Proposal of EARN-IT Act causes privacy concerns

Proposal+of+EARN-IT+Act+causes+privacy+concerns

Graphic illustration by Ron Aich

Ron Aich

Senators introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN-IT) Act in early March, which threatens to undermine end-to-end encryption. This encryption technique encodes messages so that only senders and receivers can view the message. Outlawing end-to-end encryption could cause serious privacy risks for technology companies operating in the U.S. If passed, the law may also give the US government the ability to breach online privacy and view thousands of messages from unsuspecting social media users.

When a bipartisan committee of senators proposed the EARN-IT Act, its intended purpose was to prevent and reduce the amount of Child Sexual Abuse Material (CSAM) circulating through popular social media outlets. The bill would create an advisory council in Congress that reviews tech companies’ susceptibility to CSAM and then drafts a list of best practices that they have to follow in order to retain their right to encrypt their messages. However, the bill is largely considered a front to allow the US government to legally access millions of online messages by technology law experts such as Stanford’s Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn. 

It is a bait-and-switch. Don’t fall for it,” said Pffeferkorn in an article for the Stanford Center for Internet and Society.  “And I’m only going to barely scratch the surface of the many, many problems with the bill.”

Many other technology publications such as Wired Magazine and Techdirt.com have interpreted the suspicious timing of the bill’s introduction during the COVID-19 pandemic and its virtually nonexistent media coverage as a sign that the bill was being proposed to serve an ulterior motive. 

At first glance, though, nothing seems suspicious about the EARN-IT Act. It simply appears to be a bill that creates an advisory council to large tech companies. In fact, nowhere in the bill itself does it mention that the Act would ban end-to-end encryption. The malicious intent of the bill, however, is hidden within the fine print. 

One clause buried deep in the bill amends and implicitly threatens to revoke Section 230 of the Communications Decency Act, which is a law that protects tech companies from being liable for illegal material posted on their sites. Companies will have to “earn” their right to encrypt messages by following a set of guidelines set forward by a Senate-appointed committee and allowing the US government access to their messages. This puts businesses in an impossible position: either allow the government to look through protected messages, or lose the ability to protect its customer base through end-to-end encryption. 

Forcing businesses into this lose-lose situation is not only unethical, but unconstitutional. Although there is no single law regarding online privacy, most state laws treat online property as physical property. This means government officials cannot search online possessions without a warrant.  The EARN-IT Act essentially allows the government to search the online property of millions of unsuspecting users, violating the Fourth Amendment of the Constitution, which prohibits unreasonable searches of private property.

If Section 230 is turned over, social media companies that rely on end-to-end encryption would have a much harder time operating in the US. Losing the ability to encrypt messages would be disastrous to these companies. Not only would they be sharing their information with the US government, they would be more susceptible to hacking by third-party entities. This bill would make protecting consumers much harder than ever before. Encryption giant Signal, widely considered the most secure messaging app in the world, has already threatened to move out of the U.S. if the EARN-IT Act becomes law.

Although many senators are aware of the detrimental effects of the EARN-IT Act, many are finding it difficult to deny the bill’s passage. Because this anti-encryption law is technically an anti-CSAM countermeasure, senators will lose face if they don’t support the bill. If senators cannot find a way to prevent this proposal from becoming law, the technological future of the United States appears bleak. This blatant violation of the Fourth Amendment is an insult to the freedom that the United States prides itself upon.