> At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee “best practices” that are extraordinarily unlikely to allow end-to-end encryption.
As diligently stated by Signal, EARN IT makes end-to-end encryption difficult, but not impossible. All relevant companies would like to prevent having to transition their current architecture over to a design that fits the specification laid out by EARN IT. This is quite understandable as this would bring with it a heavy cost, but if push comes to shove, that’s what they’re going to have to do. I expect that we’ll be hearing a lot more about this issue over the coming months. If this bill is passed, it will quickly be challenged in the Supreme Court.
Sorry, I could have stated this clearer. The point is that it basically gives law enforcement an extremely broad hammer for forcing service providers to design their systems however they want to help law enforcement, over their users. It would in practice make end-to-end encryption impossible to implement, not just difficult.
I see what you mean. That made me wonder what type of approach they would take for something that can vary so much and here’s what I found:
“EARN IT works by revoking a type of liability called Section 230 that makes it possible for providers to operate on the Internet, by preventing the provider for being held responsible for what their customers do on a platform like Facebook. The new bill would make it financially impossible for providers like WhatsApp and Apple to operate services unless they conduct “best practices” for scanning their systems for CSAM.
Since there are no “best practices” in existence, and the techniques for doing this while preserving privacy are completely unknown, the bill creates a government-appointed committee that will tell technology providers what technology they have to use. The specific nature of the committee is byzantine and described within the bill itself. Needless to say, the makeup of the committee, which can include as few as zero data security experts, ensures that end-to-end encryption will almost certainly not be considered a best practice.”
It seems that it would be in the best financial interests of large tech companies to try and revoke the bill if it’s passed. This is why I believe it will quickly be brought to the Supreme Court.
As diligently stated by Signal, EARN IT makes end-to-end encryption difficult, but not impossible. All relevant companies would like to prevent having to transition their current architecture over to a design that fits the specification laid out by EARN IT. This is quite understandable as this would bring with it a heavy cost, but if push comes to shove, that’s what they’re going to have to do. I expect that we’ll be hearing a lot more about this issue over the coming months. If this bill is passed, it will quickly be challenged in the Supreme Court.