Home of internet privacy

The U.S. might permanently ban end-to-end encryption

This post was originally published on April 23, 2020.

The Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) bill was introduced into the U.S. Senate by Republican Senator Lindsey Graham and Democratic Senator Richard Blumenthal in March.

The bipartisan legislation argues that tech companies need to do more to control the flow of illegal content on their platforms. It proposes that companies like Facebook, Twitter, and Google follow a set of “best practices” in order to not be held liable for the material published by their users.

But that’s where the complications start. These best practices wouldn’t be just recommendations. Part of the EARN IT bill gives the commission sweeping powers to dictate that its practices be adhered to; any violations would be treated as falling afoul of the law and have widespread ramifications.

[Get the latest news in security and technology. Sign up for the ExpressVPN blog newsletter.]

Free speech under threat

Section 230 of the Communications Decency Act, passed into law in 1996, has had far-reaching consequences for the promotion of free speech on the internet.

The section says “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

In other words, while we can assail Facebook and Twitter for hosting fake news websites or providing a platform for hate speech, the companies cannot be held legally responsible for such actions. Basically any online platform that publishes third-party content (for instance, Medium, WhatsApp, Reddit, and 9Gag) is protected under the tenets of Section 230.

Senators Graham and Blumenthal, among many others, want this exemption to end. Backed by the U.S. Attorney General William Barr, who has repeatedly asked tech companies to build encryption backdoors and provide user data to law enforcement authorities, the EARN IT bill will only give compliant platforms legal immunity. Those platforms that don’t comply with the “best practices” might be stripped of their protections under Section 230 and face legal action.

Encryption is the target

The bill cleverly sidesteps any mention of encryption or backdoors for that matter. In fact, Senator Blumenthal went out of his way to explicitly point this out, saying that the bill does not talk about encryption and that is not its aim.

But experts agree that the only way to effectively monitor such platforms is to either do away with encryption entirely, or create backdoors for the companies to screen messages and uploads.

The proposed 19-person committee is overwhelmingly dominated by representatives from law enforcement agencies and nonprofits like the National Center for Missing and Exploited Children (NCMEC). What’s more, the attorney general reserves the right to accept or reject any of the committee’s recommendations, thereby guaranteeing a bill aligned with his interests.

According to John Shehan, vice president of NCMEC, all online services including communication apps should be forced to screen messages for material that’s considered abusive. What’s more, he says all screening technology should be pre-vetted by law enforcement. Platforms should report what they find immediately to both NCMEC and law enforcement; a failure to do so should have legal repercussions.

The backlash has started

Most tech companies have taken a wait-and-watch approach to the EARN IT bill so far, with the likes of Facebook and Google cautioning against a rushed decision and espousing the benefits of encryption.

However, encrypted messaging app Signal issued a strongly worded statement on its blog against the EARN IT bill, saying that it might be forced to pack up and exit the U.S. if it goes through.

Signal wrote: “Some large tech behemoths could hypothetically shoulder the enormous financial burden of handling hundreds of new lawsuits if they suddenly became responsible for the random things their users say, but it would not be possible for a small nonprofit like Signal to continue to operate within the United States. Tech companies and organizations may be forced to relocate, and new startups may choose to begin in other countries instead.”

Signal maintains that end-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide, that it is an app recommended by the U.S. military, and frequently used by senators and their staff. It reaffirms that it would not be able to operate in an environment where encryption wasn’t guaranteed.

As of right now, there hasn’t been any voting on EARN IT. But the bipartisan nature of the bill means it will likely find strong support. And with much of the country currently preoccupied by Covid-19, it’s possible that the bill is bulldozed through both houses without adequate time for public discourse and debate.

Let’s be very clear on this: The world would be a fundamentally less free and less secure space without encryption.