The issue of encryption in the USA continues to be almost as divisive as Brexit has been here in the UK.
The recent case of the iPhone’s of Pensacola murderer Mohammed Saeed Alshamrani has focused people’s minds once more and it now seems entirely possible that the issue might be finally coming to a head.
Lindsay Graham’s Bill
Senior Republic Senator Lindsey Graham has been one of the loudest and most prominent critics of encryption and guilty of much of the baseless scaremongering which has framed the debate.
Now he is circulating a draft bill that, if passed, would prove to be the end of end-to-end encryption as we know it in the USA. The bill is called The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 (or EARN IT Act – US politicians like to give their bills catchy abbreviations).
It has been drafted together with Democratic Senator Richard Blumenthal and is being circulated under the banner of tackling the distribution of images of child sexual abuse online. But it has far more sinister undertones which, intentionally or otherwise, would redefine the way the internet works.
Section 230 is a core premise underlying how many of our best-loved social media and websites work. It is an understanding that tech companies cannot be held liable for user-generated content that is published on their forums.
Lindsay Graham’s EARN IT Act would remove this protection unless tech companies comply with a set of so-called “best practices”.
These best practices would be defined by a 15-member commission although how this commission would be established and how these “best practices” would be defined is unclear and would appear to create more problems than solutions.
Graham’s Bill appears to suggest that the commission would comprise four law enforcement representatives, four tech industry reps, two reps of child safety organizations, and two computer scientists or software engineering experts.
More worryingly, it also suggests that the US Attorney-General would have the power to unilaterally overrule any commission findings. Given that the current US Attorney General, William Barr is one of the most anti-encryption voices in the country, this bodes particularly badly.
If a tech company is then deemed to have failed to comply with these “best practices”, they would then be judged to have done so either “knowingly” or “recklessly”. At the same time, the Section 230 provisions would also be amended to allow prosecutors from pursuing criminal charges against internet companies.
How the EARN IT Bill would kill end-to-end encryption
By handing this sweeping power to an appointed 15-member commission and ultimately the Attorney-General, the EARN IT Bill creates a situation where the US Government would be able to force tech companies to do their bidding.
As we have seen, many senior US politicians, including Lindsay Graham, believe that they should be forced to introduce backdoors into encrypted communications to allow law enforcement agencies to access the data being sent on those platforms.
This newly created commission, which would be accountable to no-one, can be expected to quickly deem the use of end-to-end encryption to be against “best practice” and threaten to punish any tech company that continues to use it by removing their Section 230 protections.
They could also insist that “best practice” includes the creation of backdoors into encryption communications.
In other words, Lindsay Graham has created a bill that would allow US politicians to destroy end-to-end encryption in the USA.
It is still very early days and there is no guarantee that this bill would get over the many hurdles it would face to become law. Certainly, tech companies would lobby hard against it.
It is also debatable whether the bill, if it made it into law, would be enough to persuade tech companies to cave on the issue of encryption. One expert, Jeff Kosseff from the U.S. Naval Academy told Gizmodo “I’m not sure how big of a threat this type of lawsuit or prosecution would be for the platforms to get them to—to make that tradeoff.”
He also noted that Section 230 has rarely been applied to private messaging so the treat of using it to force encryption backdoors might not persuade companies like WhatsApp that provide that type of service.
Riana Pfefferkorn of Stanford University’s Center for Internet and Society has written a long and detailed blog post on the bill too. The gist of her argument is that Graham is offering a way for politicians and the US Justice Department to get around a federal law loophole that doesn’t permit the wiretapping of internet communications.
There is a long way to go before the EARN IT Bill makes it onto the statute books, if it ever does. But whatever the outcome of this particular bill it is clear that those in the USA who oppose encryption are not going to back down easily despite the flawed logic of their arguments.