Lindsey Graham Wants to Use Mistrust of Big Tech To Destroy Your Right to Online Privacy

Online platforms would have to "earn" speech protections by compromising encryption—all in the name of fighting child porn.


Sen. Lindsey Graham (R–S.C.) has a plan to make social media and online messaging platforms do the federal government's bidding. He thinks the feds should withhold those platforms' protection from lawsuits if they don't demolish their own encryption.

It's cynical fearmongering all the way down with the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act. The as-yet-unintroduced bill (which Bloomberg reports is a bipartisan measure) would create a government commission to decide what should be the "best practices regarding the prevention of online child exploitation conduct." The attorney general would then review and modify these practices as he or she sees fit.

A year after these practices are determined, online services will have to certify that they are following them if they want to claim protection under Section 230 of the Communications Decency Act, the rule that generally protects them from liability for content posted by their users.

In other words: If the commission tells a tech company to do something (or not do something) and vaguely ties those orders to fighting child porn or child sex trafficking, any company that refuses will become legally liable for every stupid thing its users post on their platform or in their messages.

This is clearly an attempt to make platforms insert so-called "back doors" into the encryption mechanisms that protect our data. This will facilitate further secret surveillance of the citizenry—not just by the American government but by any other governments or independent hackers—for purposes that have nothing to do with stopping child pornography.

Indeed, everything related to transmitting images of child sexual abuse online is already against federal law. And online service providers are already required to pass along any information they have about such crimes to the feds; if they do, they're protected from legal liability for having the messages. That process is handled under a separate part of federal law, not Section 230. The purpose of Section 230 is to protect online speech by stopping a parade of lawsuits from people and corporations trying to stifle critical comments.

"People are angry about Section 230, so the [Department of Justice] is seizing upon that anger as its opening to attack encryption," writes Rianna Pfefferkorn of Stanford's Center for Internet and Society. "I've been saying since 2017 that federal law enforcement agencies would take advantage of anti-Big Tech sentiment to get their way on encryption. Now the techlash is strong enough that they're finally making their move."

In short, Graham's law would intimidate platforms into compromising your data protection in order to comply with anti-encryption demands. This wouldn't do anything to actually fight the transmission of child porn, because Section 230 doesn't protect sites that host or transmit child porn anyway. And the people who do transmit child porn are "highly adaptable to shifts in law enforcement strategy," in Pfefferkorn's words, so they'll migrate to dark web sites where "they'll be much harder to track down" than "when they're using their Facebook accounts."