[$] Bringing encryption restrictions in through the back door
Legislation recently proposed in the US Senate is ostensibly meant to
combat "child sexual abuse material" (CSAM), but it does not actually do
much to combat that horrible problem. Its target, instead, is the encryption
of user communications, which the legislation—tellingly—never mentions.
The Eliminating
Abusive and Rampant Neglect of Interactive Technologies Act of 2020,
EARN IT for short, is an attempt to force online service providers
(e.g. Facebook, Google, etc.) to follow a set of "best practices"
determined by a commission, to combat the scourge of CSAM; the composition of
that commission makes it clear that end-to-end encryption will not be one
of those practices, but companies that do not follow the best practices will lose
liability protection for their users' actions. It is, in brief, an
attempt to force providers to either abandon true end-to-end encryption or
face ruinous lawsuits—all without "seeming" to be about encryption at all.