Written by Robby Mangum
While the Coronavirus dominates the news, one thing you may have missed is a recent bill working through Congress with many ramifications for online privacy. The EARN-IT Act, crafted to protect children, could give the federal government the ability to force tech companies to build backdoors into their encryption software.
The Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN-IT) Act is designed to protect children from “child sexual abuse material” explicitly related to internet services. The bill calls for the creation of a National Commission on Child Online Sexual Exploitation Prevention. The bill discusses how this commission would have the ability to outline the ‘best practices’ to prevent child sexual exploitation. Once these best practices are approved by the attorney general, companies that provide internet services, such as Snapchat, are required to review their applications to make sure that they comply with the best practices.
One major issue that the bill does not mention is encryption. Based on what is included in the bill, the best practices will require companies to be able to identify and stop child sexual abuse material happening on their platform. This potentially would include alterations to encryption systems. For example, iMessage on iPhones uses end-to-end encryption, which means that only the sender and recipients can view messages; Apple itself can’t view these messages. To be able to catch any child abuse materials, these companies would have to loosen their end-to-end encryption.
The bill is very explicit about rooting out child sexual abuses. However, many acts designed explicitly to protect children online have had sweeping ramifications for tech companies and their users. The EARN-IT act could force companies to rewrite encryption systems that are used around the globe.