Refuge of Scoundrels: EARN IT Act Uses Child Exploitation Fear to Weaken End-to-End Encryption

TL;DR: A bipartisan piece of US Senate legislation, The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act), made significant strides on its way to becoming signed law. Its stated goal is to “encourage” the tech industry to “take online child sexual exploitation seriously,” wrapping lawmakers in the warm glow of benevolent protectors. Critics, however, charge the EARN IT Act is a sneak attack on encryption itself. 

EARN IT Act Uses Child Exploitation Fear to Weaken End-to-End Encryption

“Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina), U.S. Senators Richard Blumenthal (D-Connecticut), Josh Hawley (R-Missouri) and Ranking Member Dianne Feinstein (D-California) today introduced bipartisan legislation to encourage the tech industry to take online child sexual exploitation seriously,” a press release recently outlined.

The goal of US lawmakers in particular to solve the end-to-end encryption (E2EE) conundrum has been long coming. E2EE advancement means almost by definition only users can read such messaging. For privacy advocates and civil libertarians, preventing eavesdropping by private or government parties is a key element of speech protection in our digital age. The inability of outside forces to access cryptographic keys means a level of online freedom essential in areas of life from the mundane to profound.

E2EE also means a lack of third parties storing communication data frustrates governments especially, who often hector and cajole private companies to hand over sensitive information in a variety of cases. Online child predation is an issue often and immediately brought forward by law enforcement on their way to casting emotional doubt on E2EE’s necessity at all. Only extremists and derelicts require such technology! What are such people trying to hide!

The Next Crypto Wars

The EARN IT Act artfully seeks to shame increasingly powerful and unpopular tech companies such as Snap, Twitter, Microsoft, Facebook, and Google into first adopting nearly a dozen so-called voluntary principles. Wired’s Lily Hay Newman summed up the tension well. “Though the principles the companies are pledging to adopt don’t specifically impact encryption themselves, [they have] an explicit anti-encryption message. The cumulative effect […] could define the geography of the next crypto wars.”

  • Highlights of the EARN IT Act

  • Creates a strong incentive for the tech industry to take online child sexual exploitation seriously. The bill amends Section 230 of the Communications Decency Act to allow companies to “earn” their liability protection for violations of laws related to child sexual abuse material.

  • Establishes a National Commission on Online Child Sexual Exploitation Prevention to recommend best practices related to identifying and reporting online child sexual exploitation. The Commission consists of the heads of DOJ, DHS, and FTC, along with 16 other members appointed equally by Congressional leadership, including representatives from: law enforcement, survivors and victims’ services organizations, constitutional law experts, technical experts, and industry.

  • Allows for Congressional review of best practices. Before companies can certify compliance, there is a period of Congressional review for the Commission-developed best practices.

  • Safe harbors for liability. Companies can choose to certify compliance with best practices in order to maintain immunity from child sexual abuse material statutes. If companies do not want to certify compliance with best practices, they can maintain immunity by establishing that they have other reasonable practices in place to prevent child sexual exploitation.

  • Recourse for survivors and tools for enforcement. The bill bolsters enforcement of child sexual abuse material statutes and allows survivors civil recourse if companies choose not to comply with best practices or establish reasonable practices.

EARN IT amends previous legislation allowing tech companies to innovate without much regard to how users employ their various platforms. The new law, once enacted, would put the burden back on companies, who would have presumptive liability for their users’ actions. Platforms would then have to first show they are following anti-child exploitation guidelines before receiving the go-ahead to offer E2EE-related services.

It calls for a 16+ person commission, comprised of exploitation victims, law enforcement, Attorneys General, scholars, privacy advocates, and assorted cryptography and tech experts to, in essence, make E2EE decisions for the industry … with the force of US federal law. E2EE becomes something the government doles out, a kind of licensing.

Could Tech Companies Ever Really Do Enough?

Should EARN IT become law of the land, it would dramatically reshape the online tech landscape in perhaps unintended ways. It’s conceivable certain companies would never earn exemption from liability via this as-yet-assembled panel. The choice would be to water down their E2EE for law enforcement agencies or to simply not use it all. Once such a commission is in place, and the child exploitation blanket applied, it would be difficult to envision any tech company ever doing quite enough to satisfy government snoops.

Online privacy advocates, The Electronic Frontier Foundation (EFF), concluded, “EARN IT would simply have no effect—positive or negative—on the DOJ’s ability to prosecute online platforms that criminally aid and abet child abuse,” further insisting, “EARN IT is anti-speech, anti-security, and anti-innovation. Congress must reject it.”

The Center for Internet and Society at Stanford Law School agreed with the EFF’s takeaways. “It’s okay to be angry at Big Tech,” Riana Pfefferkorn explained. “But don’t let Senators Graham and Blumenthal dupe you into believing that the EARN IT Act would provide any vindication for you against the major tech companies. The bill’s ultimate intent is to penalize those companies for protecting your privacy and data security. That’s something that tech companies have been legally allowed to do for a quarter-century, and we can’t afford to stop them from doing it. Encryption should be encouraged, not punished.”

Bitcoin Cash

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.