Posted on by

Congress Trying to End Secure Encryption Through EARN IT Act.

Reading Time: 5 minutes.
A photo of Lindsey Graham

Senator Lindsey Graham, who now stands against encryption after his second flip-flop on the subject. Photo: Stefani Reynolds/Bloomberg/Gettty Images

The encryption battle is a long one. I’ve written so many times about how important it is for everyone to have the security of encryption. Your device needs it. Your banking website needs it. Your chat app needs it. Are you getting it? Without encryption, nothing you do will be secure or private. Every device you own will be an open window into your entire life, an unlockable door.

Technology experts have warned of the dangers of leaving your devices completely unlocked. You know to have strong passwords and lock screen passcodes. You know how vitally important it is to protect your accounts.

So why, oh, many gods of technology, why, are we still arguing over this?

Here, I’ll put it succinctly: without encryption, you’re screwed.

Too frank? Okay.

Without encryption your entire digital life will be public. Your photos, your emails, your banking information, your private chats. Everything.

Or, more succinctly: screwed.

That brings us to the EARN IT Act, congress’s latest attempt to screw you.  Let’s talk about it in a less frank and less succinct way.

The EARN IT Act

The EARN IT Act stands for… oh boy… Eliminating Abusive and Rampant Neglect of Interactive Technologies Act. Does that make sense? No. But we’re just getting started.

The bill claims to “establish a National Commission on Online Child Sexual Exploitation Prevention, and for other purposes.” Hey, ending child abuse is certainly something we can all get behind. How does this work? Undermining Section 230 of the Communications Decency Act? To be honest, there are already parts of the existing framework to hold companies liable for sex trafficking and child pornography, so what more is there to do? These tools alone are enough to stop online services. But congress wants the ability to get something else.

Congress wants to block all encryption so the government (or anyone clever) can spy on anyone. Not only will criminals use their own encryption software that won’t have to answer to the U.S. governments ignorant laws, but the constitution protects people from being forced to write something, that includes software. Basically, this could only drive criminals deeper into the dark web and encrypted tools, away from the law, all while making average citizens vulnerable. But let’s look into this some more.

You Have to Earn It

Yeah, I know, that’s… just awful. Okay, the general premise is that tech companies have to “earn” Section 230 rights by following best practices. What best practices? They haven’t decided yet. But the same people backing the bill are the same people who attack encryption. Furthermore, they haven’t taken this off the table, though the latest version of the bill does remove a backdoor through encryption as a requirement.

Unless a tech company can prove they’re following whatever the requirements end up being, the EARN IT Act would make companies liable for what happens in their apps or services. Yelp could be sued for a bad review. Facebook for a post. YouTube for a mean comment. The EARN IT Act would severely undermine Section 230, AKA, the backbone of the internet. It could also pave the way for a stipulation that all traffic must be open, virtually unencrypted, with backdoors for the government (or, again, anyone clever), to view what’s happening between users.

The idea is, if you don’t open your users up to exposure and destroy privacy and security on your system, you’re liable for everything on your app or service. As we discussed before, such liability would cripple the internet. No website that allows users to write or share their own content could exist, and many other businesses that support the internet, like CDN services, VPNs, or your ISP could exist. Basically? Without Section 230, the internet cannot exist, it’ll be sued out of existence.

It Already Passed One Hurdle

I know, this all sounds terrifying. Fortunately, the version that passed through the senate had the worst part removed. Companies could volunteer to expose their users. However, they still haven’t agreed to what measures companies would have to follow. This means that, in the future, the EARN IT act could be used by a committee, potentially not even made of elected officials, to undermine the internet. This is the problem when a majority of representatives in government do not understand technology.

We can still stop this bill, but time is running out. The attorney general, William Barr, is a pro-surveillance attorney general. He doesn’t care about first amendment rights, security, privacy, or technology in general. He will not oppose this. It’s up to you and your representatives to stop it now.

“Lawful Access”

These backdoors are known as “Lawful Access.” Think of it this way. You build a secure building. It has one door. That door is guarded so only people who are permitted inside can get in. Lawful Access says you also have to put in a back door that anyone with a less strict passcode could get in. Obviously, that passcode leaks, or someone sells it, and your building is no longer secure.

That’s lawful access. Originally, the EARN IT bill was supposed to force lawful access on tech companies through the guise of protecting children. Now, it enables states to do that, but does not do it on its own. It’s still dangerous.

Will it Pass?

This is a bipartisan bill that largely focuses on “protecting the children.” The nefarious reasons the bill is being passed are less clear. It would be more beneficial to fund departments that investigate child trafficking, but no one here is looking for actual efficiency. This is about disabling tech. Because this doesn’t directly attack security, Democrats will likely sign on. Usually, they’re the hold outs when it comes to protecting security, but because they can support the bill while claiming to not fight encryption, they’ll be more likely to sign on. As it is, 6 of the 10 cosponsors of the bill are Democrats.

This is dangerously close to becoming law.

What Can I Do?

I’m glad you asked. Here are a few ideas to help block this bill.

Write to The Cosponsors of the Bill

  • Senate Judiciary Committee chairman Lindsey Graham (Republican, South Carolina)
  • Sen. Richard Blumenthal (Democrat, Connecticut)
  • Sen. Josh Hawley (Republican, Missouri)
  • Sen. Dianne Feinstein (Democrat, California)
  • Sen. Kevin Cramer (Republican, North Dakota)
  • Sen. Doug Jones (Democrat, Alabama)
  • Sen. Joni Ernst (Republican, Iowa)
  • Sen. Bob Casey (Democrat, Pennsylvania)
  • Sen. Sheldon Whitehouse (Democrat, Rhode Island)
  • Sen. Dick Durbin (Democrat, Illinois)

Write to Your Own Representative

You can find your local representatives here, and find your state senator here. You should focus on senators and representatives in the House, but all levels of government are fair game. Express enough outrage to enough elected officials, and the parties will change their stances.

Make sure they understand that 1) Encryption with backdoors is not secure, no matter who has “lawful access,” everyone will have access. 2) This is not the correct way to protect children, and is an unnecessary measure. 3) Forcing people to write software is a violation of their first amendment rights. Finally 4) Without Section 230, no service can exist. That includes not only social networks, but also the frameworks the internet relies upon.

Support those Opposing the Bill

You can support those fighting against the bill through financial donations, volunteering your time, or using their products (in the case of Mozilla, maker of Firefox).

I highly recommend supporting the ACLU and Electronic Frontier Foundation (EFF) at the very least. These two are at the forefront of this and many other issues in tech, and often sue to hold legislators accountable to the constitution.

And Then?

Advocacy. Spread the word. Make posts on Twitter, Facebook, Reddit, or… well, your tech blog. Just make sure people know about this problem and how dire the consequences could be. This could undermine the internet as we know it, and also break security on your smartphone, computer, and other personal electronics. Right now, as someone more educated on the issue than your legislators, you’re your own best advocate. So go advocate.

Sources/Further Reading: