That section was added to the original 2020 bill as an amendment by Senator Patrick Leahy. The Center for Internet and Society (Stanford Law School) has a blog post explaining why that section is not strong enough to shield service providers that offer end-to-end encryption from legal liability:
> Leahy’s encryption amendment isn’t all it’s cracked up to be. There’s still skepticism among tech policy wonks and cryptographers alike over Leahy’s encryption amendment. It essentially gives providers a defense against liability, which is less strong than the a priori immunity from liability in the first place that Section 230 currently provides.
> CDT predicts that it will invite prolonged litigation over whether potential liability is “because of” the provider’s use of encryption (if so, the case is barred) or because of some other reason (if so, no bar).[3] CDT told CyberScoop that the “consistent threat of litigation … will be a strong disincentive against providing [end-to-end encryption] and continuing to have to defend that decision in court.” With potentially wide variation in state CSAM laws, “the worry,” as Techdirt says, “is that we won't know whether or not offering end-to-end encryption would be seen as violating state laws until long and costly cases go through their lengthy process.” The Internet Society’s Joe Hall agreed, telling CyberScoop that the amendment is “a fig leaf of protection for strong encryption” that leaves providers “to fight it out in court, which is far from cementing protection and clarity for encryption, the bedrock of our lives on the internet and in the real world.” I couldn’t have said it better.
> It’s not clear how many cases against providers would actually be precluded by Leahy’s amendment. Plaintiffs and state AGs could readily come up with other grounds besides encryption on which to premise liability for an encrypted service (at least as a pretext, even if encryption is really the ultimate reason they’re mad). CDT also points out that the Leahy amendment doesn’t stop the AG-headed commission from recommending anti-encryption best practices (as any commission with Bill Barr at the helm will likely do). That would’ve been a freebie for Leahy to throw in, especially with the commission’s fangs removed anyway.
> Leahy’s encryption amendment isn’t all it’s cracked up to be. There’s still skepticism among tech policy wonks and cryptographers alike over Leahy’s encryption amendment. It essentially gives providers a defense against liability, which is less strong than the a priori immunity from liability in the first place that Section 230 currently provides.
> CDT predicts that it will invite prolonged litigation over whether potential liability is “because of” the provider’s use of encryption (if so, the case is barred) or because of some other reason (if so, no bar).[3] CDT told CyberScoop that the “consistent threat of litigation … will be a strong disincentive against providing [end-to-end encryption] and continuing to have to defend that decision in court.” With potentially wide variation in state CSAM laws, “the worry,” as Techdirt says, “is that we won't know whether or not offering end-to-end encryption would be seen as violating state laws until long and costly cases go through their lengthy process.” The Internet Society’s Joe Hall agreed, telling CyberScoop that the amendment is “a fig leaf of protection for strong encryption” that leaves providers “to fight it out in court, which is far from cementing protection and clarity for encryption, the bedrock of our lives on the internet and in the real world.” I couldn’t have said it better.
> It’s not clear how many cases against providers would actually be precluded by Leahy’s amendment. Plaintiffs and state AGs could readily come up with other grounds besides encryption on which to premise liability for an encrypted service (at least as a pretext, even if encryption is really the ultimate reason they’re mad). CDT also points out that the Leahy amendment doesn’t stop the AG-headed commission from recommending anti-encryption best practices (as any commission with Bill Barr at the helm will likely do). That would’ve been a freebie for Leahy to throw in, especially with the commission’s fangs removed anyway.
https://cyberlaw.stanford.edu/blog/2020/07/earn-it-act-threa...