We are discussing the EARN IT Act – a new US bill that could lead to a ban on E2E encryption

Senators introduced a bill that would oblige major media platforms to be responsible for the content of user publications. Information security experts are worried that a ban on end-to-end encryption may be a side effect. We tell how this situation is developing.

/ Unsplash / Steve harvey

What is the essence of the bill

The bill was called EARN IT Act – Eliminating Abusive and Rampant Neglect of Interactive Technologies. US Senators want to amend the legislation regarding Section 230 of the Communications Decency Act (CDA). It says that resources like Facebook, Twitter, and YouTube are not responsible for user-posted content. Politicians believe that large corporations abuse this opportunity and do not pay due attention to the development of tools that restrict the spread of malicious and illegal content on their sites.

Authors EARN IT Act offer revoke statutory immunity, but provide for a procedure by which it will be issued individually. For this, the IT company must undergo a regular audit of the algorithms and methods for filtering content. List of parameters and best practices will make special commission. It will include the head of the FTC, the attorney general, the secretary of homeland security, and twelve other people appointed by the US Congress.

What the community thinks about him

Bill authors celebratethat the EARN IT Act will contribute to the introduction of new filtering systems that can protect children (and other users) from malicious and indecent content. The idea of ​​tightening legislation was supported by US presidential candidate Joe Biden. In an interview with The New York Times, he even called upon “Abolish section 230 immediately.” According to him, media platforms like Facebook should be responsible for the information posted on them.

A couple of materials from our blog on Habré:

  • Network Digest: Information Security, Protocols, and Quantum Internet
  • Can 5G replace Wi-Fi – discuss opinions

But the IT community does not share the views of politicians and considers the EARN IT Act a bad idea. Against him already spoke out Edward Snowden. In his opinion, the bill runs counter to the principle of freedom of speech. It is not clear by what parameters the commission will determine the “illegality” of content on social networks.

Information security experts also see in the new bill a threat to the security of personal data. how they write engineers from the Electronic Frontier Foundation (EFF), the document gives the US Attorney General serious authority, giving him the opportunity to independently write down requirements for IT companies. Acting Attorney General William Barr favors against encryption in applications. Experts fear that if the law is passed, it could force developers to embed backdoors in their software and hardware platforms, as well as prohibits E2E encryption.

/ Unsplash / Max bender

A few years ago, Keys Under Doormats experts working on information security issues notedthat it is impossible to guarantee the access of government agencies to data without opening the door to attackers. Already there were precedentswhen tools using exploits discovered by law enforcement agencies leaked to the network.

The world of E2E encryption

Although the issue of banning end-to-end encryption remains open in the United States (this may not happen), there are countries that have already fixed this fact at the legislative level. For example, such a law have accepted in Australia in 2018, while messenger developers are required to provide decrypted data at the request of law enforcement agencies.

Another country that has considered the option of banning E2E encryption is the UK. Back in 2016, the European Commission took a similar step called upon representatives of Germany and France. However, it is very likely that the EU will not pass such laws. At the end of last year, representatives of the European Commission notedthat they do not plan to consider issues related to the prohibition of end-to-end encryption, as this will adversely affect the security of personal data.

What we write about in the VAS Experts corporate blog:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *