scanning their systems for CSAM.
Since there are no “best practices” in existence, and the techniques for doing this while preserving privacy are completely unknown, the bill creates a government-appointed committee that will tell technology providers what technology they have to use. The specific nature of the committee is byzantine and described within the bill itself. Needless to say, the makeup of the committee, which can include as few as zero data security experts, ensures that end-to-end encryption will almost certainly not be considered a best practice.
https://www.schneier.com/blog/archives/2020/03/the_earn-it_act.html

How do I take action?

There is a website that makes it easy to find your rep and email them to reject the bill.

https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill

Leave a Reply Cancel reply