SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

EARN IT Act moves forward, worrying privacy advocates

Posted on July 15, 2020

The “EARN IT” Act is slowly making its way through the U.S. Senate. Despite strong public criticism, an amended version of the bill was unanimously approved by the Senate Judiciary Committee in early July, setting the stage for full hearings in the near future.

In this article, we’ll discuss the background to EARN IT, and let you know why some people say it’s a serious threat to free speech and digital privacy.

What is EARN IT?

EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) is the name of a bill currently under review by the U.S. Senate. The bill is bi-partisan, sponsored by Senators Lindsey Graham (R-South Carolina) and Richard Blumenthal (D-Connecticut). 

The purported aim of EARN IT is to prevent technology from being used for child sexual exploitation. To this end, the original version of the bill contained provisions for the creation of a special, 19-person committee that would develop a set of recommended best practices for digital service providers. 

Companies would be asked to follow these recommendations in order to “earn” the protections of Section 230 of the Communications Decency Act, which states that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”. 

Currently, tech companies are not liable for illegal content that has been uploaded or shared on their platforms without their knowledge (they still have a duty to report any such content when it is discovered, and to assist in criminal investigations if possible). Under the new law, companies that adhere to the list of best practices would be presumed to be making good faith efforts to prevent the misuse of their services, and would still be exempt from liability for criminal uses of their platforms — but companies that do not abide by the recommendations could be held liable.

Why do people oppose EARN IT?

Preventing child sexual exploitation is, of course, a laudable and entirely uncontroversial goal. However, EARN IT has attracted criticism due to its implications for privacy and free speech — as well as the perception that protecting children is not the true aim of the law.

The special committee outlined in the original bill would be under the direction of the U.S. Attorney General, an office currently held by Willam Barr. Barr has repeatedly called for an end to the strong encryption offered by Apple, Signal, and other privacy-oriented tech companies. He has demanded that such companies implement secure “backdoors” that would allow law enforcement to access locked devices or read encrypted messages during criminal investigations. 

For this reason, even though EARN IT doesn’t mention it by name, many political analysts interpret the bill as an indirect assault on encryption. This is worrisome, because according to security experts, Barr is asking for something which is not actually possible. They warn that any such backdoor would ultimately undermine user privacy and security (which, incidentally, is Apple’s official position on the matter). 

If EARN IT becomes law, companies could find themselves facing an impossible choice: Follow the government’s recommendations — even if they undermine user privacy — or accept legal liability for the criminal actions of the people who use their services.

Is the amended EARN IT any better?

The amended version of EARN IT has been described by some observers as “weakened”, because it delegates much of the work of setting best practices to the states, and because it contains language designed to protect encryption. 

But privacy watchdogs warn that the changes will simply encourage states to attack encryption by other means, likely by attempting to mandate the controversial practice of client-side scanning. Moreover, the new version of EARN IT means that any tech company can be taken to court by any of the 50 states, causing some to worry that it could have a chilling effect on free speech worldwide. Companies attempting to avoid state-level litigation may begin to censor all sorts of legal material, simply in order to avoid accidentally processing illegal material. In the words of an analyst at the Brookings Institution, this would “let the most aggressive states set the rules for the entire Internet”. 

What can I do about it?

We’re not in the business of telling people how to vote, or what to think about politics. But we know that many of our readers — wherever they happen to fall on the political spectrum — are passionate about digital privacy issues. If you are a U.S. citizen or resident, and have concerns about EARN IT, you can use this free tool to send feedback to your elected officials.

Join our mailing list for the latest security news and deals