Security news that informs and inspires

Tech, Privacy Groups Urge Senators to Oppose EARN IT Act

By

With the EARN IT Act still awaiting action in the Senate, more than 25 technology, civil liberty, and open society organizations have sent a letter to senators expressing strong opposition to the bill and urging them to vote against it.

The bill has come under sharp criticism from privacy and security experts for a number of reasons, most notably for the effect that it would have on the ability of platform providers to offer encrypted services. The stated purpose of the bill is to prevent the publication and spread of child exploitation material, and it would do so by setting up a commission that would create a set of voluntary best practices that platform providers would be encouraged to comply with in order to maintain their protection from prosecution under Section 230 of the Communications Act. That section is what protects providers from being held liable for the content people post on their platforms.

EARN IT would essentially discourage platform providers from offering services such as end-to-end encrypted messaging or email because they are not able to examine the contents of the messages for illegal material. Although the text of the bill does not explicitly mention encryption or secure messaging services, the effect on providers of those services would be severe. In the letter sent to senators this week, the groups say the EARN IT Act would undermine and disincentivize providers from offering those services, even after the addition of an amendment that says providers would not be liable for violating the law simply because they offer encrypted services.

“As amended, the bill invites repeated and protracted litigation about whether a provider’s decision to provide encrypted services was the entire cause for its failure to adopt certain practices to combat CSAM. For example, the amendment does not clearly protect providers against liability if they do not comply with mandates to employ certain techniques that are incompatible with secure end-to-end encryption,” the letter says.

“Techniques such as client-side scanning and sender authentication can give law enforcement access to communications content. But, each technique undermines the promise of end-to-end encryption—that only the sender and recipient will be able to understand the content of the communication. Use of such techniques would be incompatible with a secure end-to-end encrypted service.”

The letter is signed by the Electronic Frontier Foundation, Center for Democracy and Technology, Fight for the Future, Freedom of the Press Foundation, and many other groups and also raises concerns about the commission the bill would establish to set out the best practices for providers. The commission would be headed by the attorney general and include many other members from law enforcement agencies.

“The Commission is free to, and likely will, recommend against the offering of end-to-end encryption, and recommend providers adopt techniques that weaken the cybersecurity of their product. While these best practices would be voluntary, they could result in reputational harm to providers if they choose not to comply, and inform how judges evaluate a provider’s liability,” the letter says.

The EARN IT Act was introduced in March and amended in July and has been on the Senate legislative calendar since late July.