Protecting Encryption And Privacy In The US: 2023 Year in Review

EFF believes you have the right to have a private conversation–in the physical world, and in the digital world. The best technology to protect that right is end-to-end encryption. 

Governments around the world are working hard to monitor online conversations, far beyond the bounds of traditional targeted law enforcement. 2023 has been a year of unprecedented threats to encryption and privacy. 

In the US, three Senate bills were introduced that, in our view, would discourage, weaken, or create backdoors into encryption technology. With your help, we’ve stopped all three from moving forward–and we’ll continue to do so in the year to come. 

EARN IT, S. 1207

Simply put, EARN IT allows providers of secure communications services to be sued or prosecuted. The excuse for EARN IT is to combat online child abuse. EARN IT would allow state attorneys general to regulate the internet, as long as the stated purpose for their regulation is to protect kids from online exploitation.  

There’s no doubt that the purpose of this bill is to scan user messages, photos, and files. In a Q&A document published last year, the bill sponsors even suggested specific software that could be used to monitor users. If you offer your users encrypted services, the bill specifically allows the fact that you offered encryption to constitute evidence against you in court. 

Constantly scanning every internet user is not a reasonable technique for investigating crimes. What’s more, evidence continues to mount that the scanning software used to detect child abuse does not work and creates false accusations. If EARN IT passes, it will push companies to either stop using encryption services or even create a dangerous backdoor to encryption that would weaken privacy and security for everyone. 

We were disappointed that EARN IT passed through a committee vote, although heartened that more senators expressed concerns with the bill’s effects. EARN IT has not seen a vote on the Senate floor, and we’re continuing to express our strong opposition, together with other groups that are concerned about human rights and privacy. 

STOP CSAM, S. 1199

Possessing or distributing child abuse images is a serious crime. Anyone who has actual knowledge of such images on a service they control is required to notify the National Center for Missing and Exploited Children (a government entity), which then forwards reports to law enforcement agencies. 

That’s why we were surprised and disappointed to see some Senators introduced a bill that falsely suggests this existing law-enforcement framework would work better with the addition of mass surveillance. 

The STOP CSAM bill, introduced in April, would create new crimes, allowing those who “knowingly promote or facilitate” the exploitation of children to be prosecuted, based on the very low legal standard of negligence. This is the same legal standard that applies to car accidents and other situations where the defendant did not intend to cause harm. 

At first glance, it may sound good to fight those who “promote” or “facilitate” these crimes, but the bill’s broad terms will likely reach passive conduct like, you guessed it, simply providing an encrypted app. 

STOP CSAM is one more attempt to criminalize and demonize anyone who uses encryption to communicate online. That’s why we’ve opposed it throughout the year. This bill passed out of the Senate Judiciary Committee, but has not received a vote on the Senate floor. 

Cooper Davis, S. 1080

This bill is a misguided attempt to deal with the nation’s fentanyl crisis by turning your smartphone into a DEA informant.  It threatens communications service providers with huge fines if they don’t report to the DEA suspected drug sales on their platforms. 

Faced with massive pot