What is The EARN IT Act?

Open source Incident Response Tools

The crime of child sexual assault has always been a problem that society hopes to combat. Recently, the US Congress is considering legislation against child sexual assault, but it has been considered by the technology community to threaten current data encryption practices, which has brought information security and free speech profound influence. The “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act”, or EARN IT for short, requires technology companies to take responsibility for the content on the platform and provide effective measures to combat child sexual abuse content. Richard Blumenthal, one of the lawmakers who advocated the new bill, said businesses that have failed to adhere to the basic standards of protecting children from exploitation have betrayed the public trust that this special exemption gives them. Online platforms are almost completely exempt from legal liability, which is a privilege, and they must re-take responsibility.

However, the technology industry and human rights organizations believe that the scope of this bill is too wide and will make technology companies unable to provide end-to-end encryption in their products in order to ensure that law enforcement agencies can review the content. According to the analysis, the legislator has not provided a way to meet the content review requirements while protecting privacy. Therefore, if the legislation is successful, a government-appointed committee will be set up to provide guidance to technology companies. It will also threaten end-to-end data encryption, which will have the opportunity to further narrow online freedom of speech. This plan may prevent all messaging services (for example, Telegram and Whatsapp) from providing end-to-end encryption to users. Under this plan, businesses may be forced to design backdoors in their networks to enable government agencies to spy on private communications. In addition to obvious privacy issues, such backdoors could end up in the wrong person’s hands and be used by hackers to steal sensitive information, just like other backdoors in the past.

Can this bill really stop online child abuse?

According to an analysis from The Center for Internet and Society at Stanford Law School, the proposed bill does not contain any tools to actually stop online child abuse, it would actually make it much harder to prosecute pedophiles. Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity, explained that online providers proactively, and voluntarily, scan for child abuse images by comparing their hash values to known abusive content:

  • Apple does it with iCloud content;
  • Facebook has used hashing to stop millions of nude children’s images;
  • Google released a free artificial intelligence tool to help stamp out abusive material.

Pfefferkorn emphasized that the keyword is “voluntarily”. Those platforms are all private companies, as opposed to government agencies. As what is required by Fourth Amendment protections, being against unreasonable search to get warrants before they search our digital content, including our email, chat discussions, and cloud storage. LIFARS’ Compliance Advisory service is designed to understand your compliance needs, ascertain current status, provide remediation guidance, and conduct a post-remediation assessment to ensure compliance with regulatory mandates such as GDPR, CCPA, PIPEDA, FFIEC, NYDFS, HIPAA, HITRUST, PCI DSS, and SOX.



Contact LIFARS Immediately for

Keeping Updated About New Cybersecurity Act