A US BillThat Could Subvert Encryption - ThreatWire Crosspost
Added 2020-04-14 19:04:38 +0000 UTCA new bill has been introduced to legislation by Senators Lindsey Graham and Richard Blumenthal meant to create a commission to prevent, reduce, and respond to child exploitation online, a laudable and important goal. The National Commission on Online Child Exploitation Prevention would be tasked with developing best practices that companies running platforms would be required to adhere to. Section 230 of the Telecommunications Act of 1996’s Title V Communications Decency Act is a current law that states provides protections for platforms against legal liability for user-generated content, with notable exceptions - It does not protect platforms from coming under fire within federal criminal law, liabilities based on intellectual property law, communications privacy law or sex trafficking laws. As it stands, Section 230 is quite clear about what is and is not considered protected.
But this new bill could undermine Section 230 by putting many companies at serious legal risk or forcing them to undermine their own security. The EARN IT Act stands for “eliminating abusive and rampant neglect of interactive technologies act of 2020” and it allows for a commission to develop best practices then turn them over to the Attorney General, Secretary of Homeland Security, and the FTC Chair to approve or veto them. Congress could then write these into law. Companies would be required to adhere to these best practices and show that they’d “implemented reasonable measures” to prevent child exploitation. Since this is a commendable goal, why scrutinize it?
The EARN IT Act gives a large portion of authority to those in power that are against end-to-end encryption, specifically the Attorney General William Barr. The bill would give him the ability to approve or veto practices that platforms would need to accept, and could potentially put encryption in the crosshairs. Child exploitation is already covered under Section 230, deeming that if a platform knowingly distributes material or even if they find material on their platform, it MUST be reported to the National Center for Missing and Exploited Children and they must cooperate with law enforcement investigations. The bill can be read in its entirety on the EFF website.
The response hasn’t been surprising. While the EARN IT Act has been quietly gaining steam due to other news, the EFF and the encrypted messaging platform Signal have significantly opposed it’s adoption. Signal has stated that end to end encryption is fundamental to the safety, security, and privacy of conversations worldwide and the EARN IT Act would likely end in disallowing that kind of privacy technology. While not certain, the Act is broad enough and controlled by people who would likely want to see this happen.
Ironically, one of the sponsors of EARN IT, Senator Richard Blumenthal is also calling for an investigation into Zoom for not fulfilling its promises of offering end-to-end encryption. While this doesn’t necessarily make it contradictory, the EARN IT Act -could- hamper encryption and incentivize companies to make changes to their platforms that would keep them from being held liable, again, to something that is covered in Section 230 already.
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch! - https://snubsie.com/shop
https://www.youtube.com/shannonmorse -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
Links:
EARN IT:
https://www.eff.org/deeplinks/2020/03/graham-blumenthal-bill-attack-online-speech-and-security
https://www.eff.org/document/section-230-not-broken
https://www.eff.org/document/eff-earn-it-act-first-amendment-letter-sjc
https://www.eff.org/document/earn-it-act-introduced
https://signal.org/blog/earn-it/
