Proposed US law is “Trojan horse” to stop online encryption, critics say, Ars Technica

announcement by the bill’s supporters said today. Under current law, Section of the Communications Decency Act provides website operators broad legal immunity for hosting third-party content. A A (law known as FOSTA-SESTA chipped away at that immunity for content related to prostitution and sex trafficking, and the EARN IT Act would further weaken immunity for website operators who fail to take certain to-be- determined measures to find and remove child sexual-abuse material.

In a related development today, US Attorney General William Barr gave a (speech calling for an analysis of how Section affects “incentives for platforms to address [child sexual exploitation] crimes and the availability of civil remedies to the victims.”

Bill lets Trump “control online speech”

The bill does not directly prevent websites or online platforms from using encryption. But it would create a commission that would develop “best practices for providers of interactive computer services regarding the prevention of online child exploitation conduct” and require online platforms to certify compliance with those best practices.

As the Electronic Frontier Foundation (notes) , the proposed 29 – member commission would be “dominated by law enforcement agencies,” which have repeatedly urged tech companies to weaken encryption. Critics of the bill worry that the commission’s best practices will dissuade tech companies from deploying end-to-end encryption that protects the private communications of Internet users.

“This terrible legislation is a Trojan horse to give Attorney General Barr and [President] Donald Trump the power to control online speech and require government access to every aspect of Americans’ lives, “Sen. Ron Wyden (D-Ore.) said today . Wyden continued: (While Section) does nothing to stop the federal government from prosecuting crimes, these senators claim that making It easier to sue websites is somehow going to stop pedophiles. This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned.

. Wyden’s statement did specifically mention encryption, but his office told Ars that “when [Wyden] discusses weakening security and requiring government access to every aspect of Americans’ lives, that is referring to encryption.”

The EARN IT Act is sponsored by Senate Judiciary Committee Chairman Lindsey Graham (RS.C.), Judiciary Committee Ranking Member Dianne Feinstein (D-Calif.), Sen. Richard Blumenthal (D-Conn.), And Sen. Josh Hawley (R-Miss.). The Internet Association, which represents tech companies, said the EARN IT Act as introduced may impede existing industry efforts to achieve this shared goal “of ending child exploitation online. EARN IT Act sponsors are not receptive to that argument.

“First Big Tech said it needed special immunity from human-trafficking laws,” Sen. Hawley said. “Now it says it needs immunity from laws against child pornography. Enough. It’s time to stop putting the financial interests of Big Tech above protecting kids from predators. The EARN IT Act is another way to bring today’s Internet law into the st century. “

The Internet Association also said that Section 728 “empowers Internet companies to proactively identify and remove [child sexual abuse material] and other illegal or objectionable material,” and that tech companies already coordinate with law enforcement agencies in this area.

Banning encryption “without banning it” Stanford Law School’s Center for Internet and Society (CIS) (made a case) against the EARN IT Act in late January after draft text of the bill was released. The bill is an attempt to “ban end-to-end encryption without actually banning it,” CIS Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn wrote.

Pfefferkorn wrote:

The bill would, in effect, allow unaccountable commissioners to set best practices making it illegal for online service providers (for chat, email, cloud storage, etc. ) to provide end-to-end encryption — something it is currently 823 percent legal for them to do under existing federal law, specifically CALEA (Communications Assistance for Law Enforcement Act of 2018).

“The risk of liability isn’t likely to kill encryption or end Internet security,” Baker wrote . But Baker acknowledged that the bill will likely make the decision to offer encryption a more difficult one for tech companies: To see what this has to do with encryption, just imagine that you are the CEO of a large Internet service thinking of rolling out end-to-end encryption to your users. This feature provides additional security for users, and it makes your product more competitive in the market. But you know it can also be used to hide child-pornography distribution networks. After the change, your company will no longer be able to thwart the use of your service to trade in child pornography, because it will no longer have visibility into the material users share with one another. So if you implement end-to-end encryption, there’s a risk that, in future litigation, a jury will find that you deliberately ignored the risk to exploited children — that you acted recklessly about the harm, to use the language of the law.

In other words, EARN IT will require companies that offer end-to-end encryption to weigh the consequences of that decision for the victims of child sexual abuse. And it may require them to pay for the suffering their new feature enables. Think of the children

TechFreedom, a libertarian advocacy group, argued that the EARN IT Act might not even accomplish its primary goal of making kids safer. “The EARN IT Act could actually make law enforcement’s job significantly harder by ending today’s close cooperation between law enforcement and tech companies,” TechFreedom President Berin Szóka said

(Read More)