The controversial EARN IT Act has been watered down for its recent move to the US House of Representatives, but encryption and cryptocurrency experts are still echoing what they’ve said for months: Legislation that could regulate the internet is inherently dangerous.
The proposed law would erode Section 230 of the Communications Decency Act, which protects online platform providers—anyone from Facebook to small website owners—from being held liable for what their users post.
But under the EARN IT Act, which made its way through the Sentate Judiciary Committee in September and was introduced in the House last week, platforms could be sued for users’ content as long as the complaint is related to crimes against children, like child pornography.
The bill features a last-minute amendment guaranteeing legal protection to platforms that use end-to-end encryption, a system by which platforms can’t read users’ messages. But experts are still wary, partly because they think website owners will bump up content surveillance to avoid pricey litigation battles in the first place, said Marta Belcher, a blockchain law expert and special counsel for the Electronic Frontier Foundation.
“If you have platforms that suddenly are going to be subject to these lawsuits, they’re going to have to really closely monitor and censor users,” she said.
The act’s original version was more stringent, and interest groups called it a thinly veiled attempt to allow law enforcement access to private content. But even with its new protections, the bill’s current version still has “serious loopholes” when it comes to encryption, Belcher said.
If you oppose the EARN IT Act, please contact your Representative in the House as well—even if you've already emailed your Senators. We can't let this anti-speech, anti-security bill gain more support. https://t.co/OxLa48fYY8
— EFF (@EFF) October 7, 2020
For instance, CDA 230 prevents states from passing laws to control the internet. But if the EARN IT Act passes, this door would then open, giving non-federal jurisdictions more regulatory leeway.
“I can definitely see governments using this as a hammer to go after any service that allows any kind of encrypted communication,” said Matthew Green, a cryptography professor at Johns Hopkins University and one of the developers of the protocol behind the Zcash cryptocurrency.
The effects the proposed legislation would have on the cryptocurrency sphere remain murky. Some crypto networks use encryption to host user content—which could leave them vulnerable to lawsuits under the EARN IT Act—and others don’t. Either way, the bill is a direct departure from the cypherpunk ethos that created cryptocurrency, said Chris Troutner, who founded the Bitcoin Cash-powered messaging service bch-encrypt.
“We need end-to-end encryption, and we need uncensorable money,” Troutner said. “These aren’t nice-to-haves. They’re absolute requirements.”
The leadership behind the EARN IT Act is also raising red flags for the crypto community. If passed, the law would create a commission that recommends ways to prevent child exploitation online. U.S. Attorney General William Barr, who favors backdoor access to encrypted data, would lead the 19-member group. In turn, the commission’s recommendations could disincentivize state legislatures from upholding privacy practices, said India McKinney, a legislative analyst with the EFF.
This kind of legislation isn’t new. Bipartisan efforts to bypass encryption protocols have been around for years, and the EARN IT Act is just the latest gimmick, Matthew Green said.
“It is something to be worried about, even if we don’t know how it’s going to develop,” said Green.