The “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act”, also known as The EARN IT Act, is the United States Senate’s latest attempt to dismantle end-to-end encryption for their citizens. Surprisingly, both the Republican and the Democratic parties are supporting the bill. While this is not the first time the U.S. government has attempted to come in between encryption and its citizens, its intensity has been gathering force in recent months. The proposed legislation will impact cloud service providers, social media companies, communications platforms, and other technology services.  

In this proposal, child sex abuse material (CSAM) is at the forefront of the argument. In fact, the proposed bill is said to have been developed in an effort to establish “best practices” when fighting CSAM online. The caveat is that online service providers will have to follow the laid practices in the bill or risk losing Section 230 immunity under the Communications Decency Act(CDA)

This particular section protects online service providers by recognizing that they are not held accountable for the actions taken by the users of their platform. The clause in the bill threatening section 230 is however groundless as Section 230 already does NOT provide protection for providers when it comes to CSAM.  What the immunity has allowed though is for the Internet to flourish to what it is today. Without it, many major platforms could have been sued out of existence and perhaps never been created in the first place. 

Another issue with this bill is that service providers that utilize full encryption would not be able to meet the best practices requirements that are being proposed to identify, report and preserve evidence related to child exploitation. Tactically, this is a smart move for the anti-encryption proponents. No one wants to stand against a bill that is meant to tackle the issue of child endangerment, even if it means losing the one medium that preserves some form of privacy online. Hiding a ban on full encryption behind the issue of CSAM deters focus and holds people from standing up for encryption

Naturally, everybody is against child endangerment and CSAM. However, the means for the end need to be reasonable and should not compromise basic human rights for privacy. As mentioned, Section 230 immunity does not provide immunity for providers when it comes to dealing with CSAM on their services. This is one of the key problems with this proposal and why it is nothing more than a smokescreen to ban encryption. Techdirt’s Mike Masnick recently stated, “not a single thing in CDA 230 stops the DOJ from doing anything. Attorney General Barr seems more interested in punishing tech companies about encryption, and sees 230 as a lever.” 

U.S. Federal law already imposes duties for online service providers that fail to report, remove and preserve evidence when CSAM is found on their services. Threatening Section 230 is not necessary since online service providers are already held accountable. Last year alone, online service providers reported over 45 million instances of CSAM. From inspection, this bill seems nothing but a ploy to jeopardize service providers that provide full encryption for their users. The U.S. Attorney General despises encryption and this proposal is the first of many steps to prevent full encryption from being used by service providers. 

Even though it is masking to be, the “Earn It Act” is not about fighting CSAM. The “Earn It Act” is meant to provide law enforcement with access to all of your private conversations, whether malicious or not. U.S. Attorney General Barr and U.S. political leaders are attempting to punish online service providers for opposing the U.S. Department of Justice’s desire to ban encryption. Mike Masnick from Techdirt summed it up best in a recent blog post by writing, “the whole thing seems to be little more than an abuse of DOJ power to intimidate and threaten an entire industry for daring to support online security and free speech online against a government which would prefer that neither thing be enabled.” 

Protect yourself and use PrivadoVPN before you go online. Stay informed and protect your privacy. PrivadoVPN will provide further updates on the global fight against encryption and we will be here to support your privacy.