The United States Senate recently advanced a bill that has sparked significant concern among privacy advocates and tech companies. The Cooper Davis Act, named after a Kansas teenager who tragically overdosed after purchasing a fentanyl-laced pill on Snapchat, is aimed at combating drug activity on online platforms. However, the implications of this bill for end-to-end encryption and personal privacy are alarming, and it may inadvertently make it harder to track criminal activity.
The Cooper Davis Act mandates that social media companies, encrypted communication providers, and other online services report any known drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA). The companies are expected to provide user information when they are aware of illicit drug distribution on their platforms.
This requirement, however, poses a serious threat to privacy. It essentially turns these companies into extensions of drug enforcement agencies, exposing them to liability for providing end-to-end encryption. The bill’s language is particularly contentious, as it holds companies accountable for conduct they don’t report if they “deliberately blind” themselves to the violations. This provision could be a fatal blow to end-to-end encryption services, which are crucial for protecting user privacy.
The DEA and key senators have spent several months refining the bill. However, privacy advocates and providers of encrypted services warn of the difficult choices that these companies would face should the bill pass. They could either maintain end-to-end encryption and risk liability for willfully blinding themselves to illegal content or remove end-to-end encryption, leaving their users vulnerable to new threats and privacy violations.
The bill’s “deliberately blind” provision has also drawn criticism from privacy advocates and tech companies. They argue that it targets encryption and undermines the purpose of privacy-protecting technology. Meredith Whittaker, the president of the foundation behind the popular encrypted Signal app, criticized the bill’s “willfully blind” language, suggesting that it equates the use of end-to-end encryption with willful blindness.
Law enforcement agencies have long complained about the challenges posed by end-to-end encryption, arguing that it creates a “lawless space” that criminals can exploit. The DEA has cited the use of social media applications and encrypted platforms by drug cartels to coordinate logistics and reach out to victims.
However, privacy advocates counter that determining what constitutes illegal activity on platforms is much more complex than identifying child sexual abuse imagery, which platforms are already required to report. They argue that language, particularly in various languages and street slang, is much harder to police on a mass scale.
Moreover, the bill could inadvertently make it harder to track criminal activity. If mainstream platforms are forced to compromise their encryption, criminals are likely to migrate to more privacy-focused apps, making it even more challenging for law enforcement to monitor their activities.
The Cooper Davis Act raises critical questions about the balance between privacy, security, and law enforcement in the digital age. As we increasingly live our lives online, we must confront the question of whether we want communication service providers to become extensions of the government. The implications of the Cooper Davis Act for end-to-end encryption, user privacy, and online drug enforcement are complex and far-reaching, and they deserve careful consideration as the bill moves forward.