Whether you’re aware of it or not, you likely use encryption daily. Sending emails or text messages, using fitness trackers that communicate with apps on your phone, accessing an online banking portal and retrieving photos or files from cloud storage all take advantage of the security features of encryption. But there’s an ongoing debate about whether tech companies should be held legally responsible for de-encrypting devices seized by law enforcement.
On one hand, police and federal agencies say they need wide-reaching access to encrypted information to prosecute internet crime and other injustices1. On the other hand, some advocates argue that the blanket coverage bills passed enabling law enforcement access to encrypted material violate the First and Fourth amendments2. Is the government overreaching? Are First Amendment advocates overreacting? Let’s take a closer look at the issue of encryption and law enforcement.
What is Encryption and How Does it Work?
Norton, a company that develops computer security products, explains that encryption is the process of taking plain text, like a text message or email, and “scrambling it into an unreadable format.” The unreadable format, called ciphertext, keeps the content of the message confidential as it's transmitted through a network like the internet. Once the message is accessed by the recipient, it’s decrypted, translated back into its original form with an encryption key. Encryption keys are collections of algorithms responsible for scrambling and unscrambling the data.3
The Law Enforcement Argument for Access to Encrypted Information
While the encryption capabilities of our services and devices were created to protect us and our data, some law enforcement agencies and political leaders believe that encryption gets in the way of public safety. The United States Department of Justice (DOJ) argues, “because of warrant-proof encryption, the government often cannot obtain the electronic evidence and intelligence necessary to investigate and prosecute threats to public safety and national security, even with a warrant or court order. This provides a “lawless space” that criminals, terrorists, and other bad actors can exploit for their nefarious ends.”1
In an article on the DOJ’s website, the Office of Legal Policy likens access to encrypted information to search warrants granted with probable cause for access to private locations. The Department explains, “End-to-end encryption leaves the service provider unable to produce readable content in response to wiretap orders and search warrants, thus making the content “warrant-proof.” In other words, the targets of the investigation control whether or not their communications are subject to lawful surveillance.”
The Office of Legal Policy goes on to argue, “The use of widespread and increasingly sophisticated encryption technologies significantly impairs, or entirely prevents, many serious criminal and national security investigations, including those involving violent crime, drug trafficking, child exploitation, cybercrime, and domestic and international terrorism.”1
The EARN IT Act and its Implications
Because many of the primary cases used to argue the need for access to encrypted material revolve around human trafficking and child sexual abuse and endangerment, many of the bills that have since been enacted also focus on these issues.
The bill at the center of many of these arguments is the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (EARN IT Act of 2020). EARN IT focuses specifically on Section 230 of the Communications Decency Act, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Essentially, Section 230 enforces the common-sense principle that if someone says something illegal online, they should be the one held responsible, not the website or platform where the illegal thing was said (with some exceptions).4
Under EARN IT, companies would have to "earn" the protection by showing that they are following recommendations for combating child sexual exploitation laid out by a 16-person commission.5 If a company doesn’t follow the recommendations (also referred to as best practices) from the commission, they would lose protections that defend them from being liable for user-generated content.
The EARN IT Act and the First Amendment
Using their “best practice” recommendations, the government could regulate how online service providers operate their platforms and manage user-generated content. As the Electronic Frontier Foundation explains, “Just as Congress cannot pass a law demanding news media cover specific stories or present the news a certain way, it similarly cannot direct how and whether online platforms host user-generated content.” The EARN IT act and its overwriting on Section 230 potentially gives the government this power, which would be in violation of the First Amendment.
The EARN IT Act and the Fourth Amendment
This is where the issue of encryption comes into play. The Fourth Amendment protects people from searches and seizures by the government deemed unreasonable under the law.6 An internet company following “best practices” might include proactively scanning and decrypting user content, searching for illegal content such as child sexual abuse material. While this could unearth some criminal activity, it would also violate the rights of all innocent users. Plus, it would essentially turn these companies into government agents, which would subject them to also following the Fourth Amendment. Online companies unwilling to search on behalf of the government, thereby not participating in the “best practices,” could essentially be held in contempt of the law. The EARN IT Act doesn’t explicitly mention encryption, but the proposals within it threaten the possibility of unlawful decryption.
Should Law Enforcement Have Access to Encrypted Information?
As you look into the EARN IT Act of 2020, it’s clear that the law and its implications are complex. Of course we want to protect children and prosecute those who harm them. However, many would argue that the government and internet companies should otherwise work together to combat criminal activity.
Eager to influence policy with reason and research?
The Kent State online Master of Arts in Criminology and Criminal Justice can help you attain the knowledge to influence informed policy decisions rooted in humane treatment and reason. Our core curriculum will enable you to demonstrate a practical understanding of criminological theory, appreciate the use of scientific method in the study of crime and pose and answer questions connected to crime policy.
Complete the online degree in as few as 24 months, entirely online and choose a concentration in Global Security, Policing or Victimology to hone your skills to suit your ideal career path. For more information connect with an Admissions Advisor. If you’re ready to embark on your criminal justice career, apply now.
- Retrieved on October 7, 2021, from justice.gov/olp/lawful-access
- Retrieved on October 7, 2021, from eff.org/deeplinks/2020/03/earn-it-act-violates-constitution
- Retrieved on October 7, 2021, from us.norton.com/internetsecurity-privacy-what-is-encryption.html
- Retrieved on October 7, 2021 from eff.org/deeplinks/2020/03/graham-blumenthal-bill-attack-online-speech-and-security
- Retrieved on October 7, 2021, from wired.com/story/earn-it-act-sneak-attack-on-encryption/
- Retrieved on October 7, 2021 from uscourts.gov/about-federal-courts/educational-resources/about-educational-outreach/activity-resources/what-does-0