They Want to Give Your Encryption Keys to the Golden State Killer

Joseph James DeAngelo is accused of the being the Golden State Killer (there are now reports that he is negotiating a plea deal).

One of the reasons that he evaded capture so long was that he was a police officer when some of the crimes were being committed.

As such, he had access to inside information about both the investigation and police techniques.

Congress is proposing the EARN act, which would require that internet providers provide an encryption back door to law enforcement, which would mean that the next serial killer with law enforcement connections would be able to access your most private communications, and your bank records.

If you don’t think that this would happen, know that a few years back, NSA employees were using the agency’s surveillance capabilities to spy on girlfriends, spouses, and exes:

A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption.

As the final text of the bill circulated, the Department of Justice held a press conference about its own effort to curb online child predation: a set of 11 “voluntary principles” that a growing number of tech companies—including Facebook, Google, Microsoft, Roblox, Snap, and Twitter—have pledged to follow. Though the principles the companies are pledging to adopt don’t specifically impact encryption themselves, the event had an explicit anti-encryption message. The cumulative effect of this morning’s announcements could define the geography of the next crypto wars.


EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn’t automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to “earn” the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.


Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether.

If you give this power to law enforcement, it will be abused, if not by a serial killer, then by domestic abusers stalking exes, or bad cops determined to evade the Constitution.

This is a VERY bad law.

Leave a Reply