Speak Out Against Bills That Threaten End-to-End Encryption Thumbnail
Strengthening the Internet 14 June 2023

Speak Out Against Bills That Threaten End-to-End Encryption

By Allison CrossFormer Content Producer, Internet Society Foundation

When the U.S. Supreme Court overturned Roe v. Wade in 2022, Americans lost their constitutional right to an abortion. Suddenly, law enforcement could use private conversations, period tracking app data, or even Google search history about getting an abortion as evidence in a state where it’s illegal to incriminate the person seeking it.

Conversations about seeking reproductive healthcare can be private and secure, if they happen on a messaging app or platform that uses end-to-end encryption, and if we resist government attempts to break encryption.

Encryption is a fundamental part of how stay safe online and offline. How it protects people trying to seek reproductive healthcare care is just one example.

Three Bills Before Congress Could Break Encryption

But there are three bills before the United States Congress that threaten encryption, the strongest tool we have for keeping every user of the Internet safe. Policymakers want to curb the online spread of illegal content and protect children through measures that would force them to remove or weaken end-to-end encryption.

Everyone, including children, deserves protection from exploitation online. But forcing companies to bypass or weaken encryption is misguided and will only leave us all more vulnerable.  

What is End-to-End Encryption?

End-to-end encryption is any form of encryption in which only the sender and intended recipient can read the message. No third party, even the party providing the communication service, has a key to access the communication. End-to-end encryption is the most secure form of encryption that you can use.

Three Ways Encryption Safeguards Kids

If policymakers want to protect kids online, encryption can help. Like us, children live in a digital world, and use online communications platforms to do schoolwork, play games, make art, and chat with their friends. Our job is to keep all kids safe online. Here are three ways encryption does that:

  1. It keeps private family photos stored on encrypted cloud accounts safe and secure.
  1. It prevents strangers from listening in or seeing messages sent by a child to their friends on messaging apps.
  1. It keeps message content private so it can’t be scanned for ad profiling and targeted with inappropriate content.

What’s At Risk if Encryption is Broken

When we remove encryption from online communication platforms, we opens ourselves up to risks that we usually can’t see in the moment and can’t prevent until it’s too late.

  • Many families have harmless photos of their children in the bath stored on a cloud account. Without encryption, these photos could be more easily stolen, altered, and shared as child sexual abuse material on the Internet.
  • Domestic violence hotlines often use WhatsApp, which is end-to-end encrypted. Without encryption, messages to people who need help may not be private from abusers.
  • Without encryption, LGBTQ+ people could have their private conversations exposed and used against them—opening them up to blackmail, violence, and death.
  • When end-to-end encrypted communications are undermined, it puts our national security at greater risk by making sensitive information more vulnerable to interception.
  • Companies rely on end-to-end encryption to protect trade secrets. Without it, they’ll be vulnerable to corporate espionage, including from competitors overseas.

Which Bills Are Coming After Encryption?

All over the world, governments are proposing bills in the name of protecting children that will ultimately make us all less safe online. In the U.S. alone, the EARN IT Act, STOP CSAM Act, and the Kids Online Safety Act (KOSA) are currently under review. You should know what each entails to understand what’s at risk.

The EARN IT Act: What You Need to Know

The EARN IT Act threatens the use of end-to-end encryption by expanding the liability risks of communications platforms.

If the government believes that platforms (e.g., social media sites, apps, etc.) aren’t doing enough to keep child sexual abuse material off their services, the EARN IT Act would allow U.S. states to hold the platforms criminally liable.

Why would this matter for the majority of us using the Internet lawfully? With the liability being put on platforms, they will take whatever means necessary—like scanning and filtering their users’ content—to mitigate risk. The act would require companies to invade the privacy of their users—all day, every day. In order to be able to scan for illegal content, end-to-end encryption would need to be broken.

Sign the petition to take a stand for encryption and show lawmakers we need this technology to protect children—and everyone else—online.

Tweet about the dangers of the EARN IT Act for encryption.

STOP CSAM Act of 2023: What You Need to Know

The STOP CSAM Act introduces sweeping potential civil liability to any company, non-profit, or individual who’s involved in operating any significant aspect of the Internet or distributing software used in Internet communications.

It would give power to courts to consider the use of encryption as proof of liability for facilitating or promoting cases of child sexual abuse material (CSAM) distribution on a platform. Companies, non-profits, and people would only be required to meet a “reckless” standard to be found civilly liable. As a result, most of the Internet could be construed as open to civil liability for CSAM transmitted over the Internet.

Faced with this new potential civil liability, companies, non-profits, and people will take drastic actions—like removing encryption from tools and services—to reduce the risk of being found liable for reckless disregard towards CSAM distribution online. Platforms and network operators may remove encryption on their services to enable content filtering, which makes everyone less safe online.

Sign the petition to take a stand for encryption and show lawmakers we need this technology to protect children—and everyone else—online.

Tweet about the dangers of the STOP CSAM Act for encryption.

The Kids Online Safety Act (KOSA): What You Need to Know

KOSA imposes a new legal duty on platforms to prevent specific harms against children by stopping them from encountering harmful content.

The definition of harmful content is broad and includes “the promotion of self-harm, suicide, eating disorders, substance abuse, and other matters that pose a risk to physical and mental health of a minor.”

The act is concerning because it may compel platforms to provide data to researchers, a disaster for online privacy. Additionally, it’s possible that in an attempt to comply with their duty to identify and prevent kids from coming into contact with “harmful content, end-to-end encrypted messaging platforms (such as iMessage and WhatsApp) will simply bypass or weaken encryption, putting everyone at risk.

Sign the petition to take a stand for encryption and show lawmakers we need this technology to protect children—and everyone else—online.

Tweet about the dangers of KOSA for encryption.

It’s Time to Speak Up For End-to-End Encryption

Here’s what you can do:

  1. Tell your political representative—no matter where you live in the world—that you’re concerned about how Internet bills could put encryption at risk.
  2. If you’re in the U.S., let your representative know where you stand by sending them a letter—find a template in our toolkit.
  3. Voice your concern on social media. Help others understand why we need to protect encryption.

Image copyright: ©Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Strengthening the Internet 31 January 2024

Keeping Kids Safe Online: Navigating the New Parents’ Guide to Encryption

To some, encryption might seem like the stuff of spy movies, but we all rely on it to keep...

Events 26 January 2024

Lessons from Past Sins and Corruption Can Bolster Future Network Security: NDSS Symposium 2024 

The NDSS Symposium returns to San Diego, USA, from 26 February to 1 March 2024. Discover the topics and sessions...

Strengthening the Internet 19 December 2023

Do We All Experience the Same Internet?

If any two people across the world from each other access the Internet at the same time, will they...