‘Lawful Access to Encrypted Data Act’ Poses New Privacy Threat

LOS ANGELES—After the EARN IT Act, a bill supposedly targeted at online sex trafficking — but in reality designed to roll back internet free speech protections guaranteed by Section 230 of the 1996 Communications Decency Act — the United States Senate is taking up a new bill that wages an assault on internet privacy without even pretending to fight “sex trafficking.”

Introduced by Republican Lindsey Graham of South Carolina, and co-sponsored by two more GOP Senators — Tom Cotton of Arkansas and Marsha Blackburn of Tennessee — the “Lawful Access to Encrypted Data Act,” according to the Brookings Institute policy think tank, wages “no less than a nuclear assault on encryption in the United States, and, by extension, on security, privacy, and speech online.”

The law would require all end-to-end encryption, the communication security protocol found in such messaging services as WhatsApp, ProtonMail, Telegram, to include “back doors” allowing government and law enforcement authorities to eavesdrop on encrypted communications.  

But the purpose of encryption is to prevent governments, or anyone other than intended recipient, from accessing online communications. 

According to the App Association, a technology advocacy group, secured, private communication “is even more vital while millions remain quarantined and reliant on remote communication technologies.”

Encryption is especially important “for vulnerable communities, such as the protesters and activists involved in the Black Lives Matter fight for racial justice, who rely on encrypted communications to coordinate their activities and exercise their First Amendment rights,” according to an App Association statement on the LAED Act.

Sex worker advocacy groups such as the group Decriminalize Sex Work have already warned that by punching another hole in Section 230 protections, the EARN IT Act leaves sex workers open to increased surveillance and “conviction of sex workers for crimes unrelated to human trafficking. Surveillance and red flags would not be limited to sexual content that seems violent or abusive.” 

But coupled with EARN IT, the LAED Act poses “a serious threat to online security,” according to the Brookings Institute report. The EARN IT Act originally contained an anti-encryption provision, but that wording was removed to enable the bill to make it through the Senate Judiciary Committee earlier this month.

“The LAED Act doesn’t make the EARN IT Act OK. Both of these bills threaten core freedoms online, and moving an attack on encryption from one bill to another is not progress,” the Brookings report states. “The hard-line approach of the LAED Act is no reason to endorse the EARN IT Act, which could result in many of the same consequences as the LAED Act, if in a more roundabout way.”

The report also notes that the LAED Act’s ban on encryption applies “even more broadly” than the EARN IT Act provisions would have, targeting not simply “sex trafficking” online, but also “everything from websites and social media platforms, to apps, email, messaging and chat, videoconferencing and voice calling apps, cloud storage, operating systems, and any electronic device with at least 1 gigabyte of storage—a very low bar in 2020.”

The proposed law would apply to any service with at least 1 million users. ProtonMail has more than 5 million, while the extremely popular WhatsApp has reportedly topped 2 billion, including 68 million in the U.S. alone. 

Smaller services could still be ordered to include encryption “back doors” by the U.S. attorney general. That post is currently occupied by Willian Barr, who has been a staunch opponent of online end-to-end encryption.

Photo By Biljana Jovanovic / Pixabay