Right now, multiple US Senators are pushing bills through Congress aimed at dismantling encryption and free speech online. The EARN IT Act and the Lawful Access to Encrypted Data Act are terrible, Orwellian bills designed to give the Federal Government the ability to break and bypass all encryption on the internet and scan every message and data transfer online. The bills may sound technical and esoteric – they’re designed to – but they undermine the basic concepts of secure internet communications that so many people rely on all the time without even knowing it. And they do so while remaining willfully ignorant of the techologies they seek to undermine and of the decades of guidance and dialog from technologists and encryption experts.

Below is is the letter I have sent to my Senators and Representative. I encourage you to contact your Senators and Representatives as well, asking them to reject these terrible bills. Even if you do not understand the technology side, trust me and the many others arguing that these bills will damage the future of our ability as a society – and a world – to safely and reliably communicate online without governments, hackers, and more looking over our every shoulder. The ramifications of these bills being passed will hurt our free speech and civil society for decades.

Following that letter is further commentary and links to additional resources from the Electronic Frontier Foundation, the leading nonprofit organization defending civil liberties in the digital world.

My Open Letter to Senators and Representatives in the US Congress

I submitted the below letter to my Senators and Representative on June 30, 2020.

Dear Senator/Representative,

I am contacting you to voice my FERVENT OPPOSITION to the EARN IT Act and its even more extreme counterpart, the LAWFUL ACCESS TO ENCRYPTED DATA (LAED) ACT. Both of these are an anathema to free speech, personal security, and quite frankly to national security as well. Please OPPOSE these acts and others like them.

My profession is cybersecurity and information technology risk. I understand and advise my clients on the value of high-quality data encryption for the safety of critical business information, financial transactions, and highly-sensitive personal information such as social security numbers and Protected Health Information (PHI). In these times of civil unrest, encrypted digital communication facilitates something even more important – the Constitutional rights of aggrieved citizens to free speech and assembly. The EARN IT and LAED Acts seek to undermine the foundations of this free speech and digital assembly on the internet.

These two bills in various ways argue that because criminals, child pornographers, and terrorists use digital encryption to hide their evil acts, our country’s law enforcement agencies should have the right and ability to break that encryption whenever they wish. This is a fallacious argument. Just because a tool can be used for evil does not make the tool evil, nor does it justify creating a permanent ability for law enforcement to view whenever and however that tool is used. Law enforcement can and will continue to capture and prosecute these malicious individuals even in the presence of strong encryption.

Furthermore, the argument of these bills fundamentally ignores the fact that the criminals and terrorists mentioned above – horrible as they are – are a tiny fraction of everyone who relies on functioning, uncompromised digital encryption on a daily basis. The internet economy – made up of all companies doing business on the internet, from Main Street to Wall Street – DEPENDS on the secure information exchange which encryption provides. International commerce depends on encryption. Finance depends on encryption. Local, state, and federal government agencies depend on encryption. Trustworthy management of critical infrastructure such as power grids, communications networks, water treatment facilities, dams, etc. etc., DEPENDS ON ENCRYPTION.

As has been repeatedly shown throughout history, and certainly throughout the modern history of digital communications, ANY WEAKNESS IN AN ENCRYPTION METHOD CAN AND WILL BE ABUSED BY BAD ACTORS. That is precisely what these bills demand – a weakening of modern encryption methods, supposedly for the sole use of the Justice Department, overseen by the Judiciary. But once the encryption is weakened or a backdoor is introduced, nobody can control who takes advantage of that weakness. The Justice Department and the legislators supporting these bills claim that the government will protect this special access. The evidence is firmly AGAINST them based on examples such as the Vault7 leaks, Snowden, Manning, the OMB breach, compromised State Department Secret cables, etc. etc.

Finally, these bills do drastically more harm than good to our National Security. Our international rivals and antagonists – especially Russia, China, Iran, and North Korea – would love for us to pass these bills and weaken the encryption protocols which secure free speech, private communication, commerce, and government in our country. It will only make their efforts to hack us and disrupt our democracy that much easier. Let’s not do them any favors.

I urge you, for the good of our nation, our citizenry, and our Constitutional rights, to STRONGLY OPPOSE the EARN IT ACT, the LAWFUL ACCESS TO ENCRYPTED DATA ACT, and any other legislation with similarly flawed aim.

Respectfully, Michael Owens

Additional Information from the Electronic Frontier Foundation

Excerpted from “The Senate’s New Anti-Encryption Bill Is Even Worse Than EARN IT, and That’s Saying Something”:

Right now, we rely on secure technologies like never before—to cope with the pandemic, to organize and march in the streets, and much more. Yet, now is the moment some members of the Senate Judiciary and Intelligence Committees have chosen to try to effectively outlaw encryption in those very technologies.

The new Lawful Access to Encrypted Data Act—introduced this week by Senators Graham, Blackburn, and Cotton—ignores expert consensus and public opinion, which is unfortunately par for the course. But the bill is actually even more out of touch with reality than many other recent anti-encryption bills. Since January, we’ve been fighting the EARN IT Act, a dangerous anti-speech and anti-security bill that would hand a government commission, led by the Attorney General, the power to determine “best practices” online. It’s easy to see how that bill would enable an attack on service providers who provide encrypted communications, because the commission would be headed by Attorney General William Barr, who’s made his opposition to encrypted communications crystal clear. …

The new bill doesn’t bother with commissions or best practices. Instead, it would give the Justice Department the ability to require that manufacturers of encrypted devices and operating systems, communications providers, and many others must have the ability to decrypt data upon request. In other words, a backdoor.

The bill is sweeping in scope. It gives the government the ability to demand these backdoors in connection with a wide range of surveillance orders in criminal and national security cases, including Section 215 of the Patriot Act, a surveillance law so controversial that Congress can’t agree whether it should be reauthorized.

Not only does the bill disregard the security of users, it allows the government to support its need for a backdoor with one-sided secret evidence, any time it feels a public court proceeding would harm national security or “enforcement of criminal law.” As we’ve seen, the government already attempts to stretch the limit of surveillance laws in secret to undermine the security of communications products. This bill would make that the norm. …

Read the EFF’s full commentary, “The Senate’s New Anti-Encryption Bill Is Even Worse Than EARN IT, and That’s Saying Something”, and their call-to-action, “Stop The EARN IT Bill Before It Breaks Encryption”.