How the EARN IT Act is Threatening End to End Encryption

In the wake of the COVID-19 crisis, anything that doesn’t have much to do with the virus isn’t making news. One such thing is the introduction of the EARN IT act.

So what exactly is the EARN IT act, and why is it such a threat to end-to-end encryption? Let’s take a look.

Before we get any further, let’s make sure we all understand end to end encryption.  End to end encryption is a way of protecting information from 3rd parties.  Simply put, end to end encryption scrambles data from one source or “end” and does not decrypt the message until it reaches the other end.  This protects companies and their data from malicious activity, but it also allows cybercriminals to store and share illegal files and data freely.  That is where the debate on end to end encryption begins, and why the EARN IT act has been proposed.

What is the EARN IT Act?

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or EARN IT Act, is a bill designed to require tech businesses to take child sexual exploitation with more seriousness. Essentially, the act would create more incentives for businesses to earn liability protection for law violations that relate to online child sexual abuse material or CSAM. According to one of the legislators that introduced the bill, member Dianne Feinstein, companies “must do more to combat this growing problem on their online platforms. Our bill would allow individuals to sue tech companies that don’t take proper steps to prevent online child exploitation, and it’s an important step to protect the most vulnerable among us.”

So what bad could possibly come from this act? Unfortunately, many believe the bill is a thinly-veiled attempt to disrupt end-to-end encryption.

Why is the EARN IT Act Such a Threat?

The EARN IT Act New Jersey bill is a noble cause, but tech experts are wary that the bill could violate free speech and damage security protections on the internet.

The bill itself could be seen as an attempt to chip away at end-to-end encryption by targeting Section 230. Section 230 is a vital part of the Communications Decency Act of 1996, an act that protects free speech by giving tech leaders and companies immunity from liabilities that may be associated with content that is posted on their respective platforms.

The Justice Department has been saying for quite a while that end-to-end encryption presents a roadblock for investigators that need to gather evidence to catch internet criminals. With no compromise in sight, the EARN IT Act seems to be a way to force tech companies to take more responsibility for what is posted on their platforms. Section 230 essentially states that liability falls on individual users, rather than the owner of the platform that user content is posted on. The bill will make it possible to sue tech companies that aren’t taking more steps to prevent child exploitation– which could lead to a widespread end to end-to-end encryption so that tech platforms can protect themselves legally.

What do you think of the EARN IT Act? Do you believe it will help fight online child exploitation or break down end-to-end encryption and internet privacy?

Don’t forget to follow the VelocIT for more updates on the Earn It Act and other relevant tech laws.
Photo source: Pixabay