EARN IT explained
In the past, Barr and others have repeatedly tried to pass anti-encryption laws in the USA, but regularly failed because of a public outcry. Even though we know that more surveillance won't keep us more secure, Barr and other politicians keep pushing for such legislation.
Nevertheless, people like to have private conversations online, and they increasingly understand that encryption it the best tool they have to protect their private messages from any third party.
Does EARN IT outlaw encryption?
That's why the proposed EARN IT act does not explicitly outlaw encryption. Instead, it says that tech companies must apply "best practices" to scan data before it is being uploaded. If they don't apply these "best practices", they can be sued into bankruptcy.
While having to follow "best practices" sounds rather harmless at first sight, the anti-encryption goal quickly becomes obvious. Cryptography experts like Bruce Schneier and Matthew Green publicly warn that the EARN IT bill will do more harm than good.
The biggest fear: As the "best practices" list will be defined by a government commission, which is led by Attorney General Barr, encryption might soon be outlawed. It is publicly known that Barr's main goal is to ban encryption and enable law enforcement access to any online conversation.
EARN IT is a Trojan horse
"This terrible legislation is a Trojan horse to give Attorney General Barr and [President] Donald Trump the power to control online speech and require government access to every aspect of Americans' lives," Sen. Ron Wyden (D-Ore.) said.
"While Section 230 does nothing to stop the federal government from prosecuting crimes, these senators claim that making it easier to sue websites is somehow going to stop pedophiles. This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned."
Another anti-encryption bill
In the end, EARN IT is very similar to any other anti-encryption bill: It pretends to solve problems of online criminality (child abuse) by stopping citizens from protecting their online communication with encryption.
The threat here is a destruction of freedom of speech and democracy itself.
The Electronic Frontier Foundation says: "You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create encryption backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like 'client-side scanning' aren’t a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others."
EARN IT kills innovation
The truth is that most people and businesses have severe problems protecting themselves online against all kinds of threats.
Cryptography expert Matthew Green says: "There are a handful of promising technologies that could solve this problem. End-to-end encryption happens to be one of those. It is, in fact, the single most promising technology that we have to prevent hacking, loss of data, and all of the harm that can befall vulnerable people because of it."
What we need now, is more innovation online to improve the security for everyone. Yet, EARN IT would kill innovation: Why would any tech company invest in improving their users' security if they knew that in the end their innovation will not make it to Barr's list of "best practices" leaving their innovation unused?
Sign the petition against EARN IT
That's why cryptography experts like Bruce Schneier and Matthew Green as well as Fight for the Future call on everyone to sign the petition against the EARN IT Act.
With Tutanota, we plan to stop mass surveillance with encryption. We reject any legal approach to destroy encryption as it ultimately would destroy freedom of speech and, in consequence, our democracy.
To make sure Tutanota stays true to its promise of end-to-end encryption, all Tutanota clients are published as open source.