The EARN IT Act Will Make the Internet Worse for Everyone by Undermining Privacy and Security

from this is not good department

To save the children, we must destroy everything. That’s the reality of the EARN IT Act. I mean, just by reading the actual text behind the terribly laborious acronym, you can get a sense of your goal: to eliminate the abuse and rampant neglect of the Interactive Technology Act. call. it’s a bite.And, given the name, it seems Congressional appropriation Towards Support moderation efforts for abusive content.

but it is not the truth. It’s all about punishing tech companies for user behavior. Like FOSTA before it, this bill has zero interest in actually targeting creators and distributors of illegal content such as child sexual abuse material (CSAM). Instead, it’s only interested in allowing prosecutors to go after the easiest entities to locate: websites that rely on or facilitate the distribution of third-party content.

Specifically, the new Act introduces changes to Section 230, namely looks like Similar to the changes made to FOSTA, it means that if you advertise, promote, display, distribute or solicit CSAM, you will not get Section 230 protection. But here’s the thing: CSAM is already a federal crime, and all federal crimes are exempt from section 230. On top of that, there doesn’t seem to be a bunch of cases anyone can cite as examples of Section 230 blocking CSAM prosecutions. There’s little evidence that this is necessary or helpful — because it won’t.

As we’ve detailed before, the real scandal in all of this isn’t that Internet companies are facilitating CSAM, but that the DOJ is effectively ignoring congressional mandates to go after those involved in the production and distribution of CSAM. Congress tasked the DOJ with CSAM, and the DOJ just didn’t do it. The DOJ needs to compile data and set goals to eliminate CSAM…and hasn’t done so.That’s why it’s odd that EARN IT gets all the attention and not a replacement bill from Senators Wyden, Gillibrand, Casey and Brown that would tell the DOJ to actually take CSAM’s work seriously instead of blaming everyone else.

Supporters of the bill continue to defend the bill, casually ignoring that it doesn’t just encourage social media sites to engage Do not moderation (lest they trigger the “knowledge” clause), but it also aims to undermine encryption — not only by painting it as something that primarily benefits child sex abusers, but by introducing incentives that discourage end-to-end encryption from being implemented. In fact, any attempt to moderate and eliminate illegal content could subject the company to fines, since the safest path — given the act’s mandate — is to do nothing.

How this will help limit the spread of CSAM and help track down the creators of this content is left to anyone’s imagination. Those who support the bill simply assume that stripping away the immunity for third-party content hosts will solve the problem. They also believe that reducing security for all Internet users is an acceptable trade-off for limited visibility into CSAM distribution, which will push CSAM producers to non-U.S.-regulated sites (making them harder to find) and make it available to others The Internet and social media services for purely legal reasons are less secure.

A lot has been said on Techdirt about this truly horrible piece of legislation. There are also many claims elsewhere. The Internet Society has published a critique of the EARN IT Act. guess what? This is very critical. At stake is the privacy and security of millions of Internet users. On the other end of the spectrum are opportunistic legislators who think “doing something” is the same thing as “doing something useful.” Lawmakers were wrong. EARN IT will screw up the Internet and its users by turning encryption into a liability.

The EARN IT Act threatens companies’ ability to use and provide end-to-end encryption, and companies’ immunity from liability is at risk if they do not proactively monitor and filter illegal user content. Doing so threatens the safety, privacy, and safety of billions of people in the United States and around the world who rely on encryption as the foundation of their online security. End-to-End Encryption (E2EE) is the strongest digital security barrier that ensures the confidentiality of communications and information between sender and intended recipient. When used properly, no third party (including service providers) will have the keys to access or monitor the content. If passed into law, the EARN IT Act would directly threaten online service providers and internet intermediaries, which are entities that facilitate internet interactions and provide or support encrypted services.It also creates risks for Internet infrastructure intermediaries (such as Internet service providers and others) that are not directly involved in providing encrypted services.

