The Biden Administration has issued new guidance on cybersecurity, warning of the possibility of cyberattacks sponsored by the Russian government. The Fact Sheet, titled “Act Now to Protect Against Potential Cyberattacks,” includes recommendations for US-based companies to harden their cybersecurity defenses. One of the recommendations is for companies to “Encrypt your data so it cannot be used if it is stolen.”
Strong encryption is considered a best-practice by security professionals around the world. But that hasn’t stopped US lawmakers from pushing legislation that undermines encryption or disincentivizes companies from using it. The EARN IT Act, which passed out of the Senate Judiciary Committee last month, flies in the face of the recommendations being issued by the White House. As numerous security experts and human rights groups have noted, the EARN IT Act would actively discourage companies from implementing strong encryption, leaving companies themselves and ordinary Americans vulnerable to attacks.
“It cannot be said enough times: dangerous legislation like the EARN IT Act makes people less safe, not more safe,” said Evan Greer (she/her), director of Fight for the Future, “State sponsored cyberattacks can put people’s lives in danger, especially activists and journalists. The Biden administration is right to urge companies to implement strong encryption wherever possible. If the EARN IT Act were to pass, companies would be put in an impossible position where they’d be forced to leave their users vulnerable to cyber attacks out of fear that offering strong encryption could get them in trouble. That’s nonsensical and wrong. The sponsors of the EARN IT Act should withdraw their bill and start over.”
Fight for the Future has been running a campaign at NoEarnItAct.org, which has already driven nearly 600,000 emails and calls to Congress opposing the EARN IT Act.