The EARN IT Act was introduced by Sen. Lindsey Graham (Republican of South Carolina) and Sen. Richard Blumenthal (Democrat of Connecticut), along with Sen. Josh Hawley (Republican of Missouri) and Sen. Dianne Feinstein (Democrat of California) on March 5.
The premise of the bill is that technology companies have to earn Section 230 protections rather than being granted immunity by default, as the Communications Decency Act has provided for over two decades.
- Alfred Ng C|Net
Section 203 of the Communications Decency Act protects "interactive computer services" from being treated as the publisher or speaker of third-party content. This law prevents sites like Facebook and Twitter from being legally liable for their users say.
Under the EARN IT Act being proposed, this could be the end of such protections. Instead of having Section 203 immunity, companies will have to certify they follow new best practices established by a new committee chosen by the Attorney General, Secretary of Homeland Security, and the chairman of the FTC. If a company doesn't certify to follow these best practices, it will not have the protection of section 203. This means all these protections will not be provided by default.
“Facebook is talking about end-to-end encryption which means they go blind,” Sen Graham said, later adding, “We’re not going to go blind and let this abuse go forward in the name of any other freedom.”
- Senator Lindsey Graham
The above statement was made by Senator Lindsey Graham, the Senator that introduced the EARN IT Act. While there is currently no wording that mentions the weakening of encryption, as more companies go end to end encryption, it is clear this is something the Government will not allow.
This isn't the first time the Government has tried to put backdoors for law enforcement into encryption protocols. Even if it does not pass, it will not be the last. Rumors speculate there is a good chance this will pass, although currently, it does not have wording in it to weaken encryption, it is not too late for it to be added.
Once there is a hole placed in encryption, it will not just be the Government using it. Every country and criminal will be looking to exploit these backdoors. Without open-source trustworthy encryption, almost everything becomes vulnerable overnight. Your taxes, your medical records, your bank accounts, nothing will be safe.