Just in time for Independence day. Republican Senator Lindsey Graham (SC) led the U.S. Senate to approve the EARN IT Act. The bill could end encryption and free speech as we know it, online. The EFF explains…
The bill will create a new government commission, dominated by law enforcement agencies, and give it unprecedented power over websites both large and small. Attorney General Bill Barr and the DOJ have demanded for years that messaging services give the government special access to users’ private messages. If EARN IT passes, Barr will finally get his wish—law enforcement agencies will be able to scan every message sent online. The EARN IT Act (S. 3398) is anti-speech, anti-security, and unnecessary.
The legislation is intentionally vague. The legislation gives this new commission unprecedented power. It can demand websites share nearly any information or do nearly anything it wants. It effectively makes encryption and protecting your privacy illegal.
Do something this Fourth of July!
1. Sign the Action Network petition to tell Congress. “Don’t kill online encryption! Reject the dangerous EARN IT Act.”
2. Call 1 (813) 213-3989. You’ll be connected to your members of Congress so you can tell them. Vote NO on the EARN IT Act, and any attempt to spy on our digital communications.
—
In the midst of America closing up shop in fear over the COVID-19 pandemic, the U.S. government is not shutting down. Why? Perhaps they figure that most of us are too preoccupied with toilet paper hoarding and missing March madness. They figure they can sneak in additional restrictions on our freedoms.
Casey Newton at the Verge is tracking the Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act EARN IT Act (S. 3398). The EARN IT BILL was the subject of a Senate hearing on 03/12/2020. The EARN IT Act was introduced by the self-quarantined Trump supporter, Republican Sen. Lindsey Graham. The premise of the bill is that technology companies have to earn Section 230 protections. This changes decades of precedent. The bill says tech firms have to earn Section 230 protections by complying with the politicians. Rather than being granted immunity by default by the Communications Decency Act.
EARN IT Act designed to hobble encryption
Experts believe that the bill is the latest effort by the government to destroy online free speech and security. It is designed to hobble encryption in the guise of child protection. Today, it is disguised as “Lawful access” in the U.S. government’s latest push against end-to-end encryption. CNet defines end-to-end encryption as a security technology that encodes your sensitive data. Data like passwords and financial and health information stored on your devices. Encryption protects your data from being viewed by employees of the company providing the service, and governments looking to spy on citizens.
The bill calls for tech companies to create an opening in their own encryption. An opening that only law enforcement agencies could use for investigations. The Feds have a long history of attacking encryption online. CNet explains that In 2017, the Justice Department called it “responsible encryption.” The feds wanted tech firms to provide encryption for everyone. But only if they hand over a special key that governments could use to snoop on communications. The FBI calls it the “Going Dark” problem. They claim investigations can hit a dead end because of encryption. Prosecutors have asked for backdoors to encryption. The Justice Department has called it “warrant-proof encryption.” The DoJ argues that encryption hinders law enforcement from keeping track of criminals or gathering evidence.
Protections under the First Amendment
Mr. Newton points out that it’s not clear that companies have to “earn” what are already protections provided under the First Amendment to publish and to allow their users to publish, with very few legal restrictions. But if the EARN IT Act were passed, tech companies could be held liable if their users posted illegal content. This would represent a significant and potentially devastating amendment to Section 230, a much-misunderstood law that is considered a pillar of the internet and the $26 Trillion businesses that operate on top of it.
The EARN IT Act would require tech firms to adhere to a bureaucratic set of “best practices.” The “best practices” would drawn up by a newly created national commission. They would have to be approved by the attorney general, homeland security, and the chairman of the FTC.
One of the “best practices” could be eliminating end-to-end encryption. That would deprive the world of a secure communications tool at a time when authoritarian governments are surging around the world. If the tech firms failed to eliminate end-to-end encryption, they could lose legal protection under Section 230.
Graham plan to weaken encryption
There is little doubt they plan to weaken encryption. Graham, says:
Facebook is talking about end-to-end encryption which means they go blind … We’re not going to go blind and let this abuse go forward in the name of any other freedom.
Berin Szoka, president of think tank TechFreedom said,
DOJ could effectively ban end-to-end encryption.
Encryption backdoor
The problem with lawful access, is that the backdoor or key created for governments would essentially create an opening for everyone. The Feds have already proven they can’t keep their secrets secret – as EternalBlue Vault7 and Snowden have proved.
Sophos Naked Security blog spoke to Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity from The Center for Internet and Society at Stanford Law School about EARN IT. Her analysis says the proposed bill containing no tools to actually stop online child abuse. The bill would actually make it much harder to prosecute pedophiles. She explained that as it now stands, online providers including Apple, Facebook and Google proactively, and voluntarily, scan for child abuse images.
The keyword is “voluntarily,” Ms. Pfefferkorn says. Those platforms are all private companies, as opposed to government agencies, which are required by Fourth Amendment protections against unreasonable search to get warrants before they search our digital content.
The reason that private companies like Facebook can, and do, do exactly that is that they are not the government, they’re private actors, so the Fourth Amendment doesn’t apply to them.
Agents of the state
Turning the private companies that provide those communications into “agents of the state” would, ironically, result in courts’ suppression of evidence of the child sexual exploitation crimes targeted by the bill, she said.
That means the EARN IT Act would backfire for its core purpose, while violating the constitutional rights of online service providers and users alike.
rb-
The U.S. Department of Defense has explained that it depends on encryption to protect its employees and sensitive data.
Senator Ron Wyden, a Democrat from Oregon criticized the bill for its potential effects on encryption.
This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned.
I am not a fan of Facebook, but they do provide millions of reports to the National Center for Missing & Exploited Children every year. Sadly the amount of action taken by the Feds isn’t quite the same. It is due to a lack of resources and funding from the federal government, according to a New York Times report.
A better way to address the issue would be to give law enforcement more resources. Sen. Wyden argues that the EARN IT Act is a distraction from the Justice Department’s lack of funding and resources to handle online child exploitation.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.