> The EARN IT Act cynically uses crimes against children as an excuse to hand control of online privacy and speech over to state legislatures
I like the idea of federal legislature ceding power to state legislatures.
Additionally, it looks like encryption is offered more protections in this bill, Considering federal laws preempt state, especially with regard to telecommunications, I do not see what the risks are with passing this(regarding encryption).
The bill ammends Section 230(e) of the Communications Act of 1934.
> CYBERSECURITY PROTECTIONS DO NOT GIVE RISE TO LIABILITY.—Notwithstanding paragraph (6), a provider of an interactive computer service shall not be deemed to be in violation of section 2252 or 2252A of title 18, United States Code, for the purposes of subparagraph (A) of such paragraph (6), and shall not otherwise be subject to any charge in a criminal prosecution under State law under subparagraph (B) of such paragraph (6), or any claim in a civil action under State law under subparagraph (C) of such paragraph (6), because the provider—
“(A) utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services;
“(B) does not possess the information necessary to decrypt a communication; or
“(C) fails to take an action that would otherwise undermine the ability of the provider to offer full end-to-end encrypted messaging services, device encryption, or other encryption services.”.
I won't challenge the bill directly, but I'll point out that putting "crimes against children" front and center smells of misdirection, so it begs the question of what's really the bill's goal (though that could be just bad campaigning). Also, Edward Snowden spoke out against this bill. That's hearsay, but personally I've a fair amount of trust in his assessments.
The meat of the bill is that it establishes a commission (yes yet another, unpaid though!) that will establish and forward best practices to AG Barr concerning child sexual exploitation online. It is possible that one of the recommendations might be establishing a backdoor. In the future that recommendation would then be used to argue for legislation.
Snowden is great, but do your own research.
Edit: I usually trust Snowden as well. I could be missing something in this bill. EFF did not provide specifics. Hopefully someone here can.
> Just a few months ago, Senator Lindsey Graham (R–SC) delivered an ominous threat to Apple, Facebook, and any other tech company that might refuse to kill encryption programs that prevent malicious hackers, law enforcement officers, and others from accessing our private communications systems: "You're going to find a way to do this or we're going to do it for you."
> Graham has authored the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 — or EARN IT Act [...]
Lindsay Graham has repeatedly sought to weaken encryption and mandate backdoors and key escrow. Also in June this year following the EARN IT Act he introduced the Lawful Access To Encrypted Data Act (LAED) which would mandate backdoors:
LEAD is extreme and has little support. It is widely believed that the LAED was not intended to be passed but is meant to help pass the EARN IT Act by making the EARN IT Act seem like a more moderate and reasonable piece of legislation.
The EARN IT Act is really a ploy by Lindsay Graham and others to bypass Congress on this issue which they cannot otherwise get passed, and allow a small group of people who are not even security experts to develop regulation and mandates (which will probably be against encryption) under the guise of fighting child porn.
The basis of the arguments in that article are based on items that have been stricken from the Act. That article and the EFF post are out of date. Compliance with "best practices" is no longer part of the bill. As of right now there is no teeth to the bill.
Handing national interstate matters over to states has proven to always be a terrible idea as it leads to a selective representation as they rule over far more than can vote for them. Doing so for the internet is doubly terrible given that location of all parties isn't reasonably known ahead of time nor usually relevant.
I don't think I've been paying enough attention but how does this work? The FBI, Police, and some congress members afaik have been talking about the going dark problem for years and now suddenly they pass a bill that explicitly protects companies from liability if they implement end to end encryption etc? Huh?! And why is EFF so wrong about this if that is correct?
Maybe it has something to do with "Notwithstanding paragraph (6)"
Notwithstanding means in spite of paragraph 6. So 7(see above) preempts 6(see below).
“(6) NO EFFECT ON CHILD SEXUAL EXPLOITATION LAW.—Nothing in this section (other than subsection (c)(2)(A)) shall be construed to impair or limit—
“(A) any claim in a civil action brought against a provider of an interactive computer service under section 2255 of title 18, United States Code, if the conduct underlying the claim constitutes a violation of section 2252 or section 2252A of that title;
“(B) any charge in a criminal prosecution brought against a provider of an interactive computer service under State law regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material, as defined in section 2256(8) of title 18, United States Code; or
“(C) any claim in a civil action brought against a provider of an interactive computer service under State law regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material, as defined in section 2256(8) of title 18, United States Code.
The "best practices by a committee they control" requirement which is carte blanche. They could easily set it to considering "key escrow" or "master key" backdoors.
Yeah I think that is the big question that will need to be answered. Would failing to implement such a key escrow scheme qualify for protection under the clause:
> "(C) fails to take an action that would otherwise undermine the ability of the provider to offer full end-to-end encrypted messaging services, device encryption, or other encryption services.”
My guess is no since even with a key escrow scheme the messages can still be encrypted end to end. Its just that there is another party which may be able to decrypt it later.
But the worst thing that happens if you fail to implement the best practices is that you lose section 230 protections. If you're and E2E messaging app or the author of device encryption software you don't need section 230 protections to begin with.
>I like the idea of federal legislature ceding power to state legislatures.
I don't, because I'm sure most state legislatures are even less informed on the importance of online encryption than Congress is. Doubly so if you live in a red state.
I like the idea of federal legislature ceding power to state legislatures.
Additionally, it looks like encryption is offered more protections in this bill, Considering federal laws preempt state, especially with regard to telecommunications, I do not see what the risks are with passing this(regarding encryption).
The bill ammends Section 230(e) of the Communications Act of 1934.
> CYBERSECURITY PROTECTIONS DO NOT GIVE RISE TO LIABILITY.—Notwithstanding paragraph (6), a provider of an interactive computer service shall not be deemed to be in violation of section 2252 or 2252A of title 18, United States Code, for the purposes of subparagraph (A) of such paragraph (6), and shall not otherwise be subject to any charge in a criminal prosecution under State law under subparagraph (B) of such paragraph (6), or any claim in a civil action under State law under subparagraph (C) of such paragraph (6), because the provider—
“(A) utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services;
“(B) does not possess the information necessary to decrypt a communication; or
“(C) fails to take an action that would otherwise undermine the ability of the provider to offer full end-to-end encrypted messaging services, device encryption, or other encryption services.”.
https://www.congress.gov/bill/116th-congress/senate-bill/339...