GO AWAY: Draft bill could penalize companies for using end-to-end encryption.

Politicians may be looking for a roundabout way to thwart end-to-end encryption. Senator Lindsey Graham is drafting a bill, the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, that would modify the Communications Decency Act’s Section 230 to make companies liable in state criminal cases and civil lawsuits over child abuse and exploitation if they don’t follow practices set by a national commission. Some of these would be relatively uncontroversial, such as offering parental controls and setting age limits with disclosures. However, the bill also includes requirements to “preserve, remove from view, and report” material as well as retain evidence, and there’s a concern these could be used as pretexts for punishing the use of end-to-end encryption that would make some of this data inaccessible.

The draft does ask the commission to consider issues like privacy and security when establishing the practices. However, the 15-person commission would be led by the Attorney General, and current AG William Barr has been a vocal opponent of end-to-end encryption. As the draft law would let Barr modify the rules without a consensus, it wouldn’t take much for him to require a backdoor and thus weaken encryption for everyone by creating a hacker-friendly vulnerability.

Dumb.