EARN IT Act a Dire Threat to Encryption, Speech Online, Critics Say

The EARN IT Act has advanced to the House. And though it's been scaled-back, privacy proponents say the proposed law still poses a serious threat.

By Drew Hutchinson

3 min read

The controversial EARN IT Act has been watered down for its recent move to the US House of Representatives, but encryption and cryptocurrency experts are still echoing what they’ve said for months: Legislation that could regulate the internet is inherently dangerous.

The proposed law would erode Section 230 of the Communications Decency Act, which protects online platform providers—anyone from Facebook to small website owners—from being held liable for what their users post. 

But under the EARN IT Act, which made its way through the Senate Judiciary Committee in September and was introduced in the House last week, platforms could be sued for users’ content as long as the complaint is related to crimes against children, like child pornography.

The bill features a last-minute amendment guaranteeing legal protection to platforms that use end-to-end encryption, a system by which platforms can’t read users’ messages. But experts are still wary, partly because they think website owners will bump up content surveillance to avoid pricey litigation battles in the first place, said Marta Belcher, a blockchain law expert and special counsel for the Electronic Frontier Foundation

“If you have platforms that suddenly are going to be subject to these lawsuits, they're going to have to really closely monitor and censor users,” she said. 

The act’s original version was more stringent, and interest groups called it a thinly veiled attempt to allow law enforcement access to private content. But even with its new protections, the bill’s current version still has “serious loopholes” when it comes to encryption, Belcher said.

For instance, CDA 230 prevents states from passing laws to control the internet. But if the EARN IT Act passes, this door would then open, giving non-federal jurisdictions more regulatory leeway.

“I can definitely see governments using this as a hammer to go after any service that allows any kind of encrypted communication,” said Matthew Green, a cryptography professor at Johns Hopkins University and one of the developers of the protocol behind the Zcash cryptocurrency.

The effects the proposed legislation would have on the cryptocurrency sphere remain murky. Some crypto networks use encryption to host user content—which could leave them vulnerable to lawsuits under the EARN IT Act—and others don’t. Either way, the bill is a direct departure from the cypherpunk ethos that created cryptocurrency, said Chris Troutner, who founded the Bitcoin Cash-powered messaging service bch-encrypt

“We need end-to-end encryption, and we need uncensorable money,” Troutner said. “These aren’t nice-to-haves. They’re absolute requirements.” 

The leadership behind the EARN IT Act is also raising red flags for the crypto community. If passed, the law would create a commission that recommends ways to prevent child exploitation online. U.S. Attorney General William Barr, who favors backdoor access to encrypted data, would lead the 19-member group. In turn, the commission’s recommendations could disincentivize state legislatures from upholding privacy practices, said India McKinney, director of federal affairs with the EFF.

This kind of legislation isn’t new. Bipartisan efforts to bypass encryption protocols have been around for years, and the EARN IT Act is just the latest gimmick, Matthew Green said.

“It is something to be worried about, even if we don’t know how it’s going to develop,” said Green.

 

Editor's note: This article was updated after publication to clarify that India McKinney is EFF's director of federal affairs.

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News