Real Solutions

Event Summary: EARN IT Act and Its Broader Implications for Encryption and Cybersecurity

May 7, 2020

issues: Cybersecurity, Cybersecurity Policy, Encryption

On Tuesday, April 28, the R Street Institute hosted a discussion between Michael Chertoff, former secretary of Homeland Security, and Jim Baker, former general counsel of the FBI and R Street director of National Security and Cybersecurity, to examine the proposed EARN IT Act and its broader implications for encryption, law enforcement and cybersecurity.

Before delving into the topic at hand, Baker asked for Chertoff’s thoughts on the impact COVID-19 is having on cybersecurity. Chertoff said, “Coronavirus has underscored the threats that come along with cybersecurity. There is a greater surface area for attacks in the midst of Coronavirus because everyone is online more.”

Baker asked, “How do you think about the threat landscape of cyber actors on the internet and digital ecosystem?” Chertoff replied, “Encryption provides an important tool to protect data when a network is vulnerable” and “serves as an obstacle to most bad actors.”

On the topic of encryption and law enforcement, Baker mentioned his own experience working the San Bernardino shooting case while at the FBI and the battle they had with Apple over encryption. The two discussed how encryption impacts law enforcement’s ability to do their job. Some have argued that there should be a “back door” in encryption for law enforcement to access people’s communications, data and information online. However, Chertoff posed the question, “Is it worth leaving people vulnerable to bad actors by creating a hole in encryption for law enforcement to break in?” In response, Baker said, “Digital surveillance is a tool for law enforcement, not the body of the case itself.”

Next, Baker and Chertoff dove into discussion of the EARN IT Act, which seeks to protect against child sexual exploitation online and interacts with Section 230. When considering whether or not tech companies should be creating back doors to catch predators online, Chertoff made the important point that most of this behavior happens on the dark web—not on familiar platforms like Facebook and Twitter.

He said he doesn’t want to see a commission, as the EARN IT Act suggests, making the argument that you have to build a back door that would weaken encryption. Chertoff argued that, “Companies want to do the right thing, but they face a serious challenge by being pushed to create a back door. Creating a back door defeats the purpose of encryption because it leaves an open door for criminals to break through their encryption. Creating a back door in encryption is like saying all people are required to have conversations inside because if you go outside we might miss something you say. That is unacceptable in a free society.”

Baker said that, “With respect to people engaged in activities related to child exploitation, their online behavior is meaningfully different from a normal person’s behavior. This can be found in the metadata alone.”

By the end of the conversation, the two agreed, as Chertoff articulated well, “If there is a solution that doesn’t require weakened encryption it’s a win-win.”

Event Description

Last month the Senate Committee on the Judiciary considered the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020, or the EARN IT Act, which would, among other things, compel technology providers to adhere to a set of yet-to-be developed guidelines by conditioning their Section 230 immunity on the adoption of the guidelines. Supporters argue that such guidelines are necessary to help law enforcement combat child sexual exploitation. Opponents point out that the bill would certainly be used to compel technology companies to provide “extraordinary access”—back doors—to allow law enforcement to gain access to encrypted technology devices and communications, a long-standing goal of many in the law enforcement community. As such, the bill is likely to serve as the latest chapter in the debate over the role of encryption, its impact on law enforcement and the broader implications for our collective cybersecurity and U.S. national security.

Please join the R Street Institute for a discussion with the Honorable Michael Chertoff, former secretary of Homeland Security, and the Honorable Jim Baker, former general counsel of the FBI, to examine the proposed EARN IT Act and its broader implications for encryption, law enforcement and cybersecurity.

To learn more:

The R Street Institute

The Chertoff Group

Image credit: Khakimullin Aleksandr