A new bill wants to punish web sites and apps that use end-to-end encryption.

The new law could remove the protections of Section 230 of the Communications Decency Act from certain apps and companies, so they could be held responsible for user-uploaded content.

Objectives of this new bill

Senator Lindsey Graham is the promoter of the new bill called, for the moment, “Eliminating Abusive and Rampant Neglect of Interactive Technologies” (EARN IT).

“The purpose of the Commission is to develop recommended best practices for providers of inter19 active computer services regarding the prevention of online child exploitation conduct.”

With it, a National Commission on Online Child Exploitation Prevention would be created – whose main objective would be to draft rules that allow authorities to locate and eliminate this illegal content.

The bill would also imply amending Section 230 of the Communications Decency Act.

This amendment would allow companies to be sued if they do not comply with the rules for detecting child abuse by the authorities.

Although the law is still in a discussion stage, and therefore it is not known what the measures the commission would take to detect illegal content, there is a possibility that its main objective is to eliminate the controversial end-to-end encryption that has been implemented in many messaging applications.

Decreasing user privacy

End-to-end encryption is a way to encrypt data so that no one outside a conversation can see the messages that are sent.

Previously, this privacy protection measure has been criticized by the government for allegedly hindering the work of investigative bodies when it comes to tracking criminals – but removing end-to-end encryption means that bad actors could potentially gain access to personal data.

In the past, attempts have been made to force companies to include a backdoor to decrypt private conversations, but there has never been the legal justification for this.

Mike Masnick, Techdirt’s founder, said this new law will only allow for a new set of rules that will create a broader framework for the elimination of websites and apps.

Masnick also says there is no need for this commission, as Section 230 already does not protect companies against federal crimes, so they can be investigated if necessary:

“Section 230 has never shielded operators of websites and Internet services from federal criminal prosecution for CSAM. But the Graham bill would create broad new legal risks by lowering the (actual) knowledge requirement from “knowingly” to “recklessly” (which would include an after-the-fact assessment of what the company “should have known”) and amending Section 230 to authorize both criminal prosecution and civil suits under state law. For the first time, operators could be sued by plaintiff’s lawyers in class-action suits for “reckless” decisions in designing or operating their sites/services.”

The Stanford Law School’s Center for Internet and Society has also expressed that this law would allow the Attorney General to modify the rules at his convenience.

However, there is a possibility that this bill will not progress since Section 230 will be discussed next month to analyze whether it needs to be updated.