Bill targeting online child abuse puts encryption in crosshairs
The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) creates incentives for companies to “earn” liability protection for violations of laws related to online child abuse material (CSAM). Establishes a National Commiss
Washington, March 8: A bill aimed at curbing online child sex abuse is pitting the US government against the tech sector, in a battle about encryption and liability for illegal online content.
The bipartisan measure unveiled by U.S. senators Thursday ties together two separate issues -- law enforcement's access to encrypted online content, and tech platforms' legal immunity for what users post.
In unveiling the measure, senators said they were aiming to curb images of child sex abuse by forcing tech platforms to cooperate with law enforcement on encryption or risk losing the legal immunity for what is posted on their websites.
Digital rights activists have joined the tech sector in arguing this move is an indirect way to weaken online encryption in the name of better law enforcement access.
They say it erodes two cornerstones of the online ecosystem: Strong encryption to keep data secure, and a liability shield which enables social media platforms to allow users to post content freely.
The bill "would give government officials unprecedented powers to craft de facto regulations for online speech," said Emma Llanso of the Center for Democracy and Technology, a digital rights organisation.
“Online service providers would almost certainly err on the side of caution and take down anything - including a lot of lawful, constitutionally protected speech.”
Encryption has been a point of contention between tech firms and law enforcement for decades. FBI officials have warned of "going dark" in investigating crimes as a result of new forms of end-to-end encryption, while civil rights advocates warn that any "backdoor" access could be exploited by hackers and authoritarian governments.
The proposal "aims to kneecap encryption under the guise of protecting children online, while capitalizing on the techlash," said Riana Pfefferkorn of the Stanford University Center for Internet and Society, referring to the simmering discontent with Big Tech over data protection and other issues.
Lawmakers say the bill Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT) allows companies to "earn" their liability protection, by gaining certification of compliance by a commission of government, industry, legal and victim group representatives. A hearing is set for Wednesday on the measure.
They, along with the Justice Department, have complained that existing laws protecting platforms such as social media companies from liability for user-posted content have allowed child pornography and images of exploitation to proliferate.
Critics say the bill, if enacted, could lead to draconian internet regulation. “You shouldn't need to get a pass from a commission of law enforcement agencies just to set up a website,” said Joe Mullin of the Electronic Frontier Foundation.
“That's the type of system we might hear about under an authoritarian regime.” Gary Shapiro, president of the Consumer Technology Association said the bill “sets up the false choice between child safety and internet safety.” Shapiro said in a blog post that the proposed law would not stop the use of encryption but “penalise American companies by forcing those interested in secure communication to move their business to offshore companies not governed by US law.”
“This bill is a major first step. For the first time, you will have to earn blanket liability protection when it comes to protecting minors. Our goal is to do this in a balanced way that doesn’t overly inhibit innovation, but forcibly deals with child exploitation.” - LINDSEY GRAHAM, Senate Judiciary Committee Chairman