Report on Supply Chain Compliance 3, no. 14 (July 23, 2020)
The United States Senate Committee on the Judiciary unanimously approved an amended version of the EARN IT Act, a key step in the process of the bill becoming law.[1] The EARN IT Act was drafted to protect children from online predators by using Section 230 protections under the Communications Decency Act of 1996 to force companies to comply[2] with a set of guidelines established by an appointed committee.
Pushback by privacy activists and technology companies forced an amendment that stepped back from making the guidelines enforceable nationally, and instead allowed states to make up their own rules. There are several possible problems[3] with the bill, but the most pressing is the concern that the guidelines could require companies to provide backdoors into encrypted communications.
Adding to those concerns is a newly introduced bill, the Lawful Access to Encrypted Data Act, sponsored by the same senators behind the EARN IT Act.[4] This new bill explicitly requires companies to come up with innovative ways to protect privacy while providing backdoors. The fact that this, so far, seems to be a technological impossibility is falling on deaf ears in the Senate.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage,” said Sen. Tom Cotton, R-Ark. “This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet.”