A Senate bill aimed at combating illegal drug use is the latest effort to eliminate end-to-end encryption (E2EE), privacy experts warn.

The Cooper Davis Act is a bill senators have been crafting with assistance from the Drug Enforcement Agency. The bill would force internet companies to report users to the DEA when they have “actual knowledge” that such users are using their platforms to distribute illegal drugs.

While the term “actual knowledge” would seem to be compatible with E2EE — a form of encryption that ensures communications can only be read by the sender and recipient — another clause in the bill throws the future of E2EE in doubt.

…so long as the provider does not deliberately blind itself to those violations.

That phrase essentially means that any provider using E2EE is ‘blinding itself to those violations,’ opening itself up to legal liability.

“They could maintain end-to-end encryption and risk liability that they had willfully blinded themselves to illegal content on their service and face the music later,” said Greg Nojeim, Senior Counsel & Director of Security and Surveillance Project at the Center for Democracy and Technology, via The Record. “Or they could opt to remove end-to-end encryption and subject all of their users who used to be protected by one of the best cybersecurity tools available to new threats and new privacy violations.”

Signal CEO Meredith Whittaker was also vocal about the implications of the Cooper Davis Act:

The effort to eliminate privacy in the name of ‘safety’ continues. Anything ≤ total surveillance of everyone = ‘willful blindness.’

Failing to put cameras in everyone’s bedrooms? Not tracking all residents with location? Using E2E? All willful blindness by this logic.

Meredith Whittaker (@mer_edith) — July 14, 2023

It’s no secret that US law enforcement and intelligence agencies have been the biggest enemies of E2EE for years. Officials paint E2EE as a dangerous technology that has no use other than to protect criminals from legal action.

In reality, E2EE is a critical component of internet security, one that helps protect everything from financial transactions to journalists reporting in dangerous regions. Eliminating E2EE will disproportionately hurt the innocent and have very little impact on criminals, who will simply find extra-legal means to continue using E2EE.