by Caroline Bottger
US lawmakers are planning to introduce legislation to Congress that would make tech companies liable for the content their users post online. Called the Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019 or “EARN IT” Act, the bill demands that companies comply with a list of 15 best practices, or risk being held liable for what their users post. Currently, tech companies are protected from this liability under Section 230 of the Communications Decency Act.
The tech industry fears that this would be used to break encryption, a security method that keeps data sent over the internet readable only by the sender and the recipient; law enforcement says that encryption greatly hinders investigations into online crime, hate speech, and extremism.
The drawbacks of encryption are coming into the global spotlight as communication and crime move into the digital sphere. The “Five Eyes” group, an intelligence-sharing group comprising the US, UK, Canada, Australia, and New Zealand, concentrated on the barriers presented by encryption in their 2019 meeting: UK Home Secretary Priti Patel said in a press statement, “The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk.”
One member country already made moves to break encryption in the name of public safety: Australia passed an anti-encryption law in 2018, which would “establish frameworks for voluntary and mandatory assistance to law enforcement and intelligence agencies in relation to encryption technologies”. Privacy advocates in the country are pushing for amendments on the grounds of potential human rights abuses.
Police departments are already trying to get around encryption without the help of laws. The New York Police Department has spent $10 million on a lab that breaks Apple and Google encryption by using an algorithm to guess passcodes on phones — a technique called ‘brute-forcing.’ Manhattan District Attorney Cyrus Vance said, “You entrust us [law enforcement] with this responsibility to protect the public. At the same time, they [Apple and Google] have taken away one of our best sources of information.”
Elsewhere around the world, more extreme measures are being taken. The Indian government passed a law that requires tech companies like Facebook and YouTube to trace a post within 72 hours of a government request, “no warrant or judicial order required.” India has historically taken a much harsher approach to ensuring public security through restricting the reach of technology: in August 2019, the government cut off internet access for Kashmir, a semi autonomous state with 8 million people.
Alternatives to WhatsApp and iMessage have been on the sidelines for years, and this latest news is pushing them into the mainstream. Encrypted messaging app Signal received a cash infusion of $50 million — from WhatsApp co-founder Brian Acton — and can delete messages after sending.