Get best of the week

We discuss the EARN IT Act - a new US bill that could lead to a ban on E2E encryption

Senators introduced a bill that would oblige major media platforms to be responsible for the content of user publications. Information security experts are worried that a ban on end-to-end encryption may be a side effect. We tell how this situation is developing.


/ Unsplash / Steve Harvey

What is the essence of the bill


The bill is called the EARN IT Act - Eliminating Abusive and Rampant Neglect of Interactive Technologies. US senators want to amend legislation regarding section 230 of the Communications Decency Act (CDA). It says that resources like Facebook, Twitter, and YouTube are not responsible for user-posted content. Politicians believe that large corporations abuse this opportunity and do not pay due attention to the development of tools that restrict the spread of malicious and illegal content on their sites.

The authors of the EARN IT Act offer to revoke the guaranteed immunity, but provide for a procedure by which it will be issued individually. For this, the IT company must undergo a regular audit of the algorithms and methods for filtering content. A list of parameters and best practices will be compiled by a special commission. It will include the head of the FTC, the Attorney General, the Secretary of Homeland Security, and twelve other people appointed by the US Congress.

What the community thinks about him


The authors of the bill note that the EARN IT Act will contribute to the introduction of new filtering systems that can protect children (and other users) from malicious and indecent content. The idea of ​​tightening legislation was supported by US presidential candidate Joe Biden. In an interview with The New York Times, he even called for "the immediate abolition of section 230." According to him, media platforms like Facebook should be responsible for the information posted on them.

A couple of materials from our blog on Habré:


But the IT community does not share the point of view of politicians and considers the EARN IT Act a bad idea. Edward Snowden has already spoken against him . In his opinion, the bill runs counter to the principle of freedom of speech. It is not clear by what parameters the commission will determine the “illegality” of content on social networks.

Information security experts also see in the new bill a threat to the security of personal data. How to write engineers from the Electronic Frontier Foundation (EFF), the document gives serious power to the US Attorney General, giving him the opportunity to prescribe the requirements for IT companies. Acting Attorney General William Barr speaksagainst encryption in applications. Experts fear that if the law is passed, it could force developers to embed backdoors in their software and hardware platforms, and also prohibit E2E encryption .


/ Unsplash / Max Bender

A few years ago, experts from Keys Under Doormats, working on information security issues, noted that government agencies could not guarantee access to data without opening the door to attackers. There have already been precedents when tools leaked into the network using exploits discovered by law enforcement agencies.

The world of E2E encryption


Although the issue of banning end-to-end encryption remains open in the United States (this may not happen), there are countries that have already fixed this fact at the legislative level. For example, such a law was adopted in Australia in 2018, while messenger developers are required to provide decrypted data at the request of law enforcement agencies.

Another country that has considered the option of banning E2E encryption is the UK. Back in 2016, the representatives of Germany and France called on the European Commission to take a similar step . However, it is very likely that the EU will not pass such laws. At the end of last year, representatives of the European Commission notedthat they do not plan to consider issues related to the prohibition of end-to-end encryption, as this will adversely affect the security of personal data.

What we write about in the VAS Experts corporate blog:

More articles:


All Articles