10 February 2022
On the occasion of the EARN IT Act being reintroduced to the US Congress on 10 February 2022, Adam Hadley, Founder and Director of Tech Against Terrorism, said:
“If passed, the EARN IT Act could have a damaging impact on online security and privacy. The EARN IT Act mistakenly considers encryption a threat to security, when in reality encryption is a core pillar of online security. Online and offline security are two facets of the same coin and undermining strong encryption will not make us safer. We encourage law enforcement and tech platforms to consider innovative and privacy-compliant solutions for detecting criminal use of E2EE services, including metadata analysis and human and open-source intelligence techniques to infiltrate criminal groups on encrypted services.”
Summary of our concerns about the EARN IT Act
Analysis by Tech Against Terrorism shows that a drastic increase in regulatory approaches to illegal and harmful online content has resulted in a fragmented legal landscape which presents significant risks for human rights and freedom of expression, whilst also likely to have little to no impact in terms of disrupting illegal activity online. We also highlight concerns over online regulation creating incentives for tech companies to over-remove content, including potentially legal and non-harmful content, to avoid sanctions. Unfortunately, the EARN IT Act risks replicating many of these mistakes.1The risk of over-removal of content is heightened with the EARN IT Act as the “best practices”, to be outlined by the “National Commission on Online Child Sexual Prevention” for platforms to respond to online child sexual exploitation, are likely to be used as the basis for platforms to earn the right to Section 230 protection – despite these best practices being “voluntary”.
In our landmark report on “Terrorist Use of E2EE: State of Play, Misconceptions, and Mitigation Strategies”, Tech Against Terrorism provides a comprehensive overview of the risks and mitigation strategies related to criminal use of E2EE, including by terrorists and violent extremists. We demonstrate that countering criminal use of E2EE will be more effective if done in accordance with the strengthening of online security protocols.