Advertisement

Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption

Changes to the bill weren't enough to satisfy critics.
EARN IT act
Sen. Lindsey Graham, R-S.C., is a chief backer of the bill. (Getty Images)

The Senate Judiciary Committee on Thursday unanimously advanced a bill that would combat child pornography, but which technologists say risks weakening encryption for average internet users by exposing tech companies to lawsuits.

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) would remove liability protections for companies like Facebook when users share child pornography on their platforms. The bill is the latest front in a long-running struggle between lawmakers who see end-to-end encryption as shielding criminality, and civil liberties advocates and technologists who say weakening encryption could make swaths of the internet less secure.

Lawmakers responded to criticism of earlier versions of the bill by making the standards that tech companies have to meet to receive liability protection voluntary. The bill also now states that tech providers won’t be targeted under federal law simply for providing encryption technology, thanks to an amendment from Sen. Patrick Leahy, D-Vt.

“I’m not trying to stop companies from encrypting their products,” Sen. Lindsey Graham, R-S.C., the committee’s chairman, said during a hearing Thursday. “I am trying to make them harden their products against sexual exploitation by child predators.”

Advertisement

But critics say the latest version of the bill, with its overly broad language, could expose technology providers to a raft of lawsuits at the state level. The nonprofit Center for Democracy & Technology charged that a “consistent threat of litigation….will be a strong disincentive against providing [end-to-end encryption] and continuing to have to defend that decision in court.”

The Internet Association, a trade group that includes Facebook, Google and Microsoft, said the bill “[o]pens the door to an unpredictable and inconsistent set of standards under state laws that pose many of the same risks to strong encryption.”

Joseph Lorenzo Hall, a senior vice president at the nonprofit Internet Society, called Leahy’s amendment “a fig leaf of protection for strong encryption.” The bill, he added, leaves “people to fight it out in court, which is far from cementing protection and clarity for encryption, the bedrock of our lives on the internet and in the real world.”

For years, across Democratic and Republican administrations, law enforcement officials have said that encryption has hindered criminal and terrorism investigations. They have also, however, sometimes used hacking tools to access encrypted data on devices. In May, Attorney General William Barr said FBI technicians had cracked the iPhones of the perpetrator of a terrorist attack at a U.S. Naval base. Barr sharply criticized Apple for not unlocking the devices.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts