Breaking news
Read our blog to learn why privacy matters. And don't forget to get an encrypted mailbox yourself!

EARN IT bill is aiming at destroying encryption - again. We must take action now!

US Senators want to rush the EARN IT bill through the legislative process, but opposition is already forming.

2022-02-18 / First published: 2022-02-03
Sens. Graham and Rosenthal reintroduced 2020's Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT), but opposition is already mobilising its forces. The EARN IT bill is heavily debated among security experts as it would make dangerous changes to the digital landscape and legal structure under the guise of protecting children. We must act now to stop this draft form becoming a law!

Tutanota has joined a coalition of Human Rights activists to urge Senators to oppose the EARN IT bill in this open letter, namely because the EARN IT bill jeopardizes the security of our communications:

"End-to-end encryption ensures the privacy and security of sensitive communications such that only the sender and receiver can view them. This security is relied upon by journalists, Congress, the military, domestic violence survivors, union organizers, and anyone who seeks to keep their communications secure from malicious hackers. Everyone who communicates with others on the internet should be able to do so privately. But by opening the door to sweeping liability under state laws, the EARN IT Act would strongly disincentivize providers from providing strong encryption."

The EARN IT bill has been re-introduced to the Senate last week.

Recently published statements about the "new" version of the EARN IT bill sound just like the fear-mongering, privacy-infringing, unconstitutional nonsense as in 2020. Again the proponents of the bill try to present tech companies as being complicit with child sexual abuse by offering secure communication online.

Regardless of such claims more than half a million of Americans have already signed the petition started by Fight for the Future. The digital rights goupd issued a statement on Tuesday defending the use of strong encryption:

"The EARN IT Act is one of the most poorly conceived and dangerous pieces of Internet legislation I have seen in my entire career, and that’s saying a lot."

"The EARN IT Act also takes aim at end-to-end encryption, which is one of the most important technologies keeping people safe from violence and abuse. Strong encrypted messaging also protects our hospitals, schools, airports and water treatment facilities. Disincentivizing popular services from offering strong encryption to users will put lives in danger for absolutely no benefit."

The Center of Democracy and Technology has issued a similar statement:

"The newest version of the bill not only retains these core problems, but, in some cases, makes things worse. In particular, the bill would threaten encryption and the role it plays in protecting cybersecurity for everyone, and especially at-risk users. Given its significant problems and potential vast impact on internet users, CDT is especially concerned to see the EARN IT Act being rushed through the legislative process. We urge Senators to oppose the new bill."

Help fight EARN IT and sing the petition as well!

EARN IT explained

EARN IT is a law proposed by Attorney General William Barr to stop American tech companies from using encryption. The bill pretends to deal with the very serious issue of child exploitation online, but in reality will put an end to encryption and security online for everyone. Instead of actually providing law enforcement with more money and more officers, it attacks free speech and security online.

In the past, Barr and others have repeatedly tried to pass anti-encryption laws in the USA, but regularly failed because of a public outcry. Even though we know that more surveillance won't keep us more secure, Barr, Rosenthal, Graham, and other politicians keep pushing for such legislation.

Nevertheless, people must have the option for a private conversations online, and they increasingly understand that encryption it the best tool they have to protect their private messages from any third party.

Does EARN IT outlaw encryption?

That's why the proposed EARN IT bill does not explicitly outlaw encryption. Instead, it says that tech companies must apply "best practices" to scan data before it is being uploaded. If they don't apply these "best practices", they can be sued into bankruptcy.

While having to follow "best practices" sounds rather harmless at first sight, the anti-encryption goal quickly becomes obvious. Cryptography experts like Bruce Schneier and Matthew Green publicly warn that the EARN IT bill will do more harm than good.

The biggest fear: As the "best practices" list will be defined by a government commission, encryption might soon be outlawed. It is publicly known that proponents' main goal is to ban encryption and enable law enforcement access to any online conversation.

EARN IT is a Trojan horse

When EARN IT was first introduced in 2020, there was immense public opposition to the draft law:

"This terrible legislation is a Trojan horse to give Attorney General Barr and [President] Donald Trump the power to control online speech and require government access to every aspect of Americans' lives," Sen. Ron Wyden (D-Ore.) said.

"While Section 230 does nothing to stop the federal government from prosecuting crimes, these senators claim that making it easier to sue websites is somehow going to stop pedophiles. This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned."

Another anti-encryption bill

In the end, EARN IT is very similar to any other anti-encryption bill: It pretends to solve problems of online criminality (child abuse) by stopping citizens from protecting their online communication with encryption.

The threat here is a destruction of freedom of speech and democracy itself.

The Electronic Frontier Foundation says: "You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create encryption backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like 'client-side scanning' aren't a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others."

EARN IT kills innovation

The truth is that most people and businesses have severe problems protecting themselves online against all kinds of threats.

Cryptography expert Matthew Green says: "There are a handful of promising technologies that could solve this problem. End-to-end encryption happens to be one of those. It is, in fact, the single most promising technology that we have to prevent hacking, loss of data, and all of the harm that can befall vulnerable people because of it."

What we need now, is more innovation online to improve the security for everyone. Yet, EARN IT would kill innovation: Why would any tech company invest in improving their users' security if they knew that in the end their innovation will not make it to the "best practices" list leaving their innovation unused?

Sign the petition against EARN IT

That's why cryptography experts like Bruce Schneier and Matthew Green as well as Fight for the Future call on everyone to sign the petition against the EARN IT bill.

Take action

The Electronic Frontier Foundation (EFF) has launched a platform where you can easily find your representative in congress and tell them to reject EARN IT.

Take action now and tell congress to reject EARN IT.

With Tutanota, we plan to stop mass surveillance with encryption. We reject any legal approach to destroy encryption as it ultimately would destroy freedom of speech and, in consequence, our democracy.

To make sure Tutanota stays true to its promise of encrypting all data end to end, all Tutanota clients are published as open source.