‘Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn’t be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate.
That’s what the Senate Judiciary Committee has proposed and hopes to pass into law. The so-called EARN IT bill, sponsored by Senators Lindsay Graham (R-GA) and Richard Blumenthal (D-CT), will strip Section 230 protections away from any website that doesn’t follow a list of “best practices,” meaning those sites can be sued into bankruptcy. The “best practices” list will be created by a government commission, headed by Attorney General Barr, who has made it very clear he would like to ban encryption, and guarantee law enforcement “legal access” to any digital message.
The EARN IT bill had its first hearing today, and its supporters’ strategy is clear. Because they didn’t put the word “encryption” in the bill, they’re going to insist it doesn’t affect encryption.
“This bill says nothing about encryption,” co-sponsor Sen. Blumenthal said at today’s hearing. “Have you found a word in this bill about encryption?” he asked one witness.
It’s true that the bill’s authors avoided using that word. But they did propose legislation that enables an all-out assault on encryption. It would create a 19-person commission that’s completely controlled by the Attorney General and law enforcement agencies. And, at the hearing, a Vice-President at the National Center for Missing and Exploited Children (NCMEC) made it clear [PDF] what he wants the best practices to be. NCMEC believes online services should be made to screen their messages for material that NCMEC considers abusive; use screening technology approved by NCMEC and law enforcement; report what they find in the messages to NCMEC; and be held legally responsible for the content of messages sent by others.
You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like “client-side scanning” aren’t a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others.’