Senator Blumenthal, After Years Of Denial, Admits He's Targeting Encryption With EARN IT
from the he-just-came-out-and-said-it dept
Senator Richard Blumenthal has now admitted that EARN IT is targeting encryption, something he denied for two years, and then just out and said it.
Since the very beginning many of us have pointed out that the EARN IT Act will undermine encryption (as well as other parts of the internet). Senator Richard Blumenthal, the lead sponsor on the bill, has insisted over and over again that the bill has nothing to do with encryption. Right after the original bill came out, when people called this out, Blumenthal flat out said "this bill says nothing about encryption" and later claimed that "Big Tech is using encryption as a subterfuge to oppose this bill."
That's been his line ever since -- insisting the bill has nothing to do with encryption. And to "show" that it wasn't about encryption, back in 2020, he agreed to a very weak amendment from Senator Leahy that had some language about encryption, even though as we pointed out at the time, that amendment still created a problem for encryption.
The newest version of EARN IT replaced Leahy's already weak amendment with one that is a more direct attack on encryption. But it has allowed slimy "anti-porn" groups like NCOSE to falsely claim that it has "dealt with the concerns about encryption." Except, as we detailed, the language of the bill now makes encryption a liability for any web service, as it explicitly says that use of encryption can be used as evidence that a website does not properly deal with child sexual abuse material.
But still, through it all, Blumenthal kept lying through his teeth, insisting that the bill wasn't targeting encryption. Until yesterday when he finally admitted it straight up to Washington Post reporter Cat Zakrzewski. In her larger story about EARN IT, I'm not sure why Zakrewski buried this point all the way down near the bottom, because this is the story. Blumenthal is asked about the encryption bit and he admits that the bill is targeting encryption:
Blumenthal said in an interview that lawmakers incorporated these concerns into revisions, which prevent the implementation of encryption from being the sole evidence of a company’s liability for child porn. But he said lawmakers wouldn’t offer a blanket exemption to using encryption as evidence arguing companies might use it as a “get-out-of-jail-free card.”
In other words, he knows that the bill targets encryption despite two whole years of blatant denials. To go from "this bill makes no mention of encryption" to "we don't want companies using encryption as a 'get-out-of-jail-free card'" is an admission that this bill is absolutely about encryption. And if that's the case, why have their been no hearings about the impact this would have on encryption and national security? Because, that seems like a key point that should be discussed, especially with Blumenthal admitting this thing that he denied for two whole years.
During today's markup, Blumenthal also made some nonsense comments about encryption:
The treatment of encryption in this statute is the result of hours, days, of consultation involving the very wise and significant counsel from Sen. Leahy who offered the original encryption amendment and said at the time that his amendment would not protect tech companies for being held liable for doing anything that would give rise to liability today for using encryption to further illegal activity. That's the key distinction here. Doesn't prohibit the use of encryption, doesn't create liability for using encryption, but the misuse of encryption to further illegal activity is what gives rise to liability here.
This is, beyond being nonsense word salad, just utterly ridiculous. No one ever said the bill "prohibited" encryption, but that it would make it a massive liability. And he's absolutely wrong that it "doesn't create liability for using encryption" because it literally does exactly that in saying that encryption can be used as evidence of liability.
The claim that it's only the "misuse of encryption" shows that Senator Blumenthal (1) has no clue what he's talking about and (2) needs to hire staffers who actually do understand this stuff, because that's not how this works. Once you say it's the "misuse of encryption" you've sunk encryption. Because now every lawsuit will just claim that any use of encryption is misuse and the end result is that you need to go through a massive litigation process to determine if your use of encryption is okay or not.
That's the whole reason why things like Section 230 are important, because they avoid having every company have to spend over a million dollars to prove that the technical decision they made were okay and not a "misuse." But now if they have to spent a million dollars every time someone sues them for their use of encryption, then it makes it ridiculously costly -- and risky -- to use encryption.
So, Blumenthal is either too stupid to understand how all of this actually works, or as he seems to have admitted to the reporter despite two years of denial, he doesn't believe companies should be allowed to use encryption.
EARN IT is an attack on encryption, full stop. Senator Blumenthal has finally admitted that, and anyone who believes in basic privacy and security should take notice.
Oh, and as a side note, remember back in 2020 when Blumenthal flipped out at Zoom for not offering full end-to-end encryption? Under this bill, Zoom would be at risk either way. Blumenthal is threatening them if they use encryption and if they don't. It's almost as if Richard Blumenthal doesn't know what he's talking about regarding encryption.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: earn it, encryption, liability, richard blumenthal
Reader Comments
Subscribe: RSS
View by: Time | Thread
I fully expect, after this passes because I'm much to cynical to believe it won't, someone to get sued for using HTTPS encryption and then losing.
[ link to this | view in chronology ]
Re:
Jeez, with that attitude, you’re essentially allowing Earn It to pass.
