(by Jason Kelley | Electronic Frontier Foundation) – Last year, Apple announced a controversial plan to install photo scanning software in every device. Apple has long been seen as a pro-privacy company—billboards emblazoned with the slogan “What happens on your iPhone, stays on your iPhone” were common sights in 2019. A global coalition pushed back, and the company paused the plan.
Now, Congress wants to force Apple’s hand—along with essentially every company that allows users to store or share messages or content—and essentially mandate such scanning.
While Apple’s plan would have put the privacy and security of its users at risk, the EARN IT Act compromises security and free speech for everyone. The bill would create serious legal risk for business that hosts content—messages, photos stored in the cloud, online backups—and, potentially, even cloud-hosting sites like those using Amazon Web Services, unless they use government-approved scanning tools.
The bill’s proponents claim that this isn’t a problem for any service as long as it is scanning files, and then reporting Child Sexual Abuse Material (CSAM) to law enforcement. Internet companies are already required to report suspected CSAM if they come across it, and they report on a massive scale that comes with a lot of mistakes. Facebook is often held up as a positive example by lawmakers, but while new scanning techniques there have produced many millions of reports, many of them are apparently inaccurate. Federal law enforcement has frequently (mis)used the massive number of reports to suggest there has been a huge uptick in CSAM images. They won’t stop there.
Nor will the demands stop at the U.S. border. Once U.S. law enforcement agencies are accustomed to getting a constant stream of reports back from nearly every company hosting or sending content online, other democracies—and then authoritarian regimes—will demand the same tools, and use them to root out dissent. The rules envisioned by EARN IT sponsors don’t leave room for any company, small or large, to use uncompromised encryption and protect user privacy.
The bill would also create an unelected federal “commission” headed by the Attorney General and the Secretary of Homeland Security, and dominated by law enforcement personnel. . This commission would be responsible for setting best practices for tech companies to follow. It’s very likely some states will use that as a basis to create laws enforcing scanning and reporting, upon pain of criminal prosecution and costly civil litigation. Because online companies operate in every state, they’ll be required to follow whichever state law is harshest.
Apples and Oranges (and Amazon)
In fact, the lawmakers behind this bill have already made the plan clear: in a “Myths and Facts” document about the bill, lawmakers take aim at Amazon, of all companies, for its limited reporting of CSAM:
According to NCMEC’s 2020 statistics on reports of the online exploitation of children, while Facebook issued over 20 million reports that year, in contrast Amazon (which hosts a significant percentage of global commerce and web infrastructure) reported 2,235 cases.
As Techdirt’s Mike Masnick put it, that’s because Amazon and Facebook are in completely different businesses. Facebook’s larger number of reports is consistent with its business model of sharing content between users. Meanwhile, Amazon is in the entirely separate web hosting business. Apple, which is also not in the social media business, will no doubt also be in lawmakers’ crosshairs. Read Full Article >