EARN IT Legislation Threatens Long-Term Internet Security and Resiliency

The Senate Judiciary Committee soon plans to mark up the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (“EARN IT Act”). This bill, drafted by Judiciary Chairman Lindsey Graham (R-S.C.) and Sen. Richard Blumenthal (D-Conn.), raises grave concerns for long-term internet resilience and safety. By seeking to bring this bill to a vote without the benefit of additional hearings on its implications for cybersecurity in the age of a global pandemic, Chairman Graham and Sen. Blumenthal are proceeding as if our nation has returned to business as usual. Yet, the world has changed, and the EARN IT Act could make all online users far more vulnerable to cybersecurity risks without making children safer online.

When the bill was first introduced on March 5, 2020, our association of internet infrastructure providers issued a statement that while we share the bill’s goal of combating child endangerment and exploitation online, we were deeply concerned about the technological limitations that the EARN IT Act could place on our ability to maintain the safest and most resilient internet. The i2Coaltion asked Congress to recognize the flaws in the EARN IT Act and work with us to build better ways to fight child abuse and endangerment online without potentially compromising the use of the strongest encryption tools available.

Just six days later, on March 11, the World Health Organization announced that the COVID-19 outbreak can be characterized as a pandemic, and on March 13 President Donald Trump officially declared a national emergency. Huge swaths of the economy and society began an unprecedented, historic transition to online operations as nearly every state in the United States started imposing stay-at-home orders and other social distancing measures to stop the spread of the coronavirus.

The COVID-19 pandemic has sparked renewed recognition of the critical role of the internet in our daily lives and has revitalized appreciation for the brilliance of its design. The internet has provided an economic and social lifeline to many millions of citizens coping with this crisis. Its security and resilience now and in future crises depend on strong, uncompromised encryption.

Viewing EARN IT’s government-mandated “best practices” framework through a COVID-19 lens, our concerns have only intensified. The internet is working well through this pandemic because of a complex network of companies and people collaborating globally, working flexibly and quickly to drive its functions and manage unprecedented traffic loads and other challenges. Strong encryption creates security for this sophisticated ecosystem of networks, technology, code, and backup systems. The modern digital economy is supported by the trust consumers put in the array of internet services that reside on these networks and information systems. Encryption continuously builds that trust by protecting customers’ data, including their credit cards, property data, and more. This foundation — more crucial than ever during this pandemic — would collapse if users of internet infrastructure services lost trust in the security and privacy of their data.

By implementing a de-facto ban on the use of the strongest encryption technology available, the EARN IT Act would make users less secure on the internet. Most users’ online habits will have changed permanently as a result of the pandemic. The COVID-19 pandemic is fast-tracking digital transformation in companies, and it seems obvious that this advancing digitization will be key to our economic recovery. Accordingly, now is clearly not the time to weaken security online. The EARN IT Act was drafted well before the country was gripped by COVID-19. If Congress is not careful, it could be the bill that weakens online security to the point where the next major virus that hits the United States economy is a digital one.

Simply put, the EARN IT Act should not move forward. It is not the most effective way to fight abuse and endangerment of children online, and its open-ended framework for government regulatory mandates threatens long-term internet security and resilience. Congress must not advance legislation that could break strong encryption, our most vital tool for keeping people safe online during this crisis and others that may arise in the future.


Christian Dawson is the Executive Director of the i2Coalition, a Washington, D.C.-based trade association made up of the companies that build the internet’s infrastructure.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult