Burn the EARN IT Act

I want to talk about malignant incompetence on the part of our elected officials, and this isn’t even about the pandemic. Rather, it’s about the spectacularly misguided, counterproductive, expensive, and overbearing approach to end-to-end encryption by the USA along with Australia, Canada, the UK, and New Zealand — the so-called “Five Eyes.”

Consider the TSA Lock program. (Bear with me; this is important.) It’s an initiative to ensure all luggage locks can be opened by universal keys, held by the TSA and other aviation security agencies, so that any luggage can be searched at any time. The cited purpose is to prevent terrorism, which of course we all want. Unfortunately, the TSA master keys have been publicly leaked, such that anyone could make copies. Furthermore, TSA agents are numerous, fallible, and prone to misusing their authority.

Still, preventing terrorism is a good thing which we all want, right? Some people may feel that TSA Locks are an unacceptable intrusion into personal liberties, but a majority seem basically OK with them. They’re a trade-off between public security and personal privacy which we have collectively more-or-less agreed on.

Suppose, however, that the situation was tweaked slightly. Suppose that anyone who really wanted to could, at the cost of some slight inconvenience, instead use invulnerable luggage, proof against keys, scans, and external access of any kind, all for free … and airlines were required to convey that luggage anyhow. Call it the “TSA Locks Except For People Willing To Take An Extra Half Hour To Pack” program.

Suddenly that whole program sounds completely insane, doesn’t it? Suddenly this isn’t a trade-off at all. Clearly people with anything to hide, such as terrorists, drug smugglers, etc., would immediately switch to using the invulnerable luggage, and the rest of the TSA Lock mandate would become a gratuitous invasion of personal privacy.

Suddenly the program’s chief impact would be the imposition of significant and unnecessary risks, such as leaked master keys, rogue TSA agents, and misuse by tyrannical governments, on the entire flying public who don’t go to the inconvenience of using invulnerable luggage. Suddenly the program brings no benefit whatsoever. Suddenly it is a poster child for malevolent government overreach, negligence, and authoritarianism.

Well, “TSA Locks Except For People Willing To Take An Extra Half Hour To Pack” is, I am appalled to report, a perfect and exact metaphor for what the Five Eyes want to do with end-to-end encryption. They want a ‘golden key‘ back door — aka a TSA Lock — for all messages sent over messaging systems like WhatsApp, Facebook Messenger, iMessage, etc., despite the inescapable fact that unbreakable encryption — aka invulnerable luggage — has long been widely available, open-source, and free to all.

Even if you wanted to put that genie back in the bottle (and you really shouldn’t, as it has granted us many wishes which protect us all) it is far too late now. Even if you wanted to prevent messages with strong encryption from being transferred (which you really really shouldn’t) you couldn’t; there are too many ways to disguise them as other messages, e.g. encode them in images. Invulnerable luggage is a fact of life, and has been for decades.

And yet governments keep trying to legislate it out of existence, with legislation that will only harm people who use the metaphorical TSA locks, courtesy of leaked keys, rogue government workers, and authoritarian governments everywhere. The latest attempt is the EARN IT act, introduced Thursday by a bipartisan coalition. Here is a summary of its most grievous flaws, by Riana Pfefferkorn, he Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, who previously described the bill as “how to ban end-to-end encryption without actually banning it.”

The cited intent of the bill is to fight “child sexual abuse material,” or CSAM. Which of course is a most laudable goal, which we all desire. Just like the goal of preventing terrorist attacks on airplanes. But as with the TSA Locks metaphor, this will simply drive awful people to use their own encryption — their own invulnerable luggage — while giving authoritarian governments, people with leaked keys, and rogue agents access to potentially trillions of previously secure private messages worldwide. It is a catastrophically dumb idea crafted by people who don’t understand what they’re doing. Let’s hope, just as with the pandemic, there’s still time enough to convince them of the reality.