EARN IT Act Threatens to End End-to-End Encryption “For Good”
23 Mar 2020
“In the midst of chaos, there is also opportunity.”
This phrase can be interpreted in different ways, and the timing is fitting like never before.
While the public is distracted and concerned over the uncertain future caused by one all-consuming topic you can’t avoid, the US Congress is looking to use this situation to their advantage and pass the bill called “Eliminating Abusive and Rampant Neglect of Interactive Technologies”, or simply EARN IT.
The focus is elsewhere, and rightfully so, but don’t let other big news pass you by.
Why Should Anyone Care About The EARN IT Act?
The EARN IT act was introduced to the Senate in March by Dianne Feinstein, Lindsey Graham, Richard Blumenthal, and Josh Hawley.
If passed, the bill would create a committee, headlined by the attorney general, tasked to come up with “the best practices” to prevent and identify child exploitation content distributed through online platforms. Attorney William Barr repeatedly stated that, in his vision, “the best practice” to fight such crimes is to force encrypted messaging systems to give law enforcement access to all private conversations.
According to the act, platform providers would have to scan messages sent over encrypted services or risk losing their protection for not complying.
While the prevention of crimes committed against children is something that no sane person would oppose under normal circumstances, this is a classic example of how the government justifies getting access to all protected communication there is, covering up their real intentions.
This act raises a lot of questions, as in the United States of America, in line with the First Amendment, the government is prohibited from restricting most forms of speech, therefore unable to force companies to moderate content created by platform users through downgrading the encryption standards.
You can imagine how the act would put various secure messengers in a very tough situation. The act opposes democracy and is designed to violate encryption and subject privacy-enabling companies to lawsuits and criminal prosecution.
And as the name inclines, the bill will make tech companies earn their protections, in contrast to getting them by default.
Twenty-Six Words That Created the Internet
“The government doesn't want any system of transmitting information to remain unbroken, unless it's under its own control.”
― Isaac Asimov, Tales of the Black Widowers
While there always will be a portion of people who would neglect all the good encryption brings into our lives, putting everything concealed from public viewing into the “suspicious” category, there’s no denying that the following act would hinder Section 230 of the Communications Decency Act.
Often referred to as “the biggest law protecting Internet speech”, Section 230 states the following:
“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
It is a law that gives web hosts protection against legal claims that arise from hosting information composed by third parties.
Taking into consideration that prosecutors blame companies for not doing enough to prevent sexual exploitation and that The Justice Department wanted to get rid of end-to-end encryption, so it wouldn’t obstruct the investigation of online crimes, we get into a situation where companies providing secure communications should simply jeopardize their security and sacrifice the privacy of their users to comply.
Companies like Apple and Facebook got a warning that if the compromise would not be found, they would have a bad time.
"You're going to find a way to do this or we're going to do it for you." - Lindsey Graham
The act is threatening to make The Internet a place where every message sent is read by a scanning software approved by the government.
Why the Harm Inflicted by This Bill Would Outweigh the Benefits
The argument stating that “we need to crack down encryption to protect national safety” has holes in its logic, and the risk associated with this drastic measure is very simple to understand.
You can’t downgrade encryption in a manner where both ‘good‘ and ‘bad’ sides have different privileges.
The act would simply give an opening to even more crimes, exposing people to greater security risks, making it easier for criminals to get into the digital life of law-abiding citizens, who also become exposed to their very own government, that tries to protect them from all the evil in the world.
More precautions need to be carried out elsewhere to justify wiretapping, and history shows that even when domestic intelligence and security services have the access to secret communication, they are still far and away from controlling the situation.
There’s no guarantee that backdoors can change the outcome of malicious actions, as often vague messages sent by terrorists, for example, would not be sufficient enough evidence to prove ill intent.
The removal of encryption could do unthinkable damage to the overall economy, harm e-commerce and online banking, expose nuclear facilities and power grids to outside interference, which in turn is a greater threat to national security. If we talk about people and their constitutional rights, the act would endanger journalists, dissidents, and activists. Data breaches that already desensitized our society will be even more harmful, enabling identity theft.
The legislation is not a panacea, but an action that can bring significant risks in return for unguaranteed benefits.
Unfortunately, most people don’t understand encryption and the privacy-ensuring benefits it offers. This makes the task of discerning 'the mental gymnastics' of using sensitive topics to push political agenda from actual nation’s security a far greater challenge.