A new bill could punish web platforms for using end-to-end encryption – The Verge

A new bill would reduce legal protections for apps and websites, potentially jeopardizing online encryption. The draft bill would form a National Commission on Online Child Exploitation Prevention to establish rules for finding and removing child exploitation content. If companies dont follow these rules, they could lose some protection under Section 230 of the Communications Decency Act, which largely shields companies from liability over users posts.

Reports from Bloomberg and The Information say that Sen. Lindsey Graham (R-SC) is behind the bill, currently dubbed the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act. It would amend Section 230 to make companies liable for state prosecution and civil lawsuits over child abuse and exploitation-related material, unless they follow the committees best practices. They wouldnt lose Section 230 protections for other content like defamation and threats.

The bill doesnt lay out specific rules. But the committee which would be chaired by the Attorney General is likely to limit how companies encrypt users data. Large web companies have moved toward end-to-end encryption (which keeps data encrypted for anyone outside a conversation, including the companies themselves) in recent years. Facebook has added end-to-end encryption to apps like Messenger and Whatsapp, for example, and its reportedly pushing it for other services as well. US Attorney General William Barr has condemned the move, saying it would prevent law enforcement from finding criminals, but Facebook isnt required to comply. Under the EARN IT Act, though, a committee could require Facebook and other companies to add a backdoor for law enforcement.

Riana Pfefferkorn, a member of the Stanford Law Schools Center for Internet and Society, wrote a detailed critique of the draft. She points out that the committee would have little oversight, and the Attorney General could also unilaterally modify the rules. The Justice Department has pushed encryption backdoors for years, citing threats like terrorism, but they havent gotten legal traction. Now, encryption opponents are riding the coattails of the backlash against big tech platforms and fears about child exploitation online.

Techdirt founder Mike Masnick also notes that Section 230 doesnt cover federal crimes so the Justice Department could already prosecute companies if theyre enabling abuse. This bill would just let it write a new set of rules by threatening much broader liability.

A spokesperson for Grahams Senate Judiciary Committee emphasized to Bloomberg that the bill isnt final. And the Justice Department is taking a closer look at Section 230 next month, holding a public workshop to discuss potential changes.

Read more:
A new bill could punish web platforms for using end-to-end encryption - The Verge