The views expressed by contributors are their own and not the view of The Hill

The EARN IT Act threatens encryption and national security

by Jonathon Hauenschild, opinion contributor - 06/27/20 4:00 PM ET

iStock
It’s critical to augment national cyber resiliency, especially to defend against “store now, decrypt later,” or SNDL, attacks.

The opening line from Dicken’s Tale of Two Cities — “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…” — describes the debate around social media and encryption in the United States today. Different arms of government are at odds with each other. On the one hand, the intelligence, national security, and defense communities promote the advantages of strong digital encryption practices. On the other hand, the law enforcement community and several politicians decry strong encryption. Those in opposition have introduced legislation, the EARN IT Act, in the Senate and are preparing to debate standards that could very well threaten national security.

When companies like Google, Apple, Whatsapp and Signal use encryption, they use algorithms — math — to obscure information. Programs scramble data, making them illegible unless one has the “keys” that decipher the information. Due to the nature of the internet, information online is essentially available to all.

Encryption is used to protect a variety of information: credit card and bank account numbers, social security numbers, and other sensitive data. Encryption protects individuals and businesses alike — it’s an online door lock.

Intelligence, national security, and defense communities warn that a lack of strong encryption practices could result in sensitive information in the hands of countries that are less than friendly. For example, they warn that Chinese telecommunications manufacturer Huawei can spy on mobile data. Officials believe that Huawei has created back doors in its devices that would allow the Chinese government to access communications networks utilizing the company’s equipment.

This revelation is particularly important as the world upgrades from 4G wireless communications to 5G. Society will greatly benefit from 5G, including increased capacity and lower latency. But the switch to 5G also means we need to double-down on encryption.

The shift to 5G ensures that more communications and internet traffic will transit through the cloud. If the communications networks are not strongly encrypted, bad actors will intercept information. An unsecured communications network means hackers will access personal communications and other confidential information.

While some are making the argument for strong encryption, the U.S. Senate and Department of Justice are working to deal it a serious blow. The Senate Judiciary Committee has started debating and marking up the EARN IT Act. The crux of the proposal would strip companies of Section 230 protections intermediate liability for failing to comply with the proposal’s standards.

The sponsors claim the purpose of the proposal is to “protect children” from online sex trafficking and exploitation. But the methods they chose through the act appear to be unconstitutional and at a minimum would be counterproductive. The proposal could also threaten national security and consumer confidence in a robust online ecosystem, which is more necessary than ever during the novel coronavirus national emergency.

The EARN IT Act would establish a national commission — some call it a “Censorship Board” — that would promulgate “best practices” designed to “prevent the use of interactive computer services for the exploitation of minors.” A majority of the board would be comprised of federal government officials, prosecutors and victims of child sexual exploitation or advocacy groups. A minority would be constitutional and computer experts and a couple of industry representatives. The proposal requires a future Congress to enact as law the “best practices” recommended by the board (putting aside, also, the fact that this arrangement is likely unconstitutional).

Particularly pernicious for encryption, the EARN IT Act includes a very subtle provision that threatens end-to-end encryption. One of the proposal’s guidelines would require the board to promulgate standards by which companies would have to provide “lawful access” to communications networks. Requiring “lawful access” to encrypted communications networks is just a euphemistic way of saying “mandated back doors.”

Once the government requires backdoors to encrypted devices, the whole network is compromised. Bad actors, such as China, Russia and North Korea will almost certainly find and exploit these backdoors to spy on potentially everyone, from children participating in e-learning and gaming to parents teleworking during this time of crisis.

The EARN IT Act ignores the benefits of Section 230, the Constitution, warnings from the intelligence community and tactics employed by the Chinese government, setting up a dispute between national security experts, law enforcement and Congress.

Unfortunately, the EARN IT Act places everyone in a lose-lose situation. The Senate will claim national security and privacy advocates are not sympathetic to the victims of online predators, while the Chinese can now claim Americans are proposing the same backdoors found in Huawei devices, even if the Act is defeated.

Jonathon Hauenschild is the director of the ALEC Communication and Technology Task Force. Follow him on twitter @TheDiscipulus.