EARN IT Act Is Back, And It’s Still Terribly Destructive (original) (raw)

from the the-monster-that-never-dies dept

Some politicians never learn. Congress has been trying to shove through the EARN IT Act for the past two sessions, and thankfully it’s failed both times. But, now it’s back. Kinda. Far be it for the politicians looking to destroy the internet and encryption that keeps us safe to actually reveal the latest version of EARN IT so that the public can review it. They haven’t done that. Instead, they’ve just announced that the still unreleased bill will be marked up on Thursday (though, as I understand how the Senate Judiciary Committee works, this almost certainly means the actual markup will be next Thursday — don’t ask me why, but they seem to always announce a markup and calendar it a week early, and then “hold it over” to do the actual markup a week later).

For what it’s worth, someone slipped me a copy of the latest draft (thank you, friend) and it’s got all the same problems as the bill from last session. Specifically, it includes what appears to be nearly identical misleading language from the last EARN IT regarding encryption. It includes language that pretends that it is not an attack on encryption, because it says the use of encryption shall not be “an independent basis for liability.”

Of course, that doesn’t mean it can’t be considered with some other factor. Even worse, in the next section, it wipes away the entire preceding section anyway by saying that nothing in that paragraph “shall be construed to prohibit a court from considering evidence of actions or circumstances described in that subparagraph if the evidence is otherwise admissible.”

In other words, under EARN IT, encrypting content and messages is a liability. The only thing the bill limits is the finding of liability just for encryption alone. However, as long as anyone argues some other factor, they can then bolt on encryption and say that the use of encryption supports the argument that the service is up to no good.

I mean, it’s kinda funny that they still even include the language pretending this doesn’t touch encryption, considering that sponsor Senator Richard Blumenthal admitted in an interview last year that the point of the bill was totally to target services that use encryption.

I’m not going to go through the details of all of the many reasons this is bad and dangerous. We’ve done that before. Suffice it to say this bill is an attack on encryption and the open internet. It will actually make law enforcement’s job way harder in tracking down purveyors of CSAM by making important evidence inadmissible. The entire approach of the bill seems to misunderstand basically everything about the internet, encryption, intermediary liability law, and how CSAM reporting currently works. No matter what problem EARN IT claims it’s trying to fix, it won’t actually fix them.

The premise of the bill assumes that companies aren’t reporting the child sex abuse material (CSAM) they find, but there’s little to no evidence to support that claim, and the law already requires them to report it. The problem seems to be that law enforcement isn’t doing much with that information. But magically adding liability to websites won’t fix any of that, and just makes it more difficult to collect the necessary evidence in a constitutional manner.

Filed Under: csam, earn it, encryption, intermediary liability, lindsey graham, richard blumenthal, senate