Experts Fear Proposed Bill Could Target Encryption


A new proposed bill could diminish legal protections for apps and websites that use end-to-end encryption. The bill would create a “National Commission on Online Child Exploitation Prevention,” which would make rules to find and remove content that exploits children. If a company does not follow these rules, it risks losing some protections from Section 23 of the Communications Decency Act; this protects companies from being liable for what their users post.

 Sens. Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.) are supporters of the bill, being called Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act. The new bill amends Section 230 to “make companies liable for state prosecution and civil lawsuits over child abuse and exploitation-related material, unless they follow the committee’s best practices.” Section 230 protections will remain for other content, including defamation and threats.

While the bill does not include specific rules or guidelines, any guidelines would fall under the committee’s discretion.

Riana Pfefferkorn, from Stanford’s Center for Internet and Society and a critic of the proposed bill, wrote that the committee would have relatively little oversight and the Attorney General alone enact sweeping rules changes. She wrote that “[e]ncryption, particularly end-to-end encryption, is likely to be targeted as being contrary to “best practices” for preventing [abusive material], because if a provider cannot “see” the contents of files on its service due to encryption, it is harder to detect [abusive] files.” 

Many companies have chosen to use end-to-end encryption, which prevents anyone not in the conversation from discovering the content of the conversation, including the service providers themselves. Facebook uses end-to-end encryption for Messenger and WhatsApp. Attorney General William Barr is critical of the encryption because it prevents law enforcement from accessing messages.

Pfefferkorn stated that Section 230 and other federal laws already protect online platforms from liability and require telecom carriers to make their networks accessible to law enforcement, but “the providers of ‘information services’ are not required to design to be surveillance-friendly.” Pfefferkorn argued, “[e]xposing online services to crippling legal liability would (among other things) hurt their commercial viability in foreign markets.”

The Department of Justice has vied for law enforcement loopholes in encryption for safety purposes. The DoJ is set to take a closer look at the proposed bill to suggest potential changes.

Other critics argue that the bill could hinder free speech.