Lawmakers Are Taking First Steps Toward Outlawing End-to-End Encryption

It’s no secret by now that there are many politicians and lawmakers in the U.S. government that would strongly prefer that companies like Apple provide a backdoor to aid law enforcement in criminal investigations and other matters of national security, and now it looks like they may be taking the first subtle steps toward legislation that could make end-to-end encryption technologies a thing of the past.

According to Bloomberg, U.S. Senator Lindsey Graham (R-S.C.), chair of the Senate Judiciary Committee, is drafting a new bill that could potentially outlaw the use of encryption in the name of protecting children.

Senator Graham is the same lawmaker who has repeatedly called the iPhone a “save haven for criminals” and most recently told Apple that he and the Senate would “impose their will” on the iPhone maker unless it voluntarily comes up with a way of allowing law enforcement to access encrypted iPhones.

While the new bipartisan bill hasn’t yet been made public, Bloomberg was able to obtain a copy, which is calling upon Congress and the Trump administration to establish a commission that would be responsible for coming up with “best practices” for tech companies to prevent online exploitation of children. However, under the proposed legislation, the U.S. Attorney General would head the commission and would also have the authority to modify the rules without a consensus or any real oversight.

Turning Tech Companies into Cops

Titled the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, the bill would modify section 230 of the Communications Decency Act in order to make companies liable in both criminal cases and civil lawsuits regarding child abuse and exploitation if they don’t follow the best practices established by the commission.

While many of these suggested best practices are more than reasonable — things like offering parental controls and setting age limits are already on the books in one form or another — the bill also requires companies to “preserve, remove from view, and report” and material as well as retain any evidence that may pertain to such cases.

It’s important to note that the bill doesn’t specifically mention end-to-end encryption, but it’s easy to see how its requirements to preserve, report, and retain evidence could easily be used to eliminate end-to-end encryption, while also placing big tech companies like Apple in the role of gatekeepers that would need to not only retain unencrypted communications, but could be held liable if they fail to actively monitor things like iMessage traffic in order to report suspected cases of child abuse and exploitation to law enforcement.

This is especially true when you consider that the lawmakers behind the bill are vocal opponents of end-to-end encryption, including not only Senator Graham, but also U.S. Attorney General William P. Barr, who has also recently been pushing against Apple’s security and would be heading up the committee and have almost carte-blanche authority to set the rules.

In other words, if this bill were passed, the U.S. Department of Justice would be given the authority to effectively ban end-to-end encryption without further legislative oversight simply by adding it to the list of things that are against the “best practices” set by the Attorney General.

Right now, Section 230 of the Communications Decency Act protects platforms from responsibility for content posted by third parties, however the Justice Department has scheduled a Feb. 19 meeting to discuss whether large tech companies should continue to enjoy that immunity, and the U.S. Attorney General seems to believe that this should no longer be the case. Companies that failed to follow the “best practices” established by the new legislation and set by the Attorney General would lose all immunity and could be held responsible for “reckless” violations of child exploitation and abuse laws.

At this point, however, the bill hasn’t even yet been introduced, with a spokeswoman for the Senate Judiciary Committee emphasizing to Bloomberg that it hasn’t even been finalized yet, but is actually still in draft form. This means there’s no guarantees that it will even reach the Senate Judiciary Committee as-is, much less make it to Congress, but it demonstrates some of the steps being taken by U.S. lawmakers opposed to the security provisions that Apple and others are putting into place in order to protect the safety and privacy of their users, and will undoubtedly continue to foster even more debate on the proper balance between user privacy and the need for law enforcement to be equipped to do its job.