Safeguarding the Internet: US Policy Priorities
Urgent steps for US lawmakers to shield global internet security, encryption, and user privacy from harmful legislation.
The internet stands as a cornerstone of modern society, connecting billions, powering economies, and enabling free expression. Yet, emerging legislative proposals in the United States threaten its foundational security mechanisms. With over 5 billion people online as of 2023, according to the International Telecommunication Union (ITU), any policy that weakens encryption or ignores global repercussions could expose users to unprecedented risks. This article outlines essential actions for US policymakers: rejecting bills that undermine end-to-end encryption (E2EE) and institutionalizing comprehensive internet impact assessments. These measures are vital to preserving a resilient, secure network for current and future generations.
The Vital Role of Encryption in Digital Protection
Encryption serves as the bedrock of online security, transforming data into unreadable formats accessible only to authorized parties. End-to-end encryption, in particular, ensures that even service providers cannot access user communications. This technology protects sensitive information—from personal messages to financial transactions—against hackers, surveillance, and authoritarian regimes.
Consider everyday scenarios: a journalist sharing sources, a business negotiating deals, or a family coordinating care for a vulnerable child. Without robust encryption, these interactions become vulnerable. The National Institute of Standards and Technology (NIST) emphasizes in its guidelines that strong cryptography is indispensable for securing federal systems and beyond, highlighting its role in preventing data breaches that cost the global economy trillions annually.
- Encryption prevents unauthorized access to private data.
- It shields against nation-state actors and cybercriminals alike.
- Weakening it invites exploitation by malicious entities worldwide.
Recent statistics from cybersecurity firms like CrowdStrike reveal a surge in ransomware attacks, many thwarted solely by encryption. Undermining this tool doesn’t just harm Americans; it ripples globally, as the internet’s interconnected nature means US-hosted services serve users everywhere.
Spotlight on the EARN IT Act: A Direct Threat
Proposed legislation like the EARN IT Act exemplifies the dangers of well-intentioned but misguided policies. Aimed at combating child sexual abuse material (CSAM), the bill seeks to strip away Section 230 protections for platforms that fail to scan user content aggressively. While no one disputes the horror of CSAM, the Act’s approach—pressuring companies to disable or bypass E2EE—creates broader vulnerabilities.
By tying liability immunity to proactive monitoring, EARN IT incentivizes mass surveillance. Platforms might resort to client-side scanning, where devices flag suspicious content before encryption. This not only erodes privacy but also introduces backdoors exploitable by adversaries. The Internet Society’s detailed analysis warns that such mandates could cascade to infrastructure providers, compelling even neutral carriers to compromise security.
| Aspect | EARN IT Impact | Consequences |
|---|---|---|
| Encryption | Forces weakening of E2EE | Increased hacking risks |
| Privacy | Mandates content scanning | Mass surveillance |
| Global Reach | Affects US-based services | Billions worldwide endangered |
Critics, including privacy advocates and tech experts, argue that EARN IT solves nothing while amplifying problems. Existing tools like PhotoDNA already detect known CSAM hashes without breaking encryption. Pushing for systemic weakening ignores these alternatives and prioritizes control over safety.
Mandating Internet Impact Assessments for Informed Lawmaking
Beyond blocking specific bills, the US needs a structural safeguard: mandatory internet impact assessments (IIAs). Similar to environmental impact statements, IIAs would evaluate proposed laws’ effects on internet resilience, interoperability, security, and user rights. This process ensures lawmakers grasp the full scope before voting.
IIAs could include technical reviews by independent experts, public consultations, and projections of global fallout. For instance, a bill altering encryption standards would undergo scrutiny for its effects on IoT devices, cloud services, and international data flows. The European Union’s approach to digital services legislation offers a model, incorporating impact analyses that have refined policies for better outcomes.
- Define assessment criteria: security, privacy, innovation, accessibility.
- Engage diverse stakeholders: tech firms, civil society, academia.
- Publish findings publicly for transparency.
- Require revisions if significant harms are identified.
Implementing IIAs positions the US as a responsible steward of the internet, mitigating unintended consequences that could fragment the network or stifle innovation.
Broader Implications for Global Internet Users
US policies don’t operate in isolation. American companies dominate global internet services—think messaging apps, email, and social platforms. A domestic law weakening security exports those risks abroad, endangering activists in repressive regimes or businesses in unstable regions. The UN Human Rights Council has repeatedly affirmed encryption’s role in protecting freedoms, underscoring its international imperative.
Moreover, retaliation is likely. If the US mandates backdoors, other nations might follow, creating a patchwork of incompatible standards. This balkanization threatens the end-to-end principle that has fueled the internet’s growth. Businesses face compliance nightmares, while users suffer diminished trust and functionality.
Positive precedents exist. The US government’s 2023 executive order on cybersecurity reinforced encryption’s importance, directing agencies to prioritize secure tools. Building on this, Congress can lead by rejecting EARN IT-style bills and enacting IIA requirements.
Stakeholder Perspectives and Paths Forward
Tech leaders like Apple and Signal have vocally opposed encryption-busting measures, citing real-world threats like the 2021 Colonial Pipeline hack, where strong security limited damage. Civil liberties groups such as the Electronic Frontier Foundation (EFF) advocate for targeted CSAM solutions that preserve privacy.
Looking ahead, lawmakers should:
- Introduce IIA legislation in the next session.
- Fund independent bodies to conduct assessments.
- Collaborate internationally on shared standards.
These steps foster innovation, such as quantum-resistant encryption, while safeguarding core protections.
FAQs: Addressing Common Concerns
What is end-to-end encryption, and why does it matter?
E2EE ensures only sender and recipient can read messages, blocking intermediaries. It’s crucial for privacy amid rising cyber threats.
Does the EARN IT Act really target encryption?
Yes, by conditioning liability shields on scanning, it pressures platforms to undermine E2EE for all users.
How would internet impact assessments work?
They’d analyze bills’ technical, economic, and social effects on the internet, with expert input and public review.
Can we fight CSAM without weakening security?
Absolutely—hash-matching tools detect known material without scanning private content.
What happens if the US ignores these recommendations?
Risks include more breaches, eroded trust, and global fragmentation of the internet.
Conclusion: Act Now for a Secure Digital Tomorrow
The internet’s future hinges on deliberate policy choices. By defeating threats like the EARN IT Act and embracing internet impact assessments, the US can champion a secure, open web. This isn’t merely technical—it’s about upholding human rights, economic vitality, and societal resilience for billions. Policymakers must prioritize these actions to ensure the internet remains a force for good.
References
- Cybersecurity Framework — National Institute of Standards and Technology (NIST). 2024-04-01. https://www.nist.gov/cyberframework
- Measuring digital development: Facts and figures 2023 — International Telecommunication Union (ITU). 2023-12-15. https://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx
- Internet Impact Brief: How the US EARN IT Act Threatens Security — Internet Society. 2022-11-01. https://www.internetsociety.org/wp-content/uploads/2022/11/IIB-US-EARN-IT-Act.pdf
- Global Threat Report 2024 — CrowdStrike. 2024-03-05. https://www.crowdstrike.com/global-threat-report/
- The Promotion, Protection and Enjoyment of Human Rights on the Internet — United Nations Human Rights Council. 2023-07-10. https://www.ohchr.org/en/documents/reports/report-working-group-privacy-its-session-43-advance-unedited-version-ahrcwg6
Similar Articles
Read full bio of Sneha Tete
