Op-Ed: EARN IT Act Could Seriously Degrade CleanTech Security

There’s a dangerous bill that could be headed for a vote in the US Senate: the EARN IT Act of 2022. Like previous version of this bill that didn’t become law, the EARN IT Act aims to fight child pornography online. Obviously, almost nobody supports child pornography, but the law goes far beyond fighting that. Instead, it demands that all online services scan everything for illegal content. While this may seem like a laudable goal on the surface, it would have a devastating effect on the security of our computers, including those that power clean technology.

The Threat

For the bill’s supporters, their first argument is that we care more about privacy than the victims of child pornography. While the problems with the “nothing to hide” argument are many, that’s almost entirely beside the point this time. Even if the law could be guaranteed to only ever apply to child pornography, it would still be problematic because it requires encryption backdoors, or ways for officials and/or social network operators to get around the encryption.

Truly secure communications aren’t readable by anybody but the sender and the recipient. Everyone in between only sees what looks like gibberish and random bits of data, while the person on the other end can decode and read the content of the messages. Sure, terrorists and child abusers can misuse encryption to hide their messages from law enforcement, but it’s not just about privacy in text, image and video messaging. In fact, messages are used all the time for important things that we don’t normally think of as being messages.

For example, there’s the SWIFT financial system that western governments are in the process of cutting Russia off of. While we like to think of money moving around the world electronically, it’s actually a bunch of secure messages between banks, detailing what money needs to be transferred to cover people’s international transactions. Nobody is suggesting that we install backdoors in SWIFT to prevent its misuse for transmitting child porn, not because it’s absolutely impossible, but because we abhor the idea of making financial transactions anything but the most secure.

What about vehicle telematics? It’s nice to be able to unlock your electric car with a phone and check its state of charge, but it all comes down to messages again. Your phone is sending messages to your car, and if anyone gets in between and figures out how to send fraudulent messages, they can gain control of your vehicle, monitor your location, and do many other awful things.

Of course, they’re not calling for government backdoors directly into the messages your phone and car send to each other, but they are asking for backdoors into other things like social media, web hosting companies, and basically anything else that can be misused for child pornography. When (not if, but when) hackers employed by cybercriminals, terrorists, and foreign governments find their way through these encryption backdoors, they’ll gain access to things like your e-mail, phone apps, and everything else.

Even if these backdoors don’t directly lead them into your Tesla’s computer or your mobile banking, other information they glean from your inboxes and social media feeds can be used to answer secret questions and otherwise hack into your other accounts that didn’t have backdoors. They could also be used to blackmail people who cheat on spouses (especially public officials), and even find the victims of child pornography who are trying to message for help.

The Promise of Decentralized Energy Could Be Lost To This

While the environmental benefits of putting solar and battery storage on our homes and businesses is fairly obvious, that’s just one of several important benefits. Just as important are the public safety benefits. Power outages, excess energy use that leads to wildfires, and the threat of both cyber and “meatspace” warfare are all mitigated by decentralizing energy production.

For example, one of the big moves an invading military makes these days is “bombing the enemy into the Stone Age.” They don’t literally destroy the whole country or the whole government, but by hitting the weak points in energy and telecommunications infrastructure, they’ve been able to deny everyone access to modern technology without harming innocent civilians.

Decentralized infrastructure ruins all such plans. Whether it’s bombs, hackers, or anything else targeting the weak points, it’s difficult for them to cut everyone off. With your own power generation, battery storage, and satellite internet via constellations/swarms, they’d have to hit every home and business to have the same effect.

But, weakening our cybersecurity via things like the EARN IT Act takes that security away again. If half of homes relied on Tesla energy for their power production, all they’d have to do is compromise Elon Musk’s secure messaging via the EARN IT Act’s backdoors. Then, they’d find their way into controlling the whole company’s products and knock everyone who uses their servers offline. Add a few other high-ranking officials and corporate leaders, and we could all be susceptible to attack again.

The EARN IT Act Isn’t Wanted By Anti-Trafficking Groups

What I think is particularly sad about this bill is that we’d give up all of this security while not actually helping the victims the bill supposedly aims to save. In fact, it could leave children even more vulnerable, as Child Rights International Network points out.

Current victims’ inability to access secure messaging can keep them from contacting relatives, authorities, or non-profits for help. They could even be kept by their parents or captors from knowing that there’s anything wrong with living with people who abuse you, or that it’s even abuse. Their ability to even escape the dark situation they’re in could be cut off.

Worse, children not already in the clutches of child pornographers and traffickers would have easier access to targets through the hacking of encrypted backdoors in social media or messaging apps. Imagine if some creep could find your child’s location, determine what they like and dislike (to lure them), or even impersonate people they should be able to trust? You can bet that they’ll use the weakened security against children more often than they’ll be hurt by it.

Because EARN IT seems to present so much danger with little or no public safety in return, it’s something I think we should all oppose. You can make your voice heard here.

Featured image is a work of the United States Government (Public Domain).