The EARN IT Act
If you are even slightly involved in the privacy community, you’ve probably heard by now about the EARN IT Act. If you’re relatively involved in the privacy community, you’re probably sick of hearing about it by now. But it’s important we need to talk about it: what it is and what to do about it either way.
What is the EARN IT Act?
S. 3398, also called the EARN IT Act of 2020, is “A bill to establish a National Commission on Online Sexual Exploitation Prevention, and for other purposes.” Basically, Senator Lindsey Graham and the National Center for Missing and Exploited Children have decided that end-to-end encryption is bad because it allows the proliferation of things like child sexual abuse, human trafficking, and drug trafficking. Without this side-tracking this post too much, the number of registered sex offenders in the US is less than a quarter of a percent of the population in 2018, and drug arrests account for only 1% of the US population (this post has more context, information, and my sources). So first of all, arguing that nobody should have encryption is a lot like saying nobody should have clothes because a few bad people use it to smuggle illegal items, or that nobody should have food because some people use silverware for murder. It’s ridiculous and blown out of proportion. But that’s exactly what the EARN-IT Act asserts. It’s a law that would ban end-to-end encryption, the most secure form of encryption around, and force all encryptions to have a “backdoor” for law enforcement. The problem is there’s no such thing as a backdoor that only the good guys can access. Just as your own house door can be broken into by a criminal, so can a technological door. The amount of personal liberty we’re giving up is not proportional to the amount of good it would do.
What to do about it
The bill was introduced earlier this month and is still in the very early phases of the legislative process. So that means there’s still tons of time left to fight it. The most effective way, of course, being to call your local politician and tell them you’re a voter in their district and you want them to vote against it. Don’t know who your politicians are? EFF has made this very handy site that will look them up and email them for you. But calls are more effective than emails, so use this site to find your representatives by zip code, and use this site to find your senators by state, then use DuckDuckGo or the direct links on the Senate and House websites to get the phone numbers of their offices nearest you. Then save them in your phone and set an alarm to call them every day and remind them you are against the EARN IT act. Typically all they ask is name, zip code, and your comment. You can leave it at “I disprove of it and want them to vote against it” or you can go on a whole diatribe about how it’s an assault on civil rights and statistically ridiculous. Just be polite. Finally, you can sign an official White House petition against the EARN-IT Act here. This alone won’t be enough to repeal it, but the more signatures it gets the more it shows that Americans don’t want this bill.
What to do if it passes
If this bill passes, we face some trouble, so it’s best to get your ducks in a row now. One solution is the previously-mentioned Firechat app that I shared in my COVID-19 post last week. Since this app stays off cell networks, it’s undetectable and therefore uncensorable. I first learned of it myself because of the role it plays in the ongoing Hong Kong protests.
Another open-source solution I mention on my site is Matrix. Encryption is not enabled by default but is activated easily with the click of a button, and with a little extra work it can bridge to a variety of apps and services.
The TOR Network is another valuable tool, but because it is easily recognizable it can also be easily blocked by internet service providers. So while that is a service to keep in our pockets, it’s important to have alternatives as well. VPNs are likely to not be affected as they are not end-to-end encrypted, but their no-logging policy may come under fire next.
Additionally now is a good time to get comfortable with PGP encryption, as this is a local type of encryption where the keys are stored on your device and you don’t have to rely on anyone else for the security or effectiveness of it. It is most commonly used via email, but it can be used for other types of data-at-rest encryption as well.
Mesh networks are a more complicated solution, but they are a potential solution and hopefully we’ll see them become more user-friendly in the future as a result of this attack.
As I said, now is the time to look into these solutions and start planning as it may be much harder to access these services if the bill gets passed. Hopefully we won’t need them, but better safe than sorry and preparation is key. I plan to put up more posts and tutorials on these subjects in the coming weeks. Up until now I’ve been putting them off as I didn’t think they concerned the average user, but clearly this is no longer the case. In the meantime, the best course of action is keep bugging your elected officials and hopefully this won’t be an issue in the near future.