STORY UPDATED: check for updates below.
Is the U.S. government using the cover of the coronavirus pandemic to remove end-to-end encryption so officials would be able to listen to everyone's calls and see everyone's private messages? No, that does not appear to be the case: A controversial bill -- one that has been made public and is the subject of much attention and debate -- has been introduced in the Senate that proposes to strip companies of immunity in cases where child-pornography materials are posted on their platforms. Exceptions would apply if companies comply with an as-yet-developed "best practices" order. Because these "best practices" aren't defined yet, activists are claiming it might lead to companies ending end-to-end encryption or enabling backdoors to allow authorities to listen in on messages and calls in order to keep their own immunity from lawsuits intact.
Posts such as this one (archived here) from March 18, 2020, on Facebook by Ben Stone, slam the bill -- which is called The EARN IT Act: Holding the Tech Industry Accountable in the Fight Against Online Child Sexual Exploitation.
This is how the post read:
While all of the COVID-19 news has been going on, the US government has been sneakily trying to remove end-to-end encryption, and it's been working its way through Congress. If this passes, the government will be able to see all of your messages and listen to all of your calls [have not verified that last part yet], essentially removing all privacy from your conversations. Repost this to spread the message far and wide, even if you don't live in the US."
This is what the post looked like on Facebook at the time of writing:
EARN IT stands for Eliminating Abusive and Rampant Neglect of Interactive Technologies.
Another, similar post echoed to the allegation that this bill -- introduced last month by South Carolina Republican Sen. Lindsey Graham, who is chairman of the Judiciary Committee, and Connecticut Democratic Sen. Richard Blumenthal -- was the government's attempt to "scan every message online." Here is that post:
The definition of end-to-end encryption is below:
End-to-end encryption (E2EE) is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another."
In short, it enables companies to keep the messages and communications of users private. Ending this kind of privacy wholesale is not what the bill is intending to do. The EARN IT Act is focused solely on child pornography, with the bill wanting to stop blanket immunity for companies who refuse to turn over user profiles when child porn is spotted on their platforms.
This has been a long fight between the government and techonolgy companies. The New York Times reported in November 2019:
Law enforcement and technologists have been arguing over encryption controls for more than two decades. On one side are privacy advocates and tech bosses like Apple's chief executive, Timothy D. Cook, who believe people should be able to have online communications free of snooping. On the other side are law enforcement and some lawmakers, who believe tough encryption makes it impossible to track child predators, terrorists and other criminals."
While the bipartisan EARN IT Act is real, the allegation that it's been hidden and is "sneakily" proceeding in Congress toward enaction, is off. When it was introduced March 5, Graham, Blumenthal, and Missouri Republican Sen. Josh Hawley and California Democratic Sen. Dianne Feinstein released a statement, which read, in part:
The internet is infested with stomach-churning images of children who have been brutally assaulted and exploited, and who are forced to endure a lifetime of pain after these photographs and videos are circulated online," said Blumenthal. "Simply put, tech companies need to do better. Tech companies have an extraordinary special safeguard against legal liability, but that unique protection comes with a responsibility. Companies that fail to comport with basic standards that protect children from exploitation have betrayed the public trust granted them by this special exemption. Online platforms' near complete immunity from legal responsibility is a privilege - they have to earn it - and that's what our bipartisan bill requires."
"First Big Tech said it needed special immunity from human trafficking laws. Now it says it needs immunity from laws against child pornography. Enough. It's time to stop putting the financial interests of Big Tech above protecting kids from predators. The EARN IT Act is another way to bring today's internet law into the 21st century," said Hawley.
"Technological advances have allowed the online exploitation of children to become much, much worse over recent years," said Feinstein. "Companies must do more to combat this growing problem on their online platforms. Our bill would allow individuals to sue tech companies that don't take proper steps to prevent online child exploitation, and it's an important step to protect the most vulnerable among us."
The EARN IT Act is supported by more than 70 groups, survivors and stakeholders, including the National Center for Missing & Exploited Children (NCMEC), Rights4Girls, and the National Center on Sexual Exploitation.
Then, on March 11, Graham released this statement, to explain the bill's reasoning:
In the past two decades, reports of child sexual exploitation online have exploded. According to the National Center for Missing & Exploited Children, also known as "NCMEC," we are witnessing a rapid increase in online child exploitation.
Here are some facts:
- In 1998, when the NCMEC CyberTipline was first created, there were just over 4 thousand reports of online child sexual exploitation.
- By 2014, there were 1.1 million reports in a year.
- Compare that to 2019, where there were almost 17 million reports to the tipline in a single year.
- The 2019 reports include more than 69 million images, videos, and files related to child sexual exploitation.
- There was a particular increase in video last year. Of the files reported, 41 million of the 69 million were videos.
I want to be clear about the type of victimization that we're talking about here: This is child sexual exploitation, most of which involves pornographic images and videos of children. Our bill changes the term "child pornography" to "child sexual abuse material" throughout the federal code, because that's what it is. Images of children being harmed. Each time an image or video is shared, it's as if the child is being abused all over again. It is graphic and it is hard to hear. It represents some of the most horrendous criminal acts and takes a toll on us all.
The EARN IT Act, should it become law, would strip companies of immunity against prosecution -- and allow them to be sued -- if they do not participate in a "best practices" program. Such a program has not been established, and it's unclear what form it woud take. But it would be designed by the government or entail a company program approved by a government commision. This provision for government oversight has civil liberties groups concerned that free speech rights would be violated -- and that the government is opening the door to having power to read private messages of everyday people.
Many posts making the claims this is all happening under the cover of the pandemic can be found online. Even though the Ben Stone post acknoweldges that he hasn't been able to verify "that last part" (presumably referring to phone calls), it goes on to claim the government would be "essentially removing all privacy from your conversations."
Such sweeping speculation takes the leap from companies losing their rights to have end-to-end encryption to mean that the government -- under the guise of lockdowns due to COVID-19's huge case load and loss of life -- could be accessing any text messages and phone calls citizens make.
The government has been actively working on the coronavirus stimulus bills that have been passed, but they are also focusing on other laws. This is just one of them.
Some rights advocates have said the government is trying an end-run to get around current encryption allowances. A Forbes piece from March 14 opened this way:
The fight between the providers of encrypted messaging platforms and lawmakers has entered a serious new phase. And this time around it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.
Describing this as "a major threat... an attack on online speech and security," EFF warns "imagine an internet where the law requires every message sent to be read by government-approved scanning software. The privacy and security of all users will suffer if U.S. law enforcement achieves its dream of breaking encryption."
Later, the story says:
"If the bill passes," Sophos warns, "the choice for tech companies comes down to either weakening their own encryption and endangering the privacy and security of all their users, or foregoing protections and potentially facing liability in a wave of lawsuits." The potential for such a move was described by one U.S. senator as "a Trojan horse," giving the government "access to every aspect of Americans' lives."
Beyond the obvious., the other complaint is that U.S. lawmakers will act as judge and jury on what passes for "best practices." A government commission will shape the rules, a commission headed by the Attorney General, an office occupied by William Barr who has argued end-to-end encryption must be broken, that law enforcement must be given access to the data when required.
And not all Congressional members, including Oregon Democratic Sen. Ron Wyden, are on board:
Read my full statement on the disastrous EARN IT Act, which will give Bill Barr and Donald Trump more control over the internet: pic.twitter.com/LF9WF2F5dV-- Ron Wyden (@RonWyden) March 5, 2020
2020-04-21T11:39:49Z 2020-04-21T11:39:49ZUpdated the story to include more context and concerns from rights organizations about what the bill would entail, and how it would impact basic civil liberties in the United States.