EARN-IT Act – Only Outlaws Will Have Strong Encryption


Full disclosure:  it will be obvious which side of the conversation I am on pretty quickly.

The FBI has been trying to ban end to end encryption – any encryption that they can’t break at will – for decades now.  They charged Phil Zimmerman with crimes and almost convicted back in the 90s.  The battle is still going on.

For years the FBI has been using the flag of national security to try and ban encryption, but it hasn’t worked.  Part of the Patriot Act which was implemented after 9-11 required telephone providers to provide metadata of all phone calls to the NSA so that they could search for terrorists.  After a while it was required that the phone companies themselves store the data.  Currently that provision has expired.  In part because it was revealed that the government spent $100 million on the program and it only generated two leads;  one of which didn’t pan out.  The other of which they already knew about.

So now the FBI and their friends are trying a different tactic.  If terrorism didn’t work, how about waving the banner of kiddie porn.  After all, EVERYONE is against kiddie porn.  Of course, I am not aware of anyone who is pro terrorism.

On the foundation of kiddie porn was built a bill, sponsored by Senator Lindsay Graham (R-SC) and supported by a few other Senators who want to appear to be strong against kiddie porn (it looks good on campaign posters, of course).

The bill, called EARN-IT, basically says that online service providers will lose protections that they currently have against being sued for content that their customers create (yes, really) if they do not implement some security standards that have not been defined.  And won’t be until years after the bill would become law.  That’s right the bill would impose requirements that won’t be defined for years after this bill would become law.

The plan is that the bill would create a commission that would make recommendations to the Attorney General and some others and the AG could accept those recommendations or change them any way he wants.  Of course, AB Barr is strongly against encryption, so we understand what will happen here.  Then, if service providers don’t implement these undefined rules, they will lose their immunity from being sued for content that they didn’t create.


Of course we don’t know if this bill will pass – given today’s politics it is a crap shoot.

But people need to understand the goal of the bill.  It is to ban any communications that the government can’t read.  TO PROTECT THE KIDS.

Surely you want to protect the kids.  Oh you don’t?  You probably shouldn’t be in office.  There is no way any politician could possibly win that battle because the public doesn’t have the patience to understand a deeply technical conversation.

Large companies like Google and Facebook **MIGHT** possibly be willing to fight the government and they have deep enough pockets to do that, but almost no one else does.  As a result, everyone else will have to create a back door so the feds can read everything that you do online.

But think about this for a minute.

Crooks don’t generally follow the law.  That’s why we call them criminals.  So they will use software that comes from some other country that doesn’t have a backdoor.  Of course that will stop the feds from reading the communications of the people that they are trying to stop.  BUT IT IS ABOUT THE KIDS.  EVERYONE WANTS TO PROTECT THE KIDS.

Of course, as soon as you put a backdoor in the communications, China will demand that providers give them the keys.  So will Russia and a whole bunch of other unsavory characters.

Does anyone really think that Facebook (or whoever) is going to stand up to China and say OK, if you want our encryption keys, we won’t do business in your country.  Fat chance.  They will say that they had to because the follow the laws in the countries that they are in and since a quarter of the world’s population is in China, guess who will get the encryption keys.  I seem to recall something in the news that people are unhappy that Zoom encryption keys wound up in China last week.  Well if this law passes, those keys will be in China and a bunch of other places forever.

Signal, the encrypted messaging app that is used by tens of millions of people including politicians, said that they will stop doing business in the United States if this bill becomes law.  They can’t afford the risk.  Everyone else is in it to make a buck so if they have to compromise everyone’s privacy and it gets some people killed in unsavory parts of the world, then it is okay.  They didn’t have a choice.

Of course the bad guys in countries like Russia and China and 50 others will use software without encryption backdoors, so we won’t be able to read their stuff anyway.

Note:  AG Barr doesn’t like calling backdoors BACKDOORS.  That term is so unsavory.  He prefers a much more sanitized term – lawful access.  Because if it is lawful, then it is okay.  BECAUSE IT IS ABOUT THE KIDS.

Of course, the people who are into kiddie porn will just use other encryption methods that don’t have backdoors, but the stupid ones will not and they might get caught.  Then the feds can say look how wonderful we are.  Of course the pros won’t get caught.

And even if they don’t catch anyone significant, they will make U.S. software companies less competitive in the world marketplace.  After all, will companies in other countries want to secure their sensitive information with encryption that the U.S. can read.  Entire countries have already banned ZOOM for just that reason.  The good news is that this will create an opportunity for companies in other countries to take business and jobs away from the U.S.  That is a sub-objective, right?

On the other hand, other countries like this idea, so some of them could follow in the U.S.’s footsteps.

Probably the most infuriating part of the bill to me (my opinion of course) is that the Congress is abdicating its responsibility by creating this commission instead of specifying the standards.  THAT WAY WHEN THE COMMISSION BANS ENCRYPTION THEY CAN SAY “IT WASN’T ME;  IT WAS THEM”.  Plausible deniability.

If this is such a good idea, define the rules now.  Debate them.  And put them into the law.

Of course if they did that, they couldn’t hide behind that smokescreen.

The bill as it is written now even has some poison pill provisions in it.  If the commission doesn’t approve some rules within a specified time period, the online service providers lose their immunity automatically and if that happens, there is nothing that they can do to get it back because there are no approved rules to follow to “earn” their protections back.

Don’t get me wrong.  I am not a fan of kiddie porn, but the reality here is that this has nothing at all to do with protecting the children and everything about getting back at the Silicon Valley companies that the current administration does not like.

For more information on the bill, check out Bruce Schneier’s column, Bitcoin magazine, The Register and the EFF.

Leave a Reply

Your email address will not be published.