#Privacy: EARN IT Act threatens encryption

US senators have proposed a new bill that aims to combat online child sexual exploitation. 

The Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act “would creative incentives for companies to ‘earn’ liability protection for violations of laws related to online child sexual abuse material,” said the bill supporters in an announcement.

Under the act, a new government commission will be formed which will recommend “best practices” related to identifying and reporting online child sexual exploitation. The commission will consist of the heads of DOJ, DHS and FTC, along with 16 other members. 

Despite being proposed with the purpose of combating child sexual exploitation online, the bill has been met with alarm by many privacy advocates, as it requires online platforms to certify compliance with those best practices. 

It is believed that one of the “best practices” could be the provision of an encryption backdoor, therefore providing law enforcement access to users’ private conversations.  

Worryingly, the commission would be predominantly law enforcement agencies who have previously urged tech companies to weaken encryption. 

Sen. Roy Wyden (D-Ore) said: “This terrible legislation is a Trojan horse to give Attorney General Barr and [President] Donald Trump the power to control online speech and require government access to every aspect of Americans’ lives.

“While Section 230 does nothing to stop the federal government from prosecuting crimes, these senators claim that making it easier to sue websites is somehow going to stop pedophiles. This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned,” Wyden added. 

In January, Stanford Law School’s Center for Internet and Society (CIS) stated in a case against the EARN IT Act, that the bill is an attempt to “ban end-to-end encryption without actually banning it.”

The American Civil Liberties Union (ACLU) argued that the bill would threaten the safety of domestic violence victims, activists, and others who rely on strong encryption. 

However, the bill’s supporters stress that people need to think  of the children. 

“The internet is infested with stomach-churning images of children who have been brutally assaulted and exploited, and who are forced to endure a lifetime of pain after these photographs and videos are circulated online,” Sen. Richard Blumenthal (D-Connecticut).

“Simply put, tech companies need to do better. Tech companies have an extraordinary special safeguard against legal liability, but that unique protection comes with a responsibility. Companies that fail to comport with basic standards that protect children from exploitation have betrayed the public trust granted them by this special exemption. Online platforms’ near complete immunity from legal responsibility is a privilege – they have to earn it – and that’s what our bipartisan bill requires.”

However Wyden, argued that the government can do more to tackle child abuse without threatening people’s online security. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/