Security News > 2020 > March > Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground
2020-03-06 22:17

On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material online - at the apparent cost of encryption.

The law bill is called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which folds up into the indignant acronym EARN IT. Backed by senators Lindsey Graham, Richard Blumenthal, Josh Hawley and Dianne Feinstein, the proposed law intends to make technology companies "Earn" their exemption from liability allowed under Section 230 of the US Communications Decency Act by requiring internet companies to follow a set of best practices to keep CSAM off their networks.

The best practices contemplated by the lawmakers have yet to be spelled out; they're to be determined by a 19-member government commission that includes 4 non-government experts or "Survivors of online child sexual exploitation." Input from these four can be ignored since the best practices require approval only of 14 commissioners.

Therein lies the issue: based on the US government's ongoing efforts to demonize encryption for leaving law enforcement in the dark and AG William Barr's public opposition to encryption, technical experts expect the guidelines will force technology platforms to avoid encryption they can't undo on-demand in order to check for the presence of CSAM. "Because the AG continually lambastes end-to-end encrypted messaging for cloaking pedophiles' exchanges of CSAM and grooming of child victims, this is code for 'encryption is not a viable alternative best practice,'" explained Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in a blog post.

The EARN IT Act arrived as AG Barr announced that other members of the Five Eyes intelligence alliance - Australia, Canada, New Zealand, and the United Kingdom - have agreed to a set of principles to guide internet companies in their efforts to combat CSAM. Representatives for six online companies - Facebook, Google, Microsoft, Roblox, Snap and Twitter - were there to endorse the initiative.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/06/earn_it_bill_encryption/