Congress is trying to kill encryption during a pandemic

While everyone is understandably focused on the coronavirus outbreak, some members of Congress are trying to pass a bill that would effectively kill encryption and threaten civil liberties in numerous ways. The members of Congress who are pushing this bill say it's intended to protect children from being sexually exploited online, but a closer look at the bill reveals it would have wide-ranging effects on internet freedoms.

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or the EARN IT Act, was introduced in the Senate by Sens. Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) last month. In a press release from March 5th, the senators claim the bill is meant to "encourage the tech industry to take online child sexual exploitation seriously."

"I appreciate my colleagues working with me on this bill to ensure tech companies are using best business practices to prevent child exploitation online," Graham said in a statement. "This bill is a major first step. For the first time, you will have to earn blanket liability protection when it comes to protecting minors. Our goal is to do this in a balanced way that doesn’t overly inhibit innovation, but forcibly deals with child exploitation."

The bill would make it so tech companies may be liable for what users posts on their platforms, and the general idea is to get tech companies to do more to prevent their platforms from being used for child exploitation. As things stand, you can't sue a tech company over what a user posts on its platform because they're protected by Section 230 of the Communications Decency Act, but this bill would make it so tech companies must uphold certain standards that would be established by a new National Commission on Online Child Sexual Exploitation Prevention to "earn" Section 230 protection.

It's not entirely clear how they would "earn" this protection, but if this bill passes, it could mean many tech companies would be liable for everything their users post. For many tech companies, that could be disastrous, as they could be exposed to array of lawsuits. Not only could this bill be disastrous for tech companies, but it could force tech companies to violate our civil liberties.

As the Electronic Frontier Foundation (EFF) explained in a blog post on Tuesday, the EARN IT Act doesn't specifically mention encryption, but it would certainly have a major impact on encryption.

"Although the bill doesn’t use the word 'encryption' in its text, it gives government officials like Attorney General William Barr the power to compel online service providers to break encryption or be exposed to potentially crushing legal liability," blog post authors Sophie Cope, Andrew Crocker (lawyers for the EFF) and Aaron Mackey (a free speech and privacy expert) explain.

Beyond encryption, the bill would be a threat to First and Fourth Amendment rights. The First Amendment obviously has to do with our right to free speech, and the Fourth Amendment protects our right to privacy.

"[Congress] cannot direct how and whether online platforms host user-generated content."

As the EFF explains, the bill requires online service providers to follow "best practices" to be protected under Section 230, but it doesn't specifically lay out what the company must keep off of their platform, which might include child pornography or child sex trafficking ads. The bill instead leaves tech companies open to essentially being managed by the government.

"The bill would allow the government to go much further and regulate how online service providers operate their platforms and manage user-generated content—the very definition of editorial activity in the Internet age," the EFF explains. "Just as Congress cannot pass a law demanding news media cover specific stories or present the news a certain way, it similarly cannot direct how and whether online platforms host user-generated content."

That's a pretty clear threat to the First Amendment. As for the Fourth Amendment, the EFF claims the bill would "effectively coerce online platforms into proactively scanning users’ accounts" to look for content that may be related to child exploitation in order to follow these "best practices." There goes your privacy.

Sophia Cope, a senior staff attorney at the EFF, tells Inverse that they've been in contact with the senators who are pushing this bill and haven't been able to get them to ensure this bill would not force tech companies to break people's encryption. She notes that the federal government has been trying to get tech companies to give it a backdoor to their encryption for years. We saw this when Apple went head-to-head with the FBI after the 2015 San Bernardino shooting because the law enforcement agency demanded a way to get into one of the shooters' iPhone and Apple refused. Cope says lawmakers don't seem to understand that a backdoor that the government can use could also be used by nefarious actors.

"The challenge is that policymakers seem to think that tech companies can create a backdoor just for law enforcement and otherwise keep their platforms or services encrypted and strongly protected, but technologists will tell you that if you build a backdoor into what's otherwise supposed to be an encrypted platform, that platform is actually not fully encrypted anymore," Cope says.

Encryption, which can be found in texting apps like Signal and email clients like ProtonMail protects political dissidents, journalists, victims of domestic violence, lawyers and others both at home and abroad who use these platforms need to know they're not going to have their private communications intercepted by their government or people who want to do them harm.

Cope says lawmakers have increasingly been discussing using the Section 230 protections that tech companies rely on as a tool to get these companies to do what they want.

"If you've been paying attention to what's happening in Congress, there has been more momentum to reconsider Section 230 and see if it can be used as leverage against tech companies to do other things that policymakers want them to do," Cope says. "In general, I think a lot of people in Congress have decided they don't like Section 230 so they're just finding different ways to weaken it."

Based on EFF's reading of this bill, it may be considered unconstitutional by the courts even if it does get through Congress and is signed by the president. Cope says it's so far unclear if it's likely to pass in the Senate, and she says the House judiciary committee does seem "more sympathetic" to the concerns over breaking encryption, so it might be amended there before the House would consider passing it. However, even if encryption is taken off the table, there would still constitutional concerns.

"We think that this bill is pretty straightforwardly unconstitutional on multiple fronts," Cope says. "If it passes and is fundamentally the same as it is now, then we think it would definitely be open to constitutional challenges and potentially being struck down."

The Inverse analysis

Sometimes covering tech policy feels like listening to a broken record. Every year, it seems, members of Congress are fighting to break encryption and generally crackdown on internet freedoms we've come to enjoy. As we explained, fighting for these things matters not just because we want the average person's constitutional rights to be protected but because countless people around the world rely on these platforms to organize against authoritarian regimes, escape deadly situations and more. If Congress wants to do something to stop child exploitation, it should write a bill that doesn't threaten the safety and civil liberties of the people who use these platforms.