If EARN IT Passes, What Happens On Your iPhone Won’t Stay On Your iPhone

avatar
(Edited)

By Jason Kelley

Last year, Apple announced a controversial plan to install photo scanning software in every device. Apple has long been seen as a pro-privacy companybillboards emblazoned with the slogan “What happens on your iPhone, stays on your iPhone” were common sights in 2019. A global coalition pushed back, and the company paused the plan.

Now, Congress wants to force Apple’s hand—along with essentially every company that allows users to store or share messages or content—and essentially mandate such scanning.

While Apple’s plan would have put the privacy and security of its users at risk, the EARN IT Act compromises security and free speech for everyone. The bill would create serious legal risk for business that hosts content—messages, photos stored in the cloud, online backups—and, potentially, even cloud-hosting sites like those using Amazon Web Services, unless they use government-approved scanning tools.

TAKE ACTION

TELL CONGRESS TO REJECT THE EARN IT ACT

The bill’s proponents claim that this isn’t a problem for any service as long as it is scanning files, and then reporting Child Sexual Abuse Material (CSAM) to law enforcement. Internet companies are already required to report suspected CSAM if they come across it, and they report on a massive scale that comes with a lot of mistakes. Facebook is often held up as a positive example by lawmakers, but while new scanning techniques there have produced many millions of reports, many of them are apparently inaccurate. Federal law enforcement has frequently (mis)used the massive number of reports to suggest there has been a huge uptick in CSAM images. They won’t stop there.

Nor will the demands stop at the U.S. border. Once U.S. law enforcement agencies are accustomed to getting a constant stream of reports back from nearly every company hosting or sending content online, other democracies—and then authoritarian regimes—will demand the same tools, and use them to root out dissent. The rules envisioned by EARN IT sponsors don’t leave room for any company, small or large, to use uncompromised encryption and protect user privacy.

The bill would also create an unelected federal “commission” headed by the Attorney General and the Secretary of Homeland Security, and dominated by law enforcement personnel. . This commission would be responsible for setting best practices for tech companies to follow. It’s very likely some states will use that as a basis to create laws enforcing scanning and reporting, upon pain of criminal prosecution and costly civil litigation. Because online companies operate in every state, they’ll be required to follow whichever state law is harshest.

Apples and Oranges (and Amazon)


In fact, the lawmakers behind this bill have already made the plan clear: in a “Myths and Facts” document about the bill, lawmakers take aim at Amazon, of all companies, for its limited reporting of CSAM:

According to NCMEC’s 2020 statistics on reports of the online exploitation of children, while Facebook issued over 20 million reports that year, in contrast Amazon (which hosts a significant percentage of global commerce and web infrastructure) reported 2,235 cases.

As Techdirt’s Mike Masnick put it, that’s because Amazon and Facebook are in completely different businesses. Facebook’s larger number of reports is consistent with its business model of sharing content between users. Meanwhile, Amazon is in the entirely separate web hosting business, Apple, which is also not in the social media business, will no doubt also be in lawmakers’ crosshairs.

In a 2019 Senate Judiciary Committee hearing on encryption, Senator Graham—a coauthor of the EARN IT Act—told representatives from Apple and Facebook that encryption was not going to block them from access: “​​You’re going to find a way to do this or we’re going to go do it for you.” Former Attorney General Bill Barr, who would have headed the commission under the previous administration, specifically clashed with Apple on its encryption and noted he was searching for a legislative solution to allow investigators access to encrypted materials. The EARN IT Act, originally introduced when Barr was still Attorney General, is just that.

EARN IT doesn’t specifically attack encryption, but that’s because it doesn’t have to. Instead, it allows encryption to be used as evidence against a company in order to find it liable for hosting CSAM.

The end result is clear: state laws will make companies liable if they don’t scan and report user content for CSAM, which they can’t do unless they break encryption. Apple will likely fold, as will many other companies, in order to protect themselves. EARN IT would thus coerce sites, platforms, and services to do this sort of scanning, not just on messages, but on practically all online content, encrypted or not. Companies that handle online content would have to weigh the benefit to their users of securely encrypting their content against the legal risk of doing so, and encryption becomes a much harder ask when it might put a company’s bottom line at risk.

All of the concerns around Apple’s device scanning are magnified in the EARN It Act. Signal—one of the best examples of secure, private, end-to-end encrypted messaging—stated in 2020 that they may not be able to operate in the U.S. if EARN IT becomes law. But end-to-end encryption isn’t just for messages—it secures much of the internet, keeping you and what you do online private and safe. You can’t have a secure internet where all its content is also screened, because you can’t have end-to-end encryption alongside mass scanning requirements. This isn’t just an attack on encryption—it’s an attack on the fundamental security of the internet. As experts have said before, this sort of scanning is in direct conflict with privacy and security.

TAKE ACTION

TELL CONGRESS TO REJECT THE EARN IT ACT

If EARN IT becomes law, what happens on your iPhone won’t stay on your iPhone. It will be scanned by a government-approved tool like everything posted on Facebook. And what happens on your website, in your cloud backups, behind your DMs, and pretty much everywhere else online—will be right behind it.

Source: EFF.org

Jason Kelley is a Digital and Campaign Strategist on EFF’s Activism Team. Before joining EFF, Jason managed marketing strategy and content for a software company that helps non-programmers learn to code, and advertising and marketing analytics for a student loan startup. Jason received his BA in English and Philosophy from Kent State University and an M.F.A. in creative writing from The University of the South. He tries daily to apply advice from his professor Sam Pickering, the inspiration for Robin Williams’ character in Dead Poets Society: “Take out the extra words. Make it go quicker.”

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.



0
0
0.000
4 comments
avatar

So while Joe Biden pinches little girls nipples in the White House, Hunter smokes crack, Kamala hands out free crack pipes to blacks, we get surveilled for illegal pixels.

It's never been more apparent that it is necessary to take these criminals down.

Thanks!

0
0
0.000
avatar

Amen. But "they" make is seem impossible due to the size and breadth of the situation at hand. Really, we just need to clean up house in our neck-of-the-woods. Start with your local sheriff. Are they on your side of the law, or are they bought-and-paid for by the oligarchy? We need more eyes on what is being done in our local legislature with OUR MONEY. No new taxes, just remove as many of the psychopaths as possible.

0
0
0.000
avatar

Huawei not shipping Google software on their devices seems more like a privacy feature at this point.

0
0
0.000
avatar
(Edited)

No "smart" phone for me. These heavy-handed Big Brother-type moves are getting more and more outrageous by the day. And where I live they have the "Real ID" for your driver's license. You have to let them scan an "official" birth certificate (or valid passport), marriage license if you changed your birth name, social security card, and proof of address. All that will be scanned probably on "the cloud." THEN they want to biometrically scan your face.

NOPE. Not for me. So I cannot fly in an airplane. Flying is over-rated. They make the experience so unpleasant that I don't see how anyone except the rich would want to fly. (And then there is the issue with the injected pilots having a health crisis in the sky.)

Luckily, I can opt to get a "Not for Federal ID" credential. If enough people do not bow down to these new global requirements, we might have a chance. What with everyone just seemingly accepting the narrative....well we shall see. All those dystopian novels I read in high school seem to forewarn that the direction we are headed isn't a good one. So why aren't we resisting this technology with even the smart phones?

0
0
0.000