Cloud Hosting

Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldnt be allowed to securely encrypt them, or theyd lose legal protections that allow them to operate.

Take Action

Stop the Graham-Blumenthal Attack on Encryption

Thats what the Senate Judiciary Committee has proposed and hopes to pass into law. The so-called EARN IT bill, sponsored by Senators Lindsay Graham (R-GA) and Richard Blumenthal (D-CT), will strip Section 230 protections away from any website that doesnt follow a list of best practices, meaning those sites can be sued into bankruptcy. The best practices list will be created by a government commission, headed by Attorney General Barr, who has made it very clear he would like to ban encryption, and guarantee law enforcement legal access to any digital message.

The EARN IT bill had its first hearing today, and its supporters strategy is clear. Because they didnt put the word encryption in the bill, theyre going to insist it doesnt affect encryption.

This bill says nothing about encryption, co-sponsor Sen. Blumenthal said at todays hearing. Have you found a word in this bill about encryption? he asked one witness.

Its true that the bills authors avoided using that word. But they did propose legislation that enables an all-out assault on encryption. It would create a 19-person commission thats completely controlled by the Attorney General and law enforcement agencies. And, at the hearing, a Vice-President at the National Center for Missing and Exploited Children (NCMEC) made it clear [PDF] what he wants the best practices to be. NCMEC believes online services should be made to screen their messages for material that NCMEC considers abusive; use screening technology approved by NCMEC and law enforcement; report what they find in the messages to NCMEC; and be held legally responsible for the content of messages sent by others.

You cant have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like client-side scanning arent a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or its available to others.

The 19-person draft commission isnt any better than the 15-person commission envisioned in an early draft of the bill. Its completely dominated by law enforcement and allied groups like NCMEC. Not only will those groups have a majority of votes on the commission, but the bill gives Attorney General Barr the power to veto or approve the list of best practices. Even if other commission members do disagree with law enforcement, Barrs veto power will put him in a position to strongarm them.

The Commission wont be a body that seriously considers policy; it will be a vehicle for creating a law enforcement wish list. Barr has made clear, over and over again, that breaking encryption is at the top of that wish list. Once its broken, authoritarian regimes around the world will rejoice, as they have the ability to add their own types of mandatory scanning, not just for child sexual abuse material but for self-expression that those governments want to suppress.

The privacy and security of all users will suffer if U.S. law enforcement is able to achieve its dream of breaking encryption. Senators should reject the EARN IT bill.

Take Action

Stop the Graham-Blumenthal Attack on Encryption

Follow this link:
The EARN IT Bill Is the Government's Plan to Scan Every Message Online - EFF