Senators dispute claim that Section 230 revision would limit encryption

[ad_1]

Sen. Richard Blumenthal (D-CT) announces a bipartisan agreement on Turkey sanctions during a news conference on Capitol Hill in Washington, October 17, 2019.

Erin Scott | Reuters

Senators disputed the tech industry’s claims that a bipartisan bill targeting tech’s long-standing legal shield would prohibit encryption by necessity.

“This bill says nothing about encryption,” Sen. Richard Blumenthal, D-Conn., said at a hearing Wednesday to discuss the legislation. Blumenthal introduced the EARN IT Act last week with Senate Judiciary Committee Chairman Lindsey Graham, R-S.C., ranking member Dianne Feinstein, D-Calif., and Sen. Josh Hawley, R-Mo.

As the name suggests, the bill aims to make tech platforms “earn” a the legal immunity they’ve long enjoyed for third-party content posted to their services under Section 230 of the Communications Decency Act. If enacted, online platforms would no longer be automatically protected, but would be able to win back immunity by certifying compliance with a set of best practices for detecting and reporting child sexual exploitation materials to law enforcement.

Industry groups slammed the legislation when it was announced, warning the bill “would erode both security and trust by potentially forbidding the use of end-to-end encryption in order to comply with the law,” as Information Technology Industry Council President and CEO Jason Oxman put it in a statement. The group represents members including Amazon, Apple, Facebook, Google, Microsoft and Twitter.

“Weakening encryption and the security of technology products, including through the EARN IT Act, does nothing to advance online safety,” Oxman said.

While the bill does not explicitly address encryption, ITI argued it would allow the Department of Justice to require “back doors” to encrypted products, which scramble messages so that they are not readable to anyone outside of the sender and recipient. Tech companies like Apple have previously told government officials that creating such an entry point or key would weaken privacy standards for all users.  

The DOJ has recently stepped up its critique of tech companies implementing encryption, including Facebook, which has announced plans to integrate and encrypt its three messaging services, Messenger, Instagram and WhatsApp. Attorney General William Barr previously said he feared that encryption of the apps would greatly hurt law enforcement’s ability to detect instances of child sexual exploitation given Facebook comprises the vast majority of reports to the U.S. National Center for Missing and Exploited Children (NCMEC).

The Department also recently hosted experts to discuss Section 230 where Attorney General William Barr said tech’s scale and power raises “valid questions” about whether the industry still needs the immunity.

Wednesday’s hearing demonstrated that broad support exists in Congress for revising Section 230 alongside support for encryption. 

“End-to-end encryption must be able to exist with robust law enforcement and I’m not going to support anything that does not protect the integrity of encryption for users, I can promise you that,” said Hawley.

Blumenthal referenced a letter Facebook sent in response to questions from a group of Senators saying it is “committed to designing strong prevention, detection, and reporting systems to ensure that private and secure messaging services provide users with industry-leading privacy and security while safeguarding them and others from online abuse.”

Blumenthal said the response showed encryption and enforcement could be compatible.

“Strong law enforcement is compatible with strong encryption,” Blumenthal said. “I believe it, Big Tech knows it and either is Facebook is lying — and I think they’re telling us the truth when they say that law enforcement is consistent with strong encryption — or Big Tech is using encryption as a subterfuge to oppose this bill.”

Subscribe to CNBC on YouTube.

WATCH: Why the U.S. government is questioning your online privacy

[ad_2]

Source link