The EARN IT Act is the latest clueless attack on encryption, do not fall for it

Posted on Feb 3, 2020 by Caleb Chen
senator lindsey graham earn it act attacks encryption

The latest attack on encryption is here, and it’s being championed under the cover of – surprise surprise – a necessary step to protect the children. Senator Lindsey Graham and Senator Richard Blumenthal are proposing a new bill called the ‘‘Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019,” abbreviated as the EARN IT Act.

You can read the draft bill here. In essence, if the EARN IT Act is passed, it will create a “National Commission on Online Child Exploitation Prevention” (NCOCEP) that will be responsible for drafting a set of rules that internet companies must follow in order to continue being eligible for protections under Section 230 of the Communications Decency Act. This is an issue for multiple reasons.

The NCOCEP would be headed by Attorney General Bill Barr, who has already made headlines multiple times for calling on tech companies to build in backdoors to encryption. He is willfully ignorant that such backdoors would only serve to damage trust and doesn’t understand the basic concept that a backdoor, once built, can be used by the bad guys as well as the good guys. At its core, the EARN IT Act would give the Attorney General the power to force tech companies like Facebook to build backdoors into their encryption.

None of this commentary is to say that the children don’t need protecting – they do. The Department of Justice already has the power to crack down on internet companies if they are enabling online child exploitation – in fact that’s exactly the angle that was used in the takedown of Backpage.

Riana Pfefferkorn, writing for The Center for Internet and Society at Stanford Law School, lambasted the proposed law with a comprehensive criticism. She called the EARN IT Act what it really is, a way “to ban end-to-end encryption without actually banning it.”

The EARN IT Act is a clueless, damaging proposal from a clueless politician

The Senator behind the EARN IT Act has previously admitted to the world that he has never even sent an email – what’s more, he’s proud of that fact. Senator Lindsey Graham is a committee member of the Subcommittee on Privacy, Technology and the Law but has no demonstrable knowledge of privacy, technology and is actually actively attempting to update the law to damage the two. End-to-end encryption is not something that can be legislated away. End-to-end encryption works as a byproduct of the laws of mathematics, and attempting to legislate that away is utter buffoonery. Alas, what can be expected when we entrust internet policy to people that fundamentally don’t care about the internet?

This bill doesn’t give the United States government any new powers, it just gives them the ability to strip away protections that keep the internet free. The thought that having such power under a committee that pledges to consider privacy concerns somehow makes it OK is laughable – but that’s how this latest attack on encryption is really being framed by its perpetrators. Now is the time to act and tell your representatives that the EARN IT Act is a nonstarter. As the Electronic Frontier Foundation (EFF) put it:

“EARN IT is anti-speech, anti-security, and anti-innovation. Congress must reject it.”

Featured image by Gage Skidmore shared via CC By 2.0 License.