Privacy is under threat again in the US.
This time, two new acts proposed by US Senators aim to undermine encryption and bring even more surveillance to the online world.
Under the guise of making the internet a safer place, the bills would massively transform cybersecurity and free speech.
The EARN IT Act
Senators introduced the EARN IT Act (S. 3398) in early March 2020.
EARN IT has stirred quite a bit of controversy. That’s because it would dramatically affect free speech online and undermine encryption.
Also, it directly contradicts the First and Fourth Amendment of the US constitution.
Going against the First Amendment
The EARN IT Act wants to impose a series of so-called best practices for online service providers. As a result, digital platforms would need to take legal responsibility for the content their users generate online.
To better understand why this is controversial, let’s look at the European Union’s copyright law, amended in 2019. As Article 13 proved, being legally responsible for the content posted on your platform can’t happen without massively censoring a wide variety of topics, even if they’re satire, critique, or opinion-based pieces.
But editorial activity is protected by the First Amendment to ensure freedom of the press.
Contradicting the Fourth Amendment
The Fourth Amendment in the US Constitution protects people from unreasonable searches and seizures by the government. It’s not a guarantee against all searches and seizures, but against those deemed unreasonable.
However, the EARN IT Act implies online service providers turning into government actors.
While the act isn’t clear on the implementation side of things, we can look at how things happened in the European Union with Article 13.
In such a scenario, the government could coerce digital platforms to scan users’ accounts and their content proactively. The carrot dangled in front of them would be keeping their legal immunity as companies under Section 230.
No exceptions for the EARN IT Act
Regulating what content can be distributed online has proven to be a slippery slope time and time again all over the world.
While the idea of eradicating digital crimes is appealing, it’s impossible to have all the content online verified and vetted by humans all the time.
An automation layer detecting specific keywords, images, or video content would be necessary, with protected edge cases in place.
For example, what happens to journalists exposing crimes and illegal activities when they get flagged by the filters?
The EARN IT Act has no mention of such exceptions, which is worrying.
If EARN IT passes, companies will most likely implement digital filters. They’re the easiest and most cost-effective way of weeding out problematic content.
But we need to talk about the privacy implications.
Weeding out digital content
When companies are forced to make sure they have no damaging content or IP addresses linked to malicious activities on their platforms, scanning everything is the only way to go about it.
So, even if you’re not a criminal, your data would be verified as if you were guilty of something. If stored, you can imagine it would quickly become a target for hackers and other malicious parties.
Parsing information online relies on machine learning algorithms. And while you can teach them to identify words or images, they’re not great with sarcasm, irony, or jokes.
Ever texted “I’ll kill you” jokingly? That could now turn into a red flag for machine learning.
The LAED Act
Apparently, bad things come in twos. And since we’ve covered the EARN IT Act, let’s take a look at another dangerous bill: the Lawful Access to Encrypted Data Act of 2020.
The bill makes backdoors mandatory so that the police and other law enforcement agencies catch the baddies easier.
The problem is that backdoors would render all encryption efforts useless.
Accessing your devices one backdoor at a time
The proposed bill is over 50 pages long and sports ambiguous wording.
LAED would apply to any electronic device with a storage capacity of over 1 GB that sells more than a million units a year. The list includes:
- operating systems
- messaging and chat platforms
- social media platforms
- email services
- cloud storage services
- videoconferencing software
- gaming consoles
- IoT devices
…and probably others as well.
Backdoors are not friends
LAED requires companies to figure out for themselves how to comply with a decryption directive.
But the thing that these senators don’t seem to get is that a backdoor isn’t just for the police. Any malicious party can also use it!
A company’s only defense would be to prove that lawful access through a backdoor is “technically impossible.”
But, even if decryption is deemed impossible, the government can require a system redesign! The user won’t be the one with the decryption key anymore, turning digital security into a joke.
If you want to understand this gloominess, imagine a backdoor to your banking information wide open for anyone with technical know-how.
Guilty until proven innocent
EARN IT and LAED don’t just completely neglect the safety of users or thorny matters for companies, such as trade secrets, they also bring extensive surveillance capabilities.
Decryption will be possible even without a warrant, and continuous content monitoring will make it easier to fish out user data.
Much like how we’ve seen with the PATRIOT Act or Prism, the power these bills grant would most likely be abused.
Many of the people searching through the haystacks were young, enlisted guys and … 18 to 22 years old. They’ve suddenly been thrust into a position of extraordinary responsibility where they now have access to all your private records. In the course of their daily work, they stumble across something that is completely unrelated to their work, for example, an intimate nude photo of someone in a sexually compromising situation, but they’re extremely attractive. So what do they do? They turn around in their chair, and they show a co-worker.Edward Snowden in interview with Alan Rusbridger and Ewen MacAskill for The Guardian
Being surveilled in case you might turn out to be a threat to national security goes against the US justice system’s core values.
We need to recognise that people have an individual right to privacy, but they also have a collective right to privacy. Nobody should have their communications seized and stored for an indefinite period of time without any suspicion or justification, without any suspicion that they’re involved in some sort of specific criminality. Just as it would be for any other law enforcement investigation.Edward Snowden in interview with Alan Rusbridger and Ewen MacAskill for The Guardian
It seems like no one is safe from Big Brother.
You need to act now
EARN IT aims to bring more people who distribute illegal content online to justice, while LAED’s authors target iPhones, Android phones, WhatsApp, Signal, and social media platforms.
But these bills also impact digital privacy and security, with a lot of inconspicuous content inadvertently targeted. They could ultimately change how much we can reliably use technology.
Even if the bills pass, this doesn’t mean that there will be no more crime. It’s impossible to catch every criminal under the sun.
You should be concerned; concerned enough to do something about it.
Contact your local representatives
Urge your representatives to vote against all bills threatening free speech online and encryption.
With so many people working from home and relying on their internet connections for everything, this would be the worst possible time to attack cybersecurity.
Make your stance clear and let your politicians know that potential offenses shouldn’t be used as an excuse for dismantling encryption.
Act now and do what you can to protect your digital privacy and security!
Until next time, stay safe and secure!