The United States took big strides to protect the Internet this year, but there are some disastrous missteps it must avoid to close 2022 without shredding the foundation of an open, globally connected, secure and trustworthy Internet for people, businesses, and countries worldwide.
The Declaration for the Future of the Internet was a rally cry garnering many countries pledging to protect the Internet from threats that could lead to our worse case scenario: a splinternet. And U.S. sanction exemptions helped protect the Internet by ensuring companies can keep offering access options in places like Russia and Iran when they need it most. Now, Congress has an important duty to prevent dangerous bills like the EARN IT Act and others that undermine security and privacy from being enacted.
Wait—how does a bill aimed at curbing child sexual abuse material (CSAM) online threaten the Internet? To be clear, we all want to promote the safety of children online and protect them from the horrors of CSAM. The EARN IT Act, however, fails to achieve this goal by making people (including children), businesses—and the very infrastructure of the Internet—more at risk of harm online.
The Internet Society recently published an Internet impact brief showing how the EARN IT Act poses an existential threat to the Internet. The EARN IT Act is dangerous because it would prevent intermediaries—the pipes that facilitate the flow of information online—from using our strongest digital security tool to keep people and information secure and confidential: encryption.
Encryption is the foundation to security online. It secures the communications of kids, letting them talk to loved ones without unwanted interlopers getting access to sensitive location or health information. It also helps stop creeps from literally peering into their lives through the many cameras built into ‘smart’ children’s toys and devices. Protections like those in these cases, of course, are in addition to the ubiquitous role encryption plays to secure the lives of every day users both online and in real life.
The EARN IT Act threatens security, safety, and privacy of both people and the Internet’s infrastructure by coercing providers to eavesdrop and monitor content they carry on the Internet to avoid risk of liability related to CSAM. There are two problems with this. First, online intermediaries should not (and often cannot) surveil the communications of their users. Second, it’s impossible to monitor content without breaking or avoiding encryption altogether.
Undermining encryption won’t just hurt people and businesses in the U.S. that rely on security and privacy online. Some of the world’s leading tech companies are based in the U.S., which means weakening security at home will also do so in every other country these services are offered (and at the same time will harm the competitiveness of American services abroad). And in some countries, the security stakes are especially high for people like journalists and LGBTQ+ communities where physical safety is at greater risk of harm.
The stakes are also higher in the U.S. following the striking down of Roe v. Wade. Women and people who can get pregnant are at greater risk of prosecution for seeking information about reproductive options online. Hence, encryption is more important than ever to protect digital devices and ensure communications remain confidential.
With an increasing bipartisan interest to promote a federal approach to privacy in Congress, protecting the ability of people and businesses to use strong encryption is crucial to the equation. And as our recent Internet Impact Brief has shown, it is also crucial to protecting the type of Internet we all want.
And yet, too often decisionmakers are faced with big decisions—often with laudable goals—without understanding how they could be doing more harm than good to the Internet, and everyone that uses it. The Kids Online Safety Act, for example, is another bill that has critics squirming for its risks to privacy and security online.
That’s why the second thing Congress needs to do is establish a way to ensure Internet impact assessments are conducted before voting on laws that could impact both the Internet and users worldwide. Internet impact assessments are a critical due diligence measure that would put the U.S. on better footing to mitigate risks and make informed decisions on proposals that could impact such a critical resource and the billions of people and businesses that use it every day.
With the Internet at increasing risk of fragmentation, adopting the practice of Internet impact assessments is not just an option—it’s a must to protect the Internet we want today and tomorrow. The Internet Society has already got the methodology covered—and we’re eager to help decisionmakers put it to work to live up to their commitment to protect the open, globally connected, secure and trustworthy Internet.
Image credit: Tobias Tullius