Introduced by Senators Lindsey Graham and Richard Blumenthal, the EARN It act would force companies to “earn” protection from Section 230 to fight online child exploitation.
Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability or remove encryption protections altogether.
My linked teaser from yesterday was separate from the EARN It act, but now it shows that companies are being coerced on two fronts.
Senator Lindsey Graham is drafting a bill [PDF] that could penalize companies using end-to-end encryption.
Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.
If technology companies don’t certify that they are following the best practices set by the 15-member commission, they would lose the legal immunity they currently enjoy under Section 230 relating to child exploitation and abuse laws. That would open the door to lawsuits for “reckless” violations of those laws, a lower standard than contained in current statutes.
Of all the dumb things this administration has done, attacking encryption is a doozy. It’s not clear how much this would impact Apple, since the company does in fact scan for child abuse images. But iMessage and a few other services are end-to-end encrypted.
Apple and Facebook representatives met with lawmakers today where senators pushed for the companies to compromise their users’ security by including encryption backdoors. In particular, Sen. Lindsey Graham said:
My advice to you is to get on with it. Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.
“Encryption backdoors for thee, but not for me.”