During these long weeks in quarantine, the government is working to pass the EARN IT bill, but what is the bill and how will it protect people working from home?
April 15, 2020
Author: Nurit Elber
What is EARN IT?
The goal of EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies Act), Lisa Vaas from Naked Security says, is to eliminate child abuse. To do so, EARN IT will require websites to meet safety requirements concerning child exploitation before receiving Section 230 protections.
As Cornell Law School states, these protections were originally in place to promote sharing on the internet; protecting websites and bloggers from liability for what other individuals may comment or post on their websites. Websites, essentially, will be protected from lawsuits that concern what users say within their website. However, with the addition of the EARN IT Act, the websites will no longer receive these immunities to lawsuits unless they comply with the safety requirements dictated under this bill.
This is a positive first step in making sure that websites monitor the content that is uploaded on their program, to make sure no contraband slips through. However, by undercutting Section 230, this also puts at risk free speech online through website constant monitoring. Because the website is now blamed for what users say online, monitoring and limitations of speech will be applied in fear of being held liable for what someone else may say or post.
Not only will the EARN IT bill pressure websites to limit free speech (for the better or for the worse), it will also weaken encryption as websites and companies will need to provide law enforcement access to previously encrypted user data.
Well, it is for the best, right?
The issue many individuals have with the EARN IT bill are that the bill only limits free speech on the Internet in hopes of stopping child exploitation, while providing law enforcement with access to user data on every website.
While this may seem a lot, Elliot Harmon from the Electronic Frontier Foundation (EFF) states that the EARN IT bill does not have any established systems to assist organizations that support victims or even provide law enforcement resources to investigate claims of child exploitation.
Lisa Vaas from Naked Security also states that the bill does not provide any tools for law enforcement to stop or limit child abuse. It pressures websites to proactively and constantly scan user content to stop the spread on their website.
By doing so, states Vaas, will complicate trials and evidence that these websites may find. Facebook and Apple already scan through user images and information that they upload to stop this spread; however, by enforcing this bill, all companies will become agents of the state and will no longer be able to report these images without a warrant or permission from the government. Apple and Facebook only are able to perform such actions now because they are acting as private companies without requests from the government, as they are conducting this censorship voluntarily.
The bill also does not address the issues that while everyday websites will have to limit online free speech, unfortunately, many individuals who possess such contraband will look for other means to share and upload this information and videos, such as the infamous dark web.
Instead, this bill, even without saying the word encryption, seems to focus only on encryption of websites and requires every application to provide access to law enforcement; all the while the bill does not state any information or laws about how it will proactively prevent child abuse or assist with organizations that help the victims.
The EARN IT bill appears similar to FOSTA, a bill that limited free speech in a similar way to protect woman, but instead many innocent users and websites ended up being silenced out of fear of lawsuits. Consequently, FOSTA prevented organizations that worked towards assisting sex trafficking victims from working, out of fear of lawsuits and violating FOSTA.
How does this affect me?
Many websites, applications, and programs utilize encryption. This includes WhatsApp, phones calls and SMS messages, Facebook, Instagram, and even Snapchat. The focus on this bill is to undermine it, as Elliot Harmon from EFF says. In fact, Attorney General William Barr has blamed encryption for child exploitation many times during his career, suggests Harmon.
Even though the bill might not say anything about encryption, by what the bill will be regulating, websites will not be able to utilize certain encryption methods, ultimately weakening their encryption and security, along with being forced to intentionally install a vulnerability (a backdoor so that law enforcement can access user information with ease).
Any program that provides encryption to protect from other illegal actions (e.g. fraud, man-in-the-middle attacks, data leaks, etc.) will be forced to allow a back door, or in other words unlimited access to user information and data. This is so that law enforcement may be able to monitor what users are doing on these sites and platforms; however, it does come with the risk of an easy means for hackers and other malicious individuals to access user information for further attacks. Just like a person cannot ensure that their unlocked door will only be used by trusted people, the websites and platforms cannot ensure that only law enforcement will be using the required back doors.
If websites, applications, and programs refuse to follow these regulations, then the websites risk liability of what every individual person says on their platform, which leaves them prone to risk of lawsuits. Even though Facebook is an easy social media platform to use to remember birthdays and share out-of-date memes, there is always that hidden side of Facebook that contains questionable content — and this applies also to Instagram, Snapchat, Reddit, and nearly any other social media outlet. These social media platforms will be held liable for every single thing their users say if they do not comply with EARN IT. Therefore, most will have to comply in order to avoid lawsuits.
This means that every post on Facebook meant to only be shared with high school friends has the potential to be leaked. It means that every snap only intended for the best friend, and any text or WhatsApp message sent is available to be looked at by both law enforcement and potential hackers.
Not only that, something called “end-to-end encryption” will also be undermined. This type of encryption means that the website, messaging app, or any server is unable to decrypt the message while it is sent — the message would only be “unencrypted,” or readable, at the destination user.
Simply, when a message is sent, it is immediately encrypted. So, if the server chooses to look at the message to see what the content is, the server only sees gibberish. The message is only decrypted once it is accessed by the recipient of the message. So, if Bob (one end) messages Alice (the other end), “Hi, Alice!”, the server cannot read the message because it is all garbled because of the encryption. When Alice opens the message, she reads, “Hi, Alice!”, just as Bob intended.
This type of encryption assists users by forbidding companies to read their messages — which could be sold to advertising companies. Without it, every message sent can be viewed by the company and sold, and if this bill passes, law enforcement will also be able to view these messages and content. It also leaves the potential for unintended users, or hackers, to get in the middle of a conversation and steal confidential information between users.
Because of the EARN IT bill, Riana Pfefferkorn states, end-to-end encryption is no longer viable because servers will not be able to monitor what users are saying, sending each other, or posting. This also means that the server has to eliminate the end-to-end encryption method so that law enforcement and other agents of the law are able to view user information and messages.