A bipartisan group of senators is advancing a bill that has many sounding the alarm on its chilling effects for communication privacy and freedom of speech.
Senate bill 3398, entitled the Eliminating Abusive and Rampant Neglect of Interactive Technologies or EARN IT Act, was introduced to the Senate Judiciary Committee on March 5, 2020 by Republicans Lindsey Graham (SC) and Josh Hawley (MO), and Democrats Richard Blumenthal (CT) and Dianne Feinstein (CA).
The stated aim is to pressure tech companies to take online child exploitation more seriously and assist the government in fighting it. However, many observers and civil liberties groups have warned that its true effect and intention is to compell companies to create backdoors for end-to-end encryption, to make private user data accessible to the state on demand. End-to-end refers to communication encrypted such that the data can only be read on the sending and receiving devices, meaning the company providing the service itself does not have access.
Attempts at forcing tech companies to build backdoors into encrypted software have occurred in the past. In the US, this goal has so far eluded power-hungry politicians and bureaucrats, but in Australia, the Assistance and Access bill of 2018 made it mandatory for companies to break their encryption, whether through built-in backdoors or hacking, whenever the state or law enforcement demanded it.
The Orwellian legislation had the effect of causing Microsoft to declare that its corporate and state customers had begun asking for their data to no longer be stored in Australia, necessitating the construction of new centers elsewhere. However, this was nothing compared to the effect on privacy.
To begin with, some of the potential actions the Australian law would force companies to comply with included installing malware on users’ devices to enable access to their accounts and communications; “modify the service they are providing, including potentially blocking messages;” and “assist law enforcement without alerting the end-user.”
But it gets even worse. According to a report from the Guardian:
“People accessing the internet at McDonald’s and Westfield in Australia could be targeted for surveillance by police…
The briefing also provides examples of what type of assistance authorities can lawfully require, including: a social media company helping to automate the creation of fake accounts; a mobile carrier increasing the data allowance on a device so surveillance doesn’t chew up users’ data; blocking internet messages to force a device to send messages as unencrypted SMSes; and a data centre providing access to a customer’s computer rack to allow installation of a surveillance device.”
The US and Australia are both part of the sinister-sounding “Five Eyes” countries, a group which also includes the UK, Canada, and New Zealand. In fact, the Australian bill was modeled on a UK law called the Investigatory Powers Act, which has been nicknamed the “Snooper’s Charter” and is described as “placing Britain under some of the widest-ranging spying powers ever seen.” The Five Eyes favor mass-scale surveillance and ending encryption inaccessible to the government.
In the US, Bill Barr, Trump’s appointed Attorney General, has been on a long crusade against encryption. Under the EARN IT Act, he would choose a National Commission tasked with developing “best practices” for fighting child sexual exploitation online.
The catch? The commission would develop practices, rules, and make decisions concerning whether private companies had “earned” the protection they currently enjoy under Section 230, a 1996 federal communications statute which stipulates that “providers and users of interactive computer services aren’t automatically liable for each other’s content or conduct,” and thus fundamentally undergirds much of the practice of free speech online.
In other words, if tech companies did not comply with what a commission appointed by the AG deemed “best practice” or acceptable, they would become automatically liable for user content and be opened up to potentially endless lawsuits, creating a terminally chilling effect on freedom of speech. In this way, companies would also be forced to build backdoors into encryption to continue receiving protection.
Critics of the bill such as the ACLU and many others, have highlighted the significant concerns with its potential effects. In addition to the gross and dangerous state violation of privacy, it would make software more vulnerable to hackers and criminals. End-to-end encryption is also a vital technology for journalists and political dissidents.
The bill is co-sponsored by Republicans Kevin Cramer (ND) and Joni Ernst (IA), and Democrats Doug Jones (AL), Bob Casey (PA), Sheldon Whitehouse (RI), and Dick Durbin (IL). In addition to Barr, FBI director Christopher Wray, another Trump appointee, has also voiced support for forcing companies to provide backdoors or otherwise compromise the privacy of their services.
All of this shows that the threat to privacy in communication and freedom of speech online is coming from both parties, with the current administration also apparently on board. Concerned citizens should make their voices heard publicly and to their representatives, as well as spread information and awareness to others so that this legislation is not allowed to be slipped past the American people in the dark.