Sen. Lindsey Graham is one of three sponsors of the LAED Act and the main sponsor of the EARN IT Act. (Sen. Graham's website/Youtube)
Multiple bills that threaten encryption are moving through the U.S. Senate and could pose a threat to technology that protects users’ privacy, industry pros say.
These bills include the and the . While the was only recently introduced to the Senate, the EARN IT act has been in the works for months, and has been amended a number of times.
Privacy advocates and product designers say such legislation would also curtail people’s privacy to a huge degree, fundamentally change existing technology and have an impact on everything from messaging and file sharing to privacy coins.
“The government basically would have mass surveillance powers into all of our communications,“ said Zcoin Project Steward Reuben Yap, referring to the LAED Act. “It’s saying, ‘Let’s drop the pretense and let’s just go for it.’ I think it’s really scary. It’s not just about cryptocurrencies as a whole though, it’s really about freedom.”
Sponsored by three Republicans, the LAED Act seeks to end encrypted communications by building in a backdoor for law enforcement to use. The bill lays out a legal framework for law enforcement to access encrypted data with a court order.
The explicit goal of the EARN IT Act is to curb the spread of child exploitative content online, such as child sexual abuse imagery, though its impact could be far wider. In an initial draft, this was going to be done through stripping tech companies of liability protections for the content that is posted on their platforms. These protections currently exist in , which prevents social media companies such as Facebook, Twitter and Reddit from content liability.
Under an earlier draft of the EARN IT Act, companies would lose Section 230 protections if they didn’t follow the recommendations of a federal commission on child exploitative content. This could render companies like WhatsApp, which offers end-to-end encryption, liable for communications on the platform, unless they revoked end-to-end encryption.
“They communicate using virtually unbreakable encryption. Predators’ supposed privacy interests should not outweigh our privacy and security,” said Attorney General William Barr the day the bill was introduced.
Barr has long been a critic of encryption, dating back to his days in the George W. Bush Administration.
The most recent version of the bill gets rid of the commission idea, delegating power to state legislatures to bring lawsuits against companies. It also adds an amendment that explicitly protects encryption. But organizations such as the Electronic Frontier Foundation (EFF), Center for Democracy and Technology and Internet Society
Tools like client-side scanning, which could be used to check for child exploitative content, employs software to check files that are being sent against a database of “hashes,” or unique digital fingerprints. If it finds a match to certain kinds of images, they could be blocked, with the recipient notified, or the message could be forwarded to a third party without the user’s knowledge. Organizations such as EFF have said this violates encryption on a fundamental level.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity,” said Republican Sen. Tom Cotton of Arkansas and one of the sponsors (with Sens. Lindsey Graham and Marsha Blackburn) of the , in a public statement.
“Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet.”