Not to say that it’s not okay to worry shitless, because it is. This was highly expected that Earn It would pass out of committee, but there is a silver lining to it. The bill was voted out of committee unanimously, but There were legit concerns raised by five senators, four Democrats and a Republican. If they are true to their word, then that means that Earn It could face a slowdown of momentum, giving more time for the opposition to strengthen. Plus Blumenthal made a fatal mistake of admitting that Earn It is an attack on encryption, which he might as well thrown in the smoking gun before a judge. His words would be used against him. This is all hypothetical, but there is room for hope.
[ link to this | view in chronology ]
The biggest problem with EARN IT, is that it turn tech companies into police, with penalties if they make any mistake policing the public.
[ link to this | view in chronology ]
Re:
If only the real police had penalties for making mistakes policing the public.
[ link to this | view in chronology ]
Something I feel deserves more attension
They said (Gram and Blumy) at the markup that while this bill they claim doesn't impose a scanning mandate THE NEXT BILL THEY PROPOSE WILL BE.
They are going to propose a bill to MANDATE scanning. Shows how little they care about our rights.
[ link to this | view in chronology ]
Re: Something I feel deserves more attension
They really, truly, think the CSAM problem is 'simple' to fix, but Big Tech is being obstinate out of greed and need to be threatened with bigger and bigger sticks until they finally Nerd Harder and just push that big red 'fix it' button they know they have.
Same with political hacking, misinformation, copyright, racism and 'x'-ophobia, etc., etc., etc....
[ link to this | view in chronology ]
Re: Re: Something I feel deserves more attension
No, they don't actually care about CSAM. This is entirely a wedge bill to force tech companies to let them go through everyone's private messages.
[ link to this | view in chronology ]
Re: Re: Something I feel deserves more attension
Poe's Law at work here. :)
Also easy to fix by Big Tech: global warming, feeding the hungry, curing cancer. All they have to do is press the fix-it button and it would all be gone tomorrow...
[ link to this | view in chronology ]
Re: Re: Re: Something I feel deserves more attension
Unfortunately, the fix-it button (for the first two, anyway) is behind a finger guard that can only be opened by pressing the "abolish capitalism" button.
[ link to this | view in chronology ]
Re: Re: Something I feel deserves more attension
They really, truly, think the CSAM problem is 'simple' to fix, but Big Tech is being obstinate out of greed and need to be threatened with bigger and bigger sticks until they finally Nerd Harder and just push that big red 'fix it' button they know they have.
As Bluegrass Geek noted above they(the politicians) don't actually care about CSAM and are just using it for their own ends so they simply assume that the tech platforms are the same, the difference is that tech platforms and the companies running them actually do care about cracking down on CSAM in a meaningful manner.
[ link to this | view in chronology ]
How soon could there be a full vote on the Senate floor?
[ link to this | view in chronology ]
Re:
Who’s to say? Weeks, months, later this year? We might be pro-internet, but we’re not psychics, Unfortunately.
[ link to this | view in chronology ]
Ok now what
Ok let’s say it goes through. All I hear is freight. Do we stop using the internet. Is there anyway around the EARN IT Act to keep are data private. How about VPN that are located in other countries? I remember hearing SIGNAL the message service would pull out of America if the EARN IT Act passed.
There must be apps we can use to avoid the EARN IT Act and keep are information secure should it pass. Any ideas???
[ link to this | view in chronology ]
Old forked tongue Blumenthal, who would have ever guessed he was lying?
[ link to this | view in chronology ]
Apply the same logic to anything else
'Our law isn't an attack on free speech, it's only going after irresponsible speech, that being anything someone I don't like says.'
'We're not trying to undermine privacy, we're only going after those that misuse it by keeping us from being able to see everything they say and do.'
Or for one that would strike a little closer to home to half of those they're trying to sell this lie to...
'Our law doesn't threaten gun ownership, we're just going after irresponsible gun owners, any responsible gun owner will have nothing to worry about because gun ownership will only be a factor if any other charge are also brought against a person.'
[ link to this | view in chronology ]
Get out of jail free card
No dude, it's the "You have absolutely no basis of even accusing me of anything on these grounds" card.
Prove a company was explicitly and knowingly intending its services to be used for criminal purposes. Not "having encryption is indicative of shady dealing".
[ link to this | view in chronology ]
Re:
Sadly, most Congress members have due process all backward.
[ link to this | view in chronology ]
let's stop this from happening and start another war, against our own people, companies and allies! this is exactly what went on in 1930s-40s Germany and look where that took the world! what right has any government got to encroach on privacy and freedomj when you're supposed to be a modern, up-to-date nation that believes in FREEDOM??
[ link to this | view in chronology ]
Sounds about right
the GOP does love trying to be fascist after all. So, why not imitate the Nazis in 1930's Germany?
[ link to this | view in chronology ]
Re: Sounds about right
If you're gonna single out the GOP, write your complaints on an article about internet service. Neither major party is stranger to the desire to break encryption and to increase surveillance.
[ link to this | view in chronology ]