EPIC Offers Its Support Of The EARN IT Act; Thinks It Can Separate Undermining Section 230 From Undermining Encryption
from the it-really-shouldn't-be-supporting-either dept
As the EARN IT Act moves forward — with all of its Section 230 and encryption-threatening appendages still intact — we’re getting some very interesting responses from tech companies that have benefitted from Section 230 and/or rely on strong encryption.
The goal may be noble — the protection of children from sexual abuse — but those noble goals are just a crowd-pleasing dodge. It’s an assault on both Section 230 and strong encryption that’s being pushed with an anti-child porn narrative, one that makes it very difficult for legislators to oppose. To vote against EARN IT, supporters will misleadingly claim, is to vote for the spread of child porn, so it’s going to be tough to find lawmakers willing to push back.
Attorney General Bill Barr wants encryption broken. If it means American citizens are less protected, so be it… just as long as the FBI can get into a few more locked devices or accounts. Plenty of people in the administration seem to feel Section 230 has to go, if only to make it easier to sue platforms for perceived slights.
Entities that used to be allied against Section 230 reform and encryption-breaking are now for it. The Electronic Privacy Information Center wants to do both somehow. It has sent a letter [PDF] in support of the EARN IT Act that is pure cognitive dissonance. EPIC claims it wants to see Section 230 reformed but somehow keep this “reform” from threatening the encryption of end-to-end communications. How it imagines this law will achieve both aims is nearly impossible to discern.
The letter says Section 230 must be reformed, but for something much lower on the “for the children” list.
EPIC also supports efforts to reform Section 230. In the case Herrick v, Grindr, EPIC provided an amicus brief for the Second circuit in which we explained that the “Internet has changed since Congress passed the [Communication Decency Act] in 1996. Advanced social media platform did not exist when Congress enacted the law.” We objected to a lower court interpretation of section 230, which found that “online platforms bear no responsibility for the harassment and abuse their systems enable. If they chose not to respond to the exposure of personal information or intimate images, to threats of violence, to verbal and psychological abuse, there is nothing a victim can do to intervene.” As we explained, “Congress never intended § 230 to create such a system.”
We all can agree platforms need to handle things like harassment better. But there’s no clear way to make it better, not when you’re moderating millions (Twitter) or billions (Facebook) of users. Attacking the law that allows them to engage in moderation without fear of reprisal isn’t going to make things better. It’s either going to result in platforms refusing to moderate at all or — in the case of smaller competitors — just deciding it’s not profitable to do business in the United States.
EPIC knows the EARN IT Act also threatens the use of end-to-end encryption. If the “best practices” handed down by law to address the spread of child porn include forcing platforms to break encryption to view message content, encryption gets weaker and opponents of encryption like Bill Barr and FBI Director Chris Wray get what they want: encryption that doesn’t protect anyone.
EPIC thinks it can back the EARN IT Act and keep encryption intact.
[F]or companies that actually provide end-to-end encryption we would caution against recommendations that diminish user privacy and security. Strong encryption is critical for network security. The Act correctly identifies “data security and privacy” as relevant considerations in developing best practices. The Act also requires that the Commission include two experts who have “current experience in matters related to constitutional law, consumer protection, or privacy” as well as two experts in “computer science or software engineering related to matters of cryptography, data security, or artificial intelligence in a non-governmental capacity.” The Act should make end-to-end encryption a “Relevant Consideration” under Section 4(a)(4).
Providing end-to-end encryption protects users, promotes commerce, and ensures cybersecurity. EPIC recommends that the EARN IT Act make clear that liability should not be imposed for a secure end-to-end encrypted communications system that safeguards the security and privacy of users.
That’s all well and good, but we’re not going to get a law that undermines Section 230 while protecting encryption. It will undermine both. That’s the goal of the legislation. Doing everything you can to prevent the distribution of child porn means cracking open encrypted messages to view their contents. Platforms are doing all they can to prevent this, but forcing them to undermine encryption makes millions of people not distributing child porn less secure. It’s pretty screwed up to run an organization interested in protecting the privacy of internet users when you’re throwing your support behind a bill that threatens to make everyone’s conversations less private.