Skip to main content
banner image
venafi logo

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

earn-it-act-is-back-encryption
February 10, 2022 | Brooke Crothers

Sens. Richard Blumenthal (D-Conn.) and Lindsey Graham (R-S.C.) have reintroduced legislation that targets the removal of liability protections for online platforms that have child sexual abuse content. This is rekindling debate around end-to-end encryption (E2EE) since the law could discourage its use due to liability issues.

Learn How to Protect Your Machine Identities Now!

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) was first introduced in 2020, and passed the Senate Judiciary Committee unanimously, with the goal of removing “blanket immunity” that online platforms enjoy for child sexual abuse material (CSAM), as stated by the bill’s authors.

The EARN IT Act of 2022 proposes to remove Section 230 protections – which provides immunity for third-party content – if an online service can’t prove it’s doing enough to limit child exploitation materials. In effect, the new version of the EARN IT Act says a platform’s use of encryption can be used as evidence against it in court.

It would be the first Section 230 amendment since the passage of FOSTA-SESTA in 2018 and, critics fear, may open the floodgates for lawsuits.

End-to-end encryption and EARN IT

Major Internet and social media companies have embraced end-to-end encryption — which encrypts data between a sender and receiver to prevent third-party access — in response to privacy concerns. With the introduction of the EARN IT Act, E2EE has become a hot-button topic since it goes to the heart of age old debates about privacy vs public good.

Privacy advocates support E2EE because, they argue, it ensures online users are free from the threat of unauthorized surveillance from service providers, government agencies, cybercriminals and any other threat actors. Law enforcement agencies, on the other hand, have come out against broad use of E2EE, claiming that it could serve to protect cybercriminals.

Opposition

A number of voices opposing the reintroduction of the EARN IT legislation cite the damage it can do to the use of encryption and, specifically, E2EE.  

The Electric Frontier Foundation (EFF) mentions Signal—one of the pioneers in the use of E2EE for messaging—which has stated that it may not be able to operate in the U.S. if EARN IT becomes law.

“You can’t have a secure internet where all its content is also screened, because you can’t have end-to-end encryption alongside mass scanning requirements. This isn’t just an attack on encryption—it’s an attack on the fundamental security of the internet. As experts have said before, this sort of scanning is in direct conflict with privacy and security.”

--Electric Frontier Foundation, February 8, 2022

There is a chorus of other voices, on both sides of the political spectrum, opposing the EARN IT Act because of the perceived hypocrisy.

“Members of Congress (including EARN IT’s main sponsors) have this unfortunate tendency to bemoan that tech companies aren’t doing enough to protect users’ privacy, then get mad at them for using strong encryption to do just that,” opines the The Center for Internet and Society (CIS) at Stanford Law School.

CIS goes on to say that while protecting children online is a “laudable…goal,” EARN IT “discourages providers from offering encryption by exposing them to liability for doing so.”

Pushing back on liability concerns, Blumenthal said in a recent interview that lawmakers incorporated these concerns into revisions “which prevent the implementation of encryption from being the sole evidence of a company’s liability for child porn,” according to a report in the Washington Post.

Encryption is critical to privacy

Encryption—in general—is critical to protecting the privacy of both individuals and organizations. Any campaign that portrays encryption in a bad light endangers the privacy protections that we all rely on. So, while there may be merit in exposing encrypted communications to certain privileged organizations—such as law enforcement—we should be extremely careful how we portray the value of encryption to those who will benefit most from its protections.

Related Posts

Like this blog? We think you will love this.
data-privacy-in-a-world-of-digital-surveillance
Featured Blog

Fighting for Privacy as a Fundamental Human Right [War on Encryption]

In a state of digital surveillance

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more