As the coronavirus continues to spread across the globe, having infected over 85,000 people in the United States alone, the Trump administration is attempting to pass a bill through Congress that would undermine modern privacy and encryption standards. The EARN IT Act, which many have described as a “sneak attack” on encryption, is written under the pretext of combating sexual exploitation of children online, especially on sites that facilitate communication, like Facebook and Twitter.
EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies), concerns a long upheld law known as Section 230, in reference to a part of the Communications Decency Act (CDA). This section has facilitated the rapid growth of new technologies and the internet at large by granting liability exceptions to companies for the content that their users create. These exceptions, which are automatically granted under the CDA, have allowed technology companies to expand their platforms, uninhibited by concern over their users’ content. EARN IT would require companies to prove that they follow the recommendations of a 19-person commission before earning these exceptions.
So why is this act causing an uproar among civil rights advocates? The answer lies in its implications for end-to-end encryption.
In recent years, the Trump administration has launched a campaign against encryption, spearheaded by Attorney General William Barr. In a speech last year, Barr claimed that, “encryption poses a grave threat to public safety by extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes.” More recently, following the Pensacola Naval Base shooting in December 2019, President Trump said that “Apple has to help us” in unlocking the suspect’s phone. As Politico reported, that statement continued the rise in expectations for a new push of anti-encryption legislation. These expectations have finally surfaced in the form of EARN IT.
Encryption has and continues to serve as an important asset for activists and civil rights advocates, allowing for secure and private communication in an age where authoritarian governments are on the rise. Due to the recent attacks on encryption by the Trump administration, many fear that recommendations from a 19-person commission could lead companies to reduce the integrity of their encryption standards under the guise of protecting children from exploitation online.
The point remains, however, that it’s worth sacrificing encryption to protect children from sexual exploitation online. Perhaps it is. This idea falls into the broader ongoing debate of sacrificing civil liberties for security, which would be valid if there were any proof that the EARN IT act could actually accomplish what it claims. A similar law, known as FOSTA-SESTA, was written to eliminate online sex trafficking. But, as The Verge reports, “evidence that [FOSTA-SESTA] reduced sex trafficking is suspiciously hard to come by. And there is little reason to believe that the EARN IT Act will be a greater boon to public life. There is very little evidence that EARN IT will have a positive impact on online communications.”
Notably, the recommendations put forth by the commission will remain optional for companies. Should companies decide to neglect the recommendations of the commission, they have three options. They can accept the liability and the risk involved with allowing users to create content unabated; undermine their encryption by providing a backdoor to law enforcement, thereby eliminating liability for user-generated content, but providing open access for law enforcement to sensitive user data; or completely remove end-to-end encryption from their platforms, thereby allowing user data to be seen by anyone. The EARN IT Act would therefore give the Trump administration the weapon it needs to effectively eliminate end-to-end encryption. This danger is what’s causing an outcry among privacy advocates.
As for high school students, the need for encryption may seem unnecessary; the government isn’t interested in what an average American teenager is sending. However, encryption powers practically every form of online communication. Messages sent on Facebook, Twitter, Instagram, and even Snapchat, a social media platform widely used by teenagers because of its “disappearing” messages, could be signed, sealed and delivered to the United States government as a result of the Act. Any message or image sent could be scanned and/or stored on a government server. And while this may not scare too many people (after all, what is there to hide) the danger lies in what its implications for the future. As mentioned before, the world is facing a rise in authoritarianism that has been accompanied by an increase in government surveillance and the silencing of certain opinions. So encryption is not just about a streak someone sent on Snapchat yesterday. It’s about the rights of Americans and everyone across the globe, including those to privacy and freedom of expression. As Andy Yen, founder of ProtonMail explains, “Privacy is a fundamental right. Let’s not squander it in the name of security.”