*sigh* this again..
Thank you for writing to me to share your concerns about law enforcement access to encrypted communications. i appreciate the time you took to write, and i welcome the opportunity to respond.
i understand you are opposed to the “Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act of 2020” (S. 3398), which i introduced with Senators Lindsey Graham (R-SC), Richard Blumenthal (D-CT), and Josh Hawley (R-MO) on March 5, 2020. You may be interested to know that the Senate Judiciary Committee—of which i am Ranking Member—held a hearing on the “EARN IT Act” on March 11, 2020. If you would like to watch the full hearing or read the testimonies given by the hearing witnesses, i encourage you to visit the following website: https://sen.gov/53RV.
The “EARN IT Act” would establish a National Commission on Online Sexual Exploitation Prevention to recommend best practices for companies to identify and report child sexual abuse material. Companies that implement these, or substantially similar, best practices would not be liable for any child sexual abuse materials that may still be found on their platforms. Companies that fail to meet these requirements, or fail to take other reasonable measures, would lose their liability protection.
Child abuse is one of the most heinous crimes, which is why i was deeply disturbed by recent reporting by The New York Times about the nearly 70 million online photos and videos of child sexual abuse that were reported by technology companies last year. It is a federal crime to possesses, distribute, or produce pictures of sexually explicit conduct with minors, and technology companies are required to report and remove these images on their platforms. Media reports, however, make it clear that current federal enforcement measures are insufficient and that we must do more to protect children from sexual exploitation.
Please know that i believe we must strike an appropriate balance between personal privacy and public safety. It is helpful for me to hear your perspective on this issue, and i will be mindful of your opposition to the “EARN IT Act” as the Senate continues to debate proposals to address child sexual exploitation.
Once again, thank you for writing. Should you have any other questions or comments, please call my Washington, D.C. office at (202) 224-3841 or visit my website at feinstein.senate.gov. You can also follow me online at YouTube, Facebook and Twitter, and you can sign up for my email newsletter at feinstein.senate.gov/newsletter.
Thank you for your response.
While i don’t believe that anyone will ever stand up and be pro-child abuse, i caution that using that banner can often cover significant issues as well. i cite Ms Banker’s testimony at the hearing you attended. Perhaps you may have missed it.
One important decision that should be addressed by Congress in the first instance is any choice to limit or weaken encryption technology. While the bill does not identify “encryption” as a specific matter that the Commission must address, the Commission is not prevented from addressing it and the bill calls for the Commission to include a privacy, security, or cryptography expert. For these and other reasons, it is widely anticipated that the best practices that might emerge from the Commission would require that companies either weaken, or refrain from deploying, encryption protections for private communications. Limitations on the deployment or strength of encryption would impact a wide range of stakeholders and equities that are not represented on the Commission, as well as topics not within its scope.
Requiring companies to engineer vulnerabilities into their services would make us all less secure. Encryption technology stands between billions of internet users around the globe and innumerable threats—from attacks on sensitive infrastructure, including our highly automated financial systems, to attempts by repressive governments to censor dissent and violate human rights. Strong encryption is key to protecting our national interests because encryption technology is an essential proactive defense against bad actors.
Giving the government special access to user data—by building in security vulnerabilities or creating the ability to unlock encrypted communications—is impossible without generating opportunities that would be exploited by bad actors. The exponential growth of the internet both deepens and broadens the risks that would be caused by weakening encryption technology. As the internet becomes relevant to more areas of society and the global economy, our exposure to security vulnerabilities expands as well. Foreign and domestic entities have, for decades, targeted private data in hacks aimed at internet companies—a clear threat to our economic and national security. Strong encryption is our best tool for ensuring that the costs of cyberattacks, data breaches, and other types of exposure are low. And encryption can also be a smart strategy to decrease the incentive to engage in hacking. Encryption fundamentally protects the vital interests of our country and its citizens.
i feel i need to underscore this.
Criminals will continue to use effective encryption. Your bill will simply open the potential for innocent citizens, like yourself, your associates, and your families, to have personal information stolen or used against them.
You can either have effective secure encryption, or you don’t. You cannot have secure “back doors” because they WILL be discovered and used. There’s a saying in computer security: “Hackers have infinite time and resources”. i’ll also state that you cannot have an effective secure key escrow system.
i have a copy of the Washington Post article that shows the TSA master keys. These are now available for 3D printing by anyone. There’s also the famed 1620 key, which opens elevator control panels, job sites, and thousands of other locks in New York, and is available for $8. i’d also encourage you to read up about the DeCSS DVD decryption key, or how quickly even very sophisticated Anti-Piracy systems like Denuvo are cracked. Now imagine how big a target your finances and your secure email would be.
It’s a bit like putting up a bill against the practice of dropping puppies into wood-chippers that included installing cameras into every person’s home. Surely, you oppose puppy mulching, so a camera that watches you 24 hours a day, 7 days a week that may be accessed by authorized persons only. Surely, since you love puppies, you wouldn’t be opposed to it, nor would you be shocked if footage of your morning routine showed up on America’s Funniest Home Videos because the master password was written on a post-it that appeared on the Wichita evening news.
i understand how important keeping children safe is. i also understand how critical it is to keep everyone’s personal data safe, and how fragile that system is already. Please don’t make it any more fragile.