A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption.
As the final text of the bill circulated, the Department of Justice held a press conference about its own effort to curb online child predation: a set of 11 "voluntary principles" that a growing number of tech companies—including Facebook, Google, Microsoft, Roblox, Snap, and Twitter—have pledged to follow. Though the principles the companies are pledging to adopt don't specifically impact encryption themselves, the event had an explicit anti-encryption message. The cumulative effect of this morning's announcements could define the geography of the next crypto wars.
Child predators "communicate using virtually unbreakable encryption," US attorney general William Barr said during the press conference. "The department for one is prioritizing combatting child sexual exploitation and abuse in our prosecution efforts. And we are also addressing child exploitation in our efforts on retaining lawful access and in analyzing the impact of Section 230 of the Communications Decency Act on incentives for platforms to address these crimes."
EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn't automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to "earn" the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.