In the latest attack on privacy and encryption, lawmakers have re-introduced the EARN IT Act, described as “one of the worst pieces of Internet legislation.”
The Eliminating Abuse and Rampant Neglect of Interactive Technologies Act is a piece of wildly unpopular legislation that was originally introduced in 2020. The goal of the legislation was to protect children and help eliminate online sexual abuse, obviously admirable goals that any decent human being supports.
Unfortunately, when it was first introduced, the bill essentially sounded a death knell on encryption, which is the very basis of online privacy and security, and treated every online citizen as a suspect. The bill would have required companies to follow mandatory “best practices,” practices that would have forced companies to weaken encryption in order to comply.
In its original incarnation, the bill was eventually amended to exclude encryption from the list of things that could increase corporate liability, and the “best practices” were changed to recommendations instead of requirements. Nonetheless, the bill remained unpopular enough to eventually be dropped.
Mass Surveillance Is Once Again on the Table
Let’s be clear: the new EARN IT Act would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe. It’s a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online—backups, websites, cloud photos, and more—is scanned.
The bill’s goal is multi-pronged:
- First and foremost, it attacks end-to-end encryption, encouraging “states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services.”
- The bill encourages the use of government-approved software that will be used to scan everything sent online.
- The bill paves the way for the establishment of a 19-person commission, made up largely of law enforcement personnel, that will establish voluntary “best practices” for companies to follow.
As the EFF points out, despite provisions being added to protect encryption, the provisions fall far short of actually doing so. The door is still left wide open for companies to be held liable for what users of their platforms do, with a platform’s use of encryption being held up as an “evidence” of its culpability.
Further, the bill essentially deputizes tech companies in an effort to do an end-run around the legal and constitutional issues of having a government-run surveillance state.
The EARN IT Act doesn’t target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies—from the largest ones to the very smallest ones—as its tools.
In view of the enormity of problems the EARN IT act causes, Evan Greer, Director of digital human rights group Fight for the Future, said:
The EARN IT Act is truly one of the worst pieces of Internet legislation I have seen in my entire career, and … that’s saying a lot. Please, we need REAL solutions to the harms of Big Tech, not poorly written laws that will get people killed and do more harm than good /endrant
— Evan Greer (@evan_greer), January 31, 2022