Congress, Not the Attorney General, Should Decide the Future of Encryption

Tags: 2020s End-to-End Encryption Going Dark Section 230 US Congress

Authors: Rozenshtein, Alan Z.

Published: February 2020

URL: https://www.lawfareblog.com/congress-not-attorney-general-should-decide-future-encryption

Abstract: Alan Z. Rozenshtein, Associate Professor of Law at the University of Minnesota Law School, warns of the dangers of forgoing end-to-end encryption, an anticipated consequence of the powers granted to the attorney general, in the circulating draft of the EARN IT Act. Rozenshtein argues, “the question of whether to permit ubiquitous encryption is the sort of high-level policy decision that is best handled not by the executive branch but by Congress,” recommends against the legislature “shirk[ing] its responsibility to make this tough decision,” and, in the context of the Act, calls for the exclusion of anything encryption-related from the list of best practices.

The EARN IT Act was first introduced, by Senator Lindsay Graham, to Congress on March 5, 2020, considered by the Senate Judiciary Committee on June 25, 2020, cleared committee and was placed on the Legislative Calendar on July 20, 2020. The Act has been a source of considerable concern for its encryption-related consequences.