EPIC Offers Its Support Of The EARN IT Act; Thinks It Can Separate Undermining Section 230 From Undermining Encryption

from the it-really-shouldn't-be-supporting-either dept

As the EARN IT Act moves forward -- with all of its Section 230 and encryption-threatening appendages still intact -- we're getting some very interesting responses from tech companies that have benefitted from Section 230 and/or rely on strong encryption.

The goal may be noble -- the protection of children from sexual abuse -- but those noble goals are just a crowd-pleasing dodge. It's an assault on both Section 230 and strong encryption that's being pushed with an anti-child porn narrative, one that makes it very difficult for legislators to oppose. To vote against EARN IT, supporters will misleadingly claim, is to vote for the spread of child porn, so it's going to be tough to find lawmakers willing to push back.

Attorney General Bill Barr wants encryption broken. If it means American citizens are less protected, so be it… just as long as the FBI can get into a few more locked devices or accounts. Plenty of people in the administration seem to feel Section 230 has to go, if only to make it easier to sue platforms for perceived slights.

Entities that used to be allied against Section 230 reform and encryption-breaking are now for it. The Electronic Privacy Information Center wants to do both somehow. It has sent a letter [PDF] in support of the EARN IT Act that is pure cognitive dissonance. EPIC claims it wants to see Section 230 reformed but somehow keep this "reform" from threatening the encryption of end-to-end communications. How it imagines this law will achieve both aims is nearly impossible to discern.

The letter says Section 230 must be reformed, but for something much lower on the "for the children" list.

EPIC also supports efforts to reform Section 230. In the case Herrick v, Grindr, EPIC provided an amicus brief for the Second circuit in which we explained that the “Internet has changed since Congress passed the [Communication Decency Act] in 1996. Advanced social media platform did not exist when Congress enacted the law.” We objected to a lower court interpretation of section 230, which found that “online platforms bear no responsibility for the harassment and abuse their systems enable. If they chose not to respond to the exposure of personal information or intimate images, to threats of violence, to verbal and psychological abuse, there is nothing a victim can do to intervene.” As we explained, “Congress never intended § 230 to create such a system.”

We all can agree platforms need to handle things like harassment better. But there's no clear way to make it better, not when you're moderating millions (Twitter) or billions (Facebook) of users. Attacking the law that allows them to engage in moderation without fear of reprisal isn't going to make things better. It's either going to result in platforms refusing to moderate at all or -- in the case of smaller competitors -- just deciding it's not profitable to do business in the United States.

EPIC knows the EARN IT Act also threatens the use of end-to-end encryption. If the "best practices" handed down by law to address the spread of child porn include forcing platforms to break encryption to view message content, encryption gets weaker and opponents of encryption like Bill Barr and FBI Director Chris Wray get what they want: encryption that doesn't protect anyone.

EPIC thinks it can back the EARN IT Act and keep encryption intact.

[F]or companies that actually provide end-to-end encryption we would caution against recommendations that diminish user privacy and security. Strong encryption is critical for network security. The Act correctly identifies “data security and privacy” as relevant considerations in developing best practices. The Act also requires that the Commission include two experts who have “current experience in matters related to constitutional law, consumer protection, or privacy” as well as two experts in “computer science or software engineering related to matters of cryptography, data security, or artificial intelligence in a non-governmental capacity.” The Act should make end-to-end encryption a “Relevant Consideration” under Section 4(a)(4).

Providing end-to-end encryption protects users, promotes commerce, and ensures cybersecurity. EPIC recommends that the EARN IT Act make clear that liability should not be imposed for a secure end-to-end encrypted communications system that safeguards the security and privacy of users.

That's all well and good, but we're not going to get a law that undermines Section 230 while protecting encryption. It will undermine both. That's the goal of the legislation. Doing everything you can to prevent the distribution of child porn means cracking open encrypted messages to view their contents. Platforms are doing all they can to prevent this, but forcing them to undermine encryption makes millions of people not distributing child porn less secure. It's pretty screwed up to run an organization interested in protecting the privacy of internet users when you're throwing your support behind a bill that threatens to make everyone's conversations less private.

Filed Under: earn it, encryption, section 230
Companies: epic

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Anonymous Anonymous Coward (profile), 17 Mar 2020 @ 8:42am

    That commission you place so much value on

    "Establishes a National Commission on Online Child Sexual Exploitation Prevention to recommend best practices related to identifying and reporting online child sexual exploitation. The Commission consists of the heads of DOJ, DHS, and FTC, along with 16 other members appointed equally by Congressional leadership, including representatives from: law enforcement, survivors and victims’ services organizations, constitutional law experts, technical experts, and industry."

    Let's see. nineteen members, with the bulk of them demonstrably pro passage and only (according to EPIC four who might be opposed, depending on whether their selection is done responsibly or not) seems to be a bit unbalanced. Since the purpose of government is to represent the people, letting a commission that is biased in favor of the government (who want more power, absolutely) rather than the people they work for is terribly inappropriate. But then they want cover for when they try to force this bill down our throats...the Commission said it was OK! The Commission said 'best practice' is to turn all your conversations over to our 'very nice' and 'on your side' law enforcement community, for your 'safety' and to 'protect the children' (who we won't do anything else to protect, as demonstrated by our own behavior from before FOSTA was enacted and since).

    It is a wonder what the Electronic Privacy Information Center thinks they will win with this bill. I mean really, I wonder what do they think they will win?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.