There’s no question about it: We need to keep our kids safe online.
This sentiment undergirds a new bill from Sen. Lindsey Graham’s, R-South Carolina, and Sen. Richard Blumenthal, D-Connecticut, which Graham says would tackle child exploitation. But it would actually do the exact opposite.
The bipartisan legislation, introduced Thursday and co-sponsored by Sen. Dick Durbin, D-Illinois, and seven others so far, would afford U.S. Attorney General William Barr a great deal more access to your data in the effort to keep criminals from doing bad things online. But in order to give him that access, encryption would need to be weakened, putting important communications, especially those used by vulnerable communities such as domestic violence victims or LGBT+ youth, at risk of malicious hacks.
Encryption is a somewhat common technology used to secure digital networks — in everything from your iPhone to the national electricity grid. Encryption is our best defense against cybercrime, a problem the FBI says is growing in complexity, frequency and sophistication.
Those supporting the legislation, known as the EARN IT Act, claim that encryption is being used by online predators to make themselves harder to surveil online by law enforcement. But encryption is simply a tool. So, while it can be used by bad guys, it’s more commonly used by legitimate businesses and citizens to protect themselves from criminals online.
The importance of encryption for online services is hard to overstate. Banks rely on it to keep online banking secure and trustworthy for consumers, and online retailers rely on it to keep financial information of consumers secure. Apple uses it to secure their products such as the iCloud.
But the EARN IT Act aims to undercut all of that by making digital communications services, such as Facebook Messenger and Apple’s iMessage, choose between weakening encryption or accepting liability for however consumers use their services.
That would mean if Apple continued to secure the data of their customers, the government could punish Apple if an iPhone user broke the law on iMessage.
The government and other potential plaintiffs would find it easier and more profitable to go after Apple, a big company with deep pockets, than actual criminals.
Any major company used by millions of Americans to send messages and store data would find it hard to justify maintaining secure encryption in the face of such legal costs and even criminal penalties. As a result, businesses such as Apple and WhatsApp would be forced to abandon secure encryption — exposing us all to criminal activity like never before.
While encrypted services haven’t always been so commonplace, the security with which they provide us has allowed the digital economy to grow and positively impact so much of our lives. For example, many of us use digital storage to access important documents and media. These services can be accessed from anywhere in the world using services such as iCloud, Dropbox and Google Drive. All of these services rely on encryption to keep the sensitive information of their consumers safe from hackers and those who would exploit it.
In 2014, we got a glimpse of what happens when these storage services are compromised. Poor password management allowed hackers into the iCloud accounts of several celebrities, predominantly women. Images were leaked and spread around the internet, violating the privacy and, sometimes, safety of those women.
As consumers have wanted to store more information online, the threat of cybercrime has only grown. Encryption is our best defense against it.
Young people are protected by encryption too. Baby monitors connected to the internet, and other domestic security systems such as Ring, Nest and Life360 use encryption to ensure that the parents are the only people able to keep an eye on their kids. And teenagers would find messaging services far less secure.
The very goal of the proposed legislation, to help keep youth safe online, would be threatened by the bill’s assault on encryption.
Instead of attacking tech services, the government should improve their already strong collaborative relationship with them when it comes to fighting child exploitation. The National Center for Missing and Exploited Children exists to take all tips provided by tech services and package them together to send to the FBI.
But that system is underfunded, and the center faces a backlog of cases. This means that even when tech services send in tips on child exploitation material, they often go unprocessed. Further reforms to how these tips can be processed, potentially including extra funding for NCMEC, could go a long way in improving law enforcement’s effectiveness in tackling predators online without the negative consequences of weakening encryption.
A backlash in Washington against tech companies has unfortunately pushed politicians to find new ways to attack tech on major issues rather than work with them. And in this case, consumers and kids online could be the ones dealing with the fallout.
Robert Winterton is a tech policy fellow for Young Voices and director of public affairs for NetChoice, a trade association.