Two Bills Before the U.S. Senate, EARN IT and LAED, Threaten Online Speech, Security, and Safety brookings.edu

Riana Pfefferkorn of the Stanford Center for Internet and Society, writing for the Brookings Institution’s TechStream column:

The potential stakes are high. Exclusion of evidence in [child sexual abuse material (CSAM)] prosecutions would make it harder to obtain a conviction for a hideous crime. If the senators who unanimously voted this bill out of committee care so much about online child safety, why are they willing to roll the dice on whether the bill will backfire and result in accused CSAM offenders going free?

The Leahy amendment attempts to neutralize concerns about EARN IT’s impact on encryption and cybersecurity by preserving immunity from CSAM claims based on the platform’s use of encryption. This does not go far enough. The amendment has been called a “fig leaf” that will merely tie up platforms in litigation. It could also lead platforms to either encrypt everything they can, making detection of CSAM more difficult, or else collect much more private information from their users. Plus, platforms could still be held liable for other measures besides encryption that they take to protect users’ security (or for refusing to implement measures that would undermine it).

LAED, however, renders Leahy’s effort superfluous. By outlawing platforms from giving users strong encryption, LAED would swallow Leahy’s EARN IT amendment. And the LAED bill applies even more broadly than EARN IT, encompassing everything from websites and social media platforms, to apps, email, messaging and chat, videoconferencing and voice calling apps, cloud storage, operating systems, and any electronic device with at least 1 gigabyte of storage — a very low bar in 2020.

I’ve been reading a lot about these two bills — most tech companies of note are based in the United States, so any legislation that impacts them represents a major change to worldwide digital security and civil liberties. Everything I have read from people who understand computer security makes me concerned that these bills, should they become law, would have disastrous consequences.