Last week, the Senate Judiciary Committee voted, for a third time, to advance the dangerous EARN IT bill (S. 1207)—a law that could lead to suspicionless scans of every online message, photo, and hosted file.
In the name of fighting crime, the EARN IT Act treats all internet users like we should be in a permanent criminal lineup, under suspicion for child abuse. If enacted, EARN IT will put massive legal pressure on internet companies both large and small to stop using true end-to-end encryption and instead scan all user messages, photos, and files.
The bill could now be voted on by the full Senate at any time, or worse, included as part of a different “must-pass” legislative package. We need you to contact your representatives in Congress today to tell them to voice their opposition to this bill, along with the STOP CSAM Act - another piece of legislation before the Senate Judiciary Committee that would treat all encrypted messages as possible evidence of a crime.
Bill Language Purporting To Protect Encryption Doesn’t Do The Job
Under pressure, the bill sponsors did add language that purports to protect encryption. But once you take a closer look, the text clearly leaves room to impose forms of “client-side scanning,” which is a method of violating user privacy by sending data to law enforcement straight from user devices before a message is even encrypted. EFF has long held that client-side scanning violates the privacy promise of end-to-end encryption, even though it allows the encryption process to proceed in a narrow, limited sense. We were pleased to hear that Senator Lee, raised similar concerns and actually offered suggestions to the sponsors, which he did in a previous session as well. That language was neither debated or adopted in this committee meeting.
We’re also glad to see that several other senators echoed these concerns about encryption as well as others raised by human rights groups throughout the U.S. and the world. Senator Padilla asked to enter a group letter opposing EARN IT from a coalition of 132 LBGTQ+ human rights organizations, including EFF and the Center for Democracy and Technology, into the record. Senator Padilla also spoke about how this bill could be used to target the communications of people seeking reproductive healthcare in a post-Dobbs era. Senator Booker raised several questions about the impact this bill would have on the security of vulnerable people as well as the need for Congress to promote stronger cyber security, not weaken it.
These concerns suggested the senators might not support the bill if it doesn’t strike a proper balance between fighting crime and user privacy.
But the current bill does not “strike a balance,” because there isn’t one to strike. The sponsors of the bill have made it clear they want to surveil user messages, either by forcing companies to break encryption protocols like in the EARN IT Act or the STOP CSAM Act, or by trying to force internet companies to report their users to law enforcement for other unfavorable conduct or speech.
We can still stop this bill, as well as the others, if there’s enough public pushback. We all have a right to privacy, and to use encrypted services to protect that privacy. Don’t let Congress take that away.