EARN IT 2022

Brightly colored miniature skull figurines sit atop a wooden box.
Sam Brand

Online services are only private and secure to use if they encrypt our data when it goes to and from their networks, and when those services store our data on their company computers. This approach is known as "end to end encryption," or E2EE. If services don't use E2EE, no one can really expect their data will remain confidential to only their intended audience.

The below 2-minute explainer video covers why only E2EE services can promise their users confidentiality.

An example of an E2EE messaging app today would be the popular app Signal Private Messenger. iMessage from Apple can be, in certain forms, another example. WhatsApp probably fits in here, too. These days, even Zoom offers E2EE communications.

Under EARN IT, companies like Signal could, for the first time, be hauled into court to account for the innumerable sins committed by the 40 million people who use Signal's app each month. Further, Signal could find that their day in court could go from bad to worse, because their app uses secure encryption. Under EARN IT, a judge might rule that Signal was "reckless" by offering E2EE.

If you were in charge of running a non-profit company like Signal, and EARN IT became law, you'd have some hard choices to make.

You could choose to stop offering secure encryption, and just eliminate the privacy and security enjoyed by your users. Alternatively, you could require all of your users' messages to first be scanned against some veiled government database or set of rules, so that anyone who sends a "bad" message could be reported to authorities. Or, I suppose you could just leave the U.S., or even cease operating entirely.

Under EARN IT, an era when companies compete for users based on offering private and secure technology may be over. The encryption technology would still be available to individuals, and it will continue to be used by specialists like activists, researchers and journalists, as well as by criminals and abusers. In fact, there is evidence that passing a law like EARN IT could, horrifically, result in an increase in incidents of child abuse, rather than combating it.

Either way, under the EARN IT that was passed by the Senate Judiciary Committee in 2022, it will probably be impossible for any except the largest U.S. companies to offer services based on secure encryption. For the common person, it means it will be entirely impossible to use any such U.S.-based services without first surrendering privacy and expectations of confidentiality.

This post contains a Privacy Action Invitation. Click here to access a tool by the Electronic Frontier Foundation to quickly tell your representatives how you feel about the EARN IT Act. Send us an email if you would like to be part of a San Diego coalition opposing the EARN IT Act.