21: Urge Congress to reject the EARN IT Act due to privacy implications

Updated: May 30

We summarize and analyze the proposed EARN IT Act. We urge Congress to reject the Earn IT Act due to privacy implications. We recommend that you petition Congress to find a better solution.

In our previous post on encrypted instant messaging, we alluded to the EARN IT Act being considered in the US Congress that potentially could cripple vendors of not only encrypted instant messaging tools, but a broad range of product categories that offer privacy through end-to-end encryption.

Background to the EARN IT Act

Legislation known as “Section 230” was passed in the 1990s to exempt internet companies from liability for what their users post or communicate on their platforms. So, for example, if a user posted a defamatory attack on someone on a community site such as Nextdoor.com, or a user posted hateful content on a social media site such as Facebook, or a user uploaded illegal content to a cloud storage site such as Dropbox, or a user sent a shady message on an instant messaging app, then, with some exceptions, under Section 230 the vendor could not be sued or prosecuted as the owner of the platform, but rather only the person who posted or transmitted the content could be held liable. This is analogous to two criminals plotting a murder on the phone could be prosecuted, but not the phone company they were using.

Section 230 enabled the growth of entire internet-based industries from online marketplace platforms, to social media sites, to email and messaging services, because the companies were protected from liability resulting from abuses that their users might commit.

Key provisions of EARN IT

On the surface, the EARN IT Act (Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020) is aimed at providing new tools to law enforcement to fight children sexual abuse. Producing or distributing content with child sexual abuse is already illegal, but the EARN IT Act would stipulate that internet companies must “earn” their non-liability for what their users post or transmit by abiding by “best practices” established by a commission. The commission could set standards for internet companies to which they must adhere or else lose their immunity from liability for user-submitted content.

Privacy worries: urge Congress to reject the EARN IT Act

Reject the EARN IT Act

While all would agree that aggressively pursuing criminals who distribute content that is sexually abusive to children is a noble goal, the specific bill has many flaws. In particular, grave concerns have been voiced not only by tech companies, but many privacy advocates (see, for example, EFF’s Congress Must Stop the Graham-Blumenthal Anti-Security Bill), regarding the adverse effect that commission members could have on individual privacy, free speech, and on the innovative technology industry (see also, for example, Wired’s The EARN IT Act Is a Sneak Attack on Encryption or CNET’s Why your privacy could be threatened by a bill to protect children).

The “best practices,” it is feared, could include scanning everyone’s online content and/or stipulating that internet companies that provide encryption for privacy deliver a “back door” key to law enforcement to decrypt what were thought by its users to be private, encrypted content. Such stipulations by the commission, consisting of 19 unelected officials including the US attorney general, would create a dilemma (or shall we say “quadrilemma”) for technology providers who provide end-to-end encryption for privacy to respond in one of four ways:

  • remove end-to-end encryption just when it is most needed for privacy and free speech,

  • keep encryption and assume liability for all content on their platform (not something any vendor would likely do as it could lead to its demise),

  • acquiesce to providing a backdoor key to law enforcement, risking back door keys discoverable to hackers or over-zealous governments, or

  • shut down its services.

On the last point, Signal, one of the leaders in end-to-end encrypted and private messaging, has already announced that they will withdraw from the US market if this bill passes in its current form (see Signal’s 230 or not 230: that is the EARN IT question). We have additional concerns: a) a back door key could eventually likely be obtained by hackers, destroying security and privacy in confidential content; b) the structure of the EARN IT act commission making the rules is a “slippery slope” to abuse of monitoring innocent citizens.

Actions Recommended

Almost all responsible parties would like to see stronger pursuit of criminals, and in particular those disseminating heinous content that sexually exploits children, but we conclude that the EARN IT Act is a fatally flawed method of achieving those goals. We urge Congress to

  • increase funding for and improve laws that pursue criminals who disseminate illegal content that exploits children, including higher incarceration levels;

  • pass laws that mandate standards that more reasonably balance law enforcement with privacy protection rather than allow an unelected commission with broad coercive powers to impose “best practices” by threatening disqualification for Section 230

  • ensure that with any laws there are judicial high standards for probable cause to obtain a warrant and legislative oversight

  • not throw out the privacy and encryption baby with the criminal bathwater.

Take Away

Urge your legislative representatives to reject the EARN IT Act in its current form, and adopt alternative legislation to pursue criminals that does not infringe upon everyone else’s privacy.

Get email alerts for new posts

*We do not share your email with any third party.  See Privacy Policy.

Use of this blog site constitutes acceptance of its Terms of Use. Note that the terms are written in plain English for clarity and transparency.  Similarly, see also our Privacy Policy.

Brand names mentioned are trademarked or are the trade names of their respective owners.

Other than the logo, most photos or illustrations are stock photos licensed from iStockPhoto.com


If you like the free content of this blog, help defray the costs of operating the site by making a small donation:

This site is owned and operated by Adept Advice LLC.

Copyright (c) 2020 by Adept Advice LLC. All rights reserved.