The Senate Judiciary Committee will consider legislation Thursday that privacy advocates are warning could pose a major threat to encrypted technologies.

“Everyone who communicates with others on the internet should be able to do so privately,” a diverse group of civil society groups wrote in a letter Wednesday to the committee’s leaders. “But by opening the door to sweeping liability under state laws, the EARN IT Act would strongly disincentivize providers from providing strong encryption.”

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act), introduced for the first time in 2020 by Sens. Lindsey Graham, R-S.C., and Richard Blumenthal, D-Conn., would remove legal liability immunity from tech platforms found in violation of federal or state laws regarding child sexual abuse materials (CSAM). The pair reintroduced the bill last month and it drew immediate criticism from privacy and civil liberties advocates who say the bill could jeopardize encrypted technologies.

The newest version of the bill, critics say, poses an even greater danger to those applications — including some messaging platforms — than a version the committee approved in 2020. The latest version lacks any language specifically protecting internet platforms from being held liable for offering encryption. Instead, it opens the door for courts to cite encrypted technologies alongside other factors in complaints.

“Any proposal requiring or incentivizing online platforms to provide law enforcement with the ability to circumvent any type of encrypted communication undermines human rights,” said Willmary Escoto, U.S. policy analyst at Access Now, a digital rights nonprofit that signed onto the letter.  “And that’s essentially kind of what the EARN IT Act does. Companies shouldn’t be in a position where they’re forced to choose between protecting security and privacy or facing lawsuits.”

The new legislation also opens up liability under a patchwork of 50 state laws. That means state lawmakers could pass any number of statutes limiting tech companies so long as it was in the name of protecting children from sexual abuse.

The EARN IT Act’s cosponsors include Judiciary Chairman Dick Durbin, D-Ill., and ranking member Chuck Grassley, R-Iowa, as well as 16 other senators. A companion version was introduced in the House by Reps. Ann Wagner, R-Mo. and Sylvia Garcia, D-Texas.  Supporters lining up in favor of the bill include the National Center for Missing and Exploited Children, National District Attorneys Association, and the Rape, Abuse & Incest National Network.

Concerns about ‘client-side scanning’

Advocates warn that not only could the bill deter platforms from offering encrypted technology, but it also could pressure them to ramp up what is known as “client side-scanning.” The controversial technique attracted scrutiny last summer when Apple announced it would begin to scan users’ iPhones for CSAM before photos were uploaded to iCloud. Apple backed off after pressure from privacy advocates, but EARN IT could give tech companies an incentive to deploy the technology.

The federal government can’t currently compel companies to do client-side scanning due to Fourth Amendment protections, but Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, says the pressures proposed under the new bill come dangerously close, potentially jeopardizing evidence against the very criminals the bill’s sponsors are hoping to catch.

“It’s really playing with fire because the whole edifice comes crashing down if we go from voluntary scanning to scanning that has only been initiated because this bill gets passed and companies want to avoid potential mass liability exposure under 50 or more state-level laws,” said Pfefferkorn.

This isn’t the first time that lawmakers have attempted to wield Internet liability laws as a tool in fighting online sex crimes.

Critics including Pfefferkorn point to the outcomes of 2018’s Fight Online Sex Trafficking Act (FOSTA), which the EARN IT act is modeled off of,  as an example of the unintended consequences the legislation could have in censoring tech companies and hurting victims rather than helping them. The 2018 law has only resulted in one prosecution since it passed and has been criticized as making the sex work industry less safe for practitioners by forcing more trusted platforms to shutter their services in fear of losing their legal liability shields.

“The same thing is foreseeable here, where if law-abiding sites that don’t want to expose themselves to liability in response to EARN IT will take down large swathes of perfectly legal speech,” said Pfefferkorn. “Simultaneously, we can foresee that it will become harder to track down the victims and perpetrators of child abuse by driving them off of law-abiding platforms that already do a lot to remove this material and into the dark web.”

In 2020 the EARN IT Act sailed out of committee but failed to see a floor vote before the end of the 116th Congress. For this year’s markup, the committee has two new members whose votes advocates hope could sway discussions: Jon Ossoff, D-Ga. and Alex Padilla, D-Calif. Neither of the senators’ offices responded to a request for comment from CyberScoop.

The post The new EARN IT Act poses an even greater threat to encryption, experts say appeared first on CyberScoop.

Read More – CyberScoop

By |2022-02-10T07:18:41-05:00February 10th, 2022|