A Sneaky Attempt To End Encryption Is Worming Its Way Through Congress (#GotBitcoin?)
The EARN IT Act could give law enforcement officials the backdoor they have long wanted — unless tech companies come together to stop it. A Sneaky Attempt To End Encryption Is Worming Its Way Through Congress (#GotBitcoin?)
A thing about writing a newsletter about technology and democracy during a global pandemic is that technology and democracy are no longer really at the forefront of everyone’s attention. The relationship between big platforms and the nations they operate in remains vitally important for all sorts of reasons, and I’ve argued that the platforms have been unusually proactive in their efforts to promote high-quality information sources. Still, these moves are a sideshow compared to the questions we’re all now asking. How many people will get COVID-19? How many people will die? Will our healthcare system be overwhelmed? How long will it take our economy to recover?
We won’t know the answers for weeks, but I’m starting to fear the worst. On Wednesday the World Health Organization declared that COVID-19 had officially become a pandemic. A former director for the Centers for Disease Control now says that in the worst case scenario, more than 1 million Americans could die.
This piece by Tomas Pueyo argues persuasively that the United States is currently seeing exponential growth in the number of people contracting the disease, and that hospitals are likely to be overwhelmed. Pueyo’s back ground is in growth marketing, not in epidemiology. But by now we have seen enough outbreaks in enough countries to have a rough idea of how the disease spreads, and to understand the value of “social distancing” — that is, staying behind closed doors. So I want to recommend that everyone here reads that piece, and consider modifying your behavior if you’re still planning events or spending a lot of time in public.
* * *
One risk of having the world pay attention to a single, all-consuming story is that less important but still urgent stories are missed along the way. One such unfolding story in our domain is the (deep breath) Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act, which was the subject of a Senate hearing on Wednesday. Here’s Alfred Ng with an explainer in CNET:
The EARN IT Act was introduced by Sen. Lindsey Graham (Republican of South Carolina) and Sen. Richard Blumenthal (Democrat of Connecticut), along with Sen. Josh Hawley (Republican of Missouri) and Sen. Dianne Feinstein (Democrat of California) on March 5.
The premise of the bill is that technology companies have to earn Section 230 protections rather than being granted immunity by default, as the Communications Decency Act has provided for over two decades.
For starters, it’s not clear that companies have to “earn” what are already protections provided under the First Amendment: to publish, and to allow their users to publish, with very few legal restrictions. But if the EARN IT Act were passed, tech companies could be held liable if their users posted illegal content. This would represent a significant and potentially devastating amendment to Section 230, a much-misunderstood law that many consider a pillar of the internet and the businesses that operate on top of it.
When internet companies become liable for what their users post, those companies aggressively moderate speech. This was the chief outcome of FOSTA-SESTA, the last bill Congress passed to amend Section 230. It was putatively written to eliminate sex trafficking, and was passed into law after Facebook endorsed it. I wrote about the aftermath in October:
[The law] threatens any website owner with up to 10 years in prison for hosting even one instance of prostitution-related content. As a result, sites like Craigslist removed their entire online personals sections. Sex workers who had previously been working as their own bosses were driven back onto the streets, often forced to work for pimps. Prostitution-related crime in San Francisco alone — including violence against workers — more than tripled.
Meanwhile, evidence that the law reduced sex trafficking is suspiciously hard to come by. And there is little reason to believe that the EARN IT Act will be a greater boon to public life.
Yet, for the reasons Issie Lapowsky lays out today in a good piece in Protocol, it may pass anyway. Once again Congress has lined up some sympathetic witnesses who paint a picture that, because of their misfortune, whole swathes of the internet should be eliminated. It would do that by setting up a byzantine checklist structure that would handcuff companies to a difficult-to-modify set of procedures. One item on that checklist could be eliminating end-to-end encryption in messaging apps, depriving the world of a secure communications tool at a time when authoritarian governments are surging around the world. Here’s Lapowsky:
The EARN IT Act would establish the National Commission on Online Child Sexual Exploitation Prevention, a 19-member commission, tasked with creating a set of best practices for online companies to abide by with regard to stopping child sexual abuse material. Those best practices would have to be approved by 14 members of the committee and submitted to the attorney general, the secretary of homeland security, and the chairman of the Federal Trade Commission for final approval. That list would then need to be enacted by Congress. Companies would have to certify that they’re following those best practices in order to retain their Section 230 immunity. Like FOSTA/SESTA before it, losing that immunity would be a significant blow to companies with millions, or billions, of users posting content every day.
The question now is whether the industry can convince lawmakers that the costs of the law outweigh the benefits. It’s a debate that will test what tech companies have learned from the FOSTA/SESTA battle — and how much clout they even have left on Capitol Hill.
The bill’s backers have not said definitively that they will demand a backdoor for law enforcement (and whoever else can find it) as part of the EARN IT Act. (In fact, Blumenthal denies it.) But nor have they written the bill to say they won’t. And Graham, one of the bill’s cosponsors, left little doubt on where he stands:
“Facebook is talking about end-to-end encryption which means they go blind,” Sen Graham said, later adding, “We’re not going to go blind and let this abuse go forward in the name of any other freedom.”
Notably, Match Group — the company behind Tinder, OKCupid, and many of the most popular dating apps in the United States — has come out in support of the bill. (That’s easy for Match: none of the apps it makes offer encrypted communications.) The platforms are starting to speak up against it, though — see this thread from WhatsApp chief Will Cathcart.
In the meantime, Graham raises the prospect that the federal government will get what it has long wanted — greatly expanded power to surveil our communications — by burying it in a complex piece of legislation that is nominally about reducing the spread of child abuse imagery. It’s a cynical move, and if the similar tactics employed in the FOSTA-SESTA debate were any indication, it might well be an effective one. A Sneaky Attempt To,A Sneaky Attempt To,A Sneaky Attempt To,A Sneaky Attempt To,A Sneaky Attempt To,A Sneaky Attempt To,