If Sen. Lindsey Graham gets his way, the federal government will launch another attack on online privacy. The South Carolina Republican will ask lawmakers to give Attorney General William Barr and the Department of Justice unchecked access to all of your messaging, file-sharing, and video-sharing tools. That is bad news for just about everyone and a nightmare for those who value digital privacy.
At first glance, Graham’s bill seems innocent enough. After all, it’s called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which seems, on the surface, like a perfectly agreeable proposition. It would assemble a commission to “develop recommended best practices for providers of interactive computer services regarding the prevention of online child exploitation conduct.”
Doesn’t everyone want children to be protected? Well, not so fast. The commission’s “recommendations” would then go to the attorney general, who can approve or disapprove what are essentially new regulations. This means unelected officials would be granted vast power to regulate technology and invade our privacy.
It doesn’t stop there.
These days, most anti-tech legislation targets Section 230 of the Communications Decency Act, and this bill is no different. The law would take away Section 230 protections from any internet service that doesn’t comply with the new commission’s “recommendations,” which is what makes them de facto regulations. Without Section 230 protections, it would be impossible to operate services used by millions every day, such as WhatsApp and iMessage.
Graham’s bill undermines Section 230, the law that created the free internet as we know it.
In short, it generally protects platforms from being held liable for third-party content. For instance, if a user creates a comment or post with illegal content on a site, that platform won’t be held responsible. Before Section 230, that was a serious risk for platforms, but, after the law’s passage in 1996, websites were empowered to experiment and innovate. And this simple protection created safe spaces for many movements to flourish online, from revolutions against tyrants in foreign countries to viral social movements here in the United States.
But under Graham’s bill, companies that fail to comply with the “best practices” created by the proposed commission would be punished for any “child abuse and exploitation-related material” posted by third parties. Of course, what that means exactly is so vague that it would merely be a standard ripe for government abuse.
Worse, even without using the word “encryption” once, the bill would effectively mean the end of end-to-end encryption.
That’s a treat for law enforcement, including Barr, but it’s a frightening prospect for everyone else. End-to-end encryption protects users’ private conversations and data from outside sources on digital services, such as WhatsApp messaging, as well as any password-protected data on your iPhone. With end-to-end encryption in place, no one can gain access to that information, aside from the parties involved.
Law enforcement agencies claim that they need companies to create a special “backdoor” for them to have access to all of our data to investigate crimes. They’ve been trying for years to force companies to seriously alter their products to that end. But that’s strange, considering they already have tools to jailbreak into these encrypted systems from the outside. Why, then, is the Department of Justice leading the crusade to make everyone around the world less protected?
If such a backdoor existed, so many things would go wrong. The U.S. government would have access to it, but it’s likely other governments would, too, such as China and Russia. These nations are already known for their espionage on a global scale, so they’d be the first in line to exploit that backdoor.
Not only that, we’d immediately lose the protection from both foreign and domestic commercial cyberattacks that encryption currently provides. Worst of all, in the undoubtedly well-intentioned effort to make children safer online, Barr would make them and many others even more vulnerable. Forcing companies to create unsafe digital systems gives a road map for predators and abusers to prey on the most defenseless members of society.
If Graham really wants to help law enforcement fight child exploitation, he’ll give them more resources and training. Section 230 isn’t the villain here, anyway. It certainly doesn’t protect websites that violate federal criminal law, even for the crimes Graham is claiming to target.
So what’s the point?
It seems the point is simply to give unchecked power to the attorney general and allow the federal government to impose other de facto mandates that could never get through Congress as stand-alone legislation. Hopefully, Congress wakes up and recognizes this bill for what it is: a horrible ruse with horrible consequences.
Ashkhen Kazaryan (@Ashkhen) is a Young Voices contributor and director of civil liberties at TechFreedom, where she manages and develops policy projects on free speech, content moderation, surveillance reform, and the intersection of constitutional rights and technology.
