Letter to the Senate Judiciary Committee (TechFreedom)

As introduced, EARN IT dramatically increases the risk of liability for any service that offers end-to-end encryption. Under EARN IT, the use of encryption (or the failure to weaken that encryption) cannot serve as an independent basis for liability. 1 But EARN IT expressly permits courts to consider the use of encryption as evidence to support other claims2—including under state laws with a lower mens rea requirement.3 While federal CSE and CSAM statutes require “actual knowledge,”4 state laws may permit liability based on “recklessness” or “negligence.”5 If a company’s use of strong encryption that leaves it unable to detect and block such messages can be considered as evidence of negligence or recklessness, the net result would be nearly the same as permitting liability for encryption itself. Few, if any, companies will risk offering encrypted services in the face of this potential liability.