Encryption Under Legal Threat
US CONGRESS IS LOOKING AT RESTRICTING the use of end-to-end encryption. The bill responsible goes by the title of Eliminating Abuse and Rampant Neglect of Interactive Technologies Act, or EARN IT. The goal is cited as stopping the exploitation of children online, which is hard to argue against, but the ramifications are far wider. Currently, Facebook and friends escape responsibility for the nefarious acts of users, thanks to Section 230 of the Communications Decency Act. This absolves them of responsibility, even for the most heinous of crimes; they are merely “providers.” This infuriates many lawmakers, who see the distributors of abusive material go unpunished. They also perhaps don’t relish the privacy that encryption provides.
If passed, the Act would force tech companies to use “best practices,” which earn their immunity under Section 230. A new commission will recommend best practices to the Attorney General, who would retain the final decision. An obvious target is end-to-end encryption; with this in place, it is next to impossible to police material. Thus, without specifically banning encryption, companies would have to drop it to earn immunity. There’s a number of problems with the bill, not least of which is that it is potentially unconstitutional. It is also unlikely to have much effect. You could, for example, encrypt something, then distribute it. EARN IT is legally flawed, and unlikely to become law. It’s a clumsy attempt to strip Section 230 immunity from technology companies, and police how they operate, but it won’t be the last.