The act holds providers accountable for user content and communications. To avoid this liability, active steps need to be taken. When it comes to encrypted communications, none of the options under EARN IT are good. Options include an on-demand encryption cracking service to facilitate government investigations, removing end-to-end encryption entirely to monitor content, or just saying fuck it and refusing to provide encryption. None of this benefits the hundreds of millions of Americans who do not create or distribute illegal content.

The use of broken encryption makes people and businesses more vulnerable to criminal activity, while actually preventing minors from encrypting their communications makes them more vulnerable, not less. This is because preventing companies from using E2EE and providing secure services undermines online security and confidentiality.This would put millions of law-abiding people in the U.S. — including marginalized groups and children — at greater risk of harm from those seeking to use private data to do harm.

The potential threat to users and platforms is that governments will, upon adoption, decide which “best practices” companies must use to detect, report, and remove CSAM. The problem is government mediation, which makes Section 230 immunity dependent on adhering to a set of rules that creeps added functionality down a slippery slope. With entities like the FBI continuing to agitate for encrypted backdoors, it’s only a matter of time before “best practices” include some kind of content scanning, meaning end-to-end encryption will no longer be an option. EARN IT doesn’t explicitly make encryption illegal, but its mandate and wording could make its use borderline criminal, holding companies accountable for the actions of their users.

While providing end-to-end encryption is not a crime in itself, the EARN IT Act enables courts to use encryption as evidence to find service providers liable in CSAM-related cases. If a user disseminates CSAM and uses an encrypted service in violation of Title 18 Sections 2252, 2252a, or 2256(8), a court may hold that the service provider provides encryption that makes it liable for negligent or reckless distribution of CSAM because the encryption prevents the service provider from detecting and block CSAM sent by its users – even if the service provider does not know the specific CSAM being transmitted.

Service providers offering E2EE have no knowledge of and have no access to content or communications shared or posted online. Therefore, courts may consider using E2EE to determine whether a provider recklessly disregarded CSAM distributed on its platform or negligently allowed its dissemination. In fact, under the EARN IT Act, state law can expressly state that the provision of encrypted services can be considered evidence of negligent or willful disregard for CSAM transmissions (never in conflict with the so-called “exemption” contained in the EARN IT Act).

Encryption is more than just a way to secure communications. It’s also a way to provide security and privacy for users interacting with other services that don’t link them to other people. The bill will not only cause pain for WhatsApp and its competitors. This would make every intermediary – no matter how disconnected from the production/distribution of criminal content – potentially liable. It would provide prosecutors with a long list of entities to punish, none of which actually produced or uploaded the content.

The EARN IT Act blocks the ability of intermediaries to use a key community-adopted building block of Internet security: encryption. It does this by creating liability risks for intermediaries who cannot monitor what users share, store or post online. State laws may seek to impose civil liability on every party involved in creating, transmitting, or storing communications, including ISPs, web hosting providers, cloud backup services, and encrypted communications services such as WhatsApp.

[…]

In addition, network operators may decide to stop transmitting encrypted traffic or take other steps to block such traffic to avoid the risk of liability in the face of civil liability for damages under state law as permitted by the EARN IT Act. Doing so reduces their interoperability with networks carrying E2EE traffic. Without interoperability, Internet users may experience slower and less secure Web browsing.

This is certainly not the intent of the bill’s authors and supporters. Or, at least, that wasn’t the intention either of them would admit. In all likelihood, most of the bill’s supporters haven’t thought long enough about the unwanted side effects of tying immunity to government mandates. Others may just see this as a good way to discourage the use of encryption because they mistakenly believe it will make it easier for investigators to track down child abusers.

All these assumptions are wrong.There must be a small group of bill supporters who see these negative consequences and like They — these are people who are not only ignorant of the Internet and social media platforms, but have turned ignorance into fear.

The problem is, there are only a few of them, and we have millions. In theory, this means we have the upper hand. Unfortunately, when it comes to government jobs, it’s top-down, meaning a few decide what everyone else has to put up with.

Filed Under: csam, earn it, privacy, security

Leave a Reply

Your email address will not be published. Required fields are marked *