Imagine you and your best friend are very close, and you invent your own language. Whenever you communicate with your friend, you do it in your own language and nobody else can possibly understand what you’re saying because only you and your friend have the way to translate it.

But then you are told that while you don’t have to *stop* using your made up language, you do have to provide the government a full dictionary so that they can understand what you’re saying, just in case.

That’s the basic gist of it. End to end encryption scrambles what you are saying so only you and your endpoint can read it. But for security reasons, some government officials want the ability to unscramble it too just in case you are using it to do something illegal

The EARN IT act does not apply to the Internet. It applies to website operators within the United States of America. For example if you are an Internet Service Provider, hosts game servers that is connected to the Internet, hosts email servers, etc. then you are not affected directly by EARN IT. Similarly if you are a website operator in Great Britain, Germany, Israel, Nigeria or even Mexico then EARN IT does not directly apply to you. Even if your website is available from within the US and is being accessed by people from within the US the legislation does not directly affect you.

There are obviously some caveats here. It is very hard to do business today without dealing with an American company. It could be that you use their website (Reddit is an American company), the hosting provider might be American, a number of other vendors might be American, advertisers might be American, or at least it goes through an American agent, etc. So any legislation in the US will have some impact on the rest of the world. But any attempt at enforcing American legislation on foreign companies is going to be have to done in a very round about way by charging American companies for the crime.

End to end encryption is what a lot of popular communication and social media sites use. This process uses different kinds of keys to “lock” and “unlock” the messages so that nobody but the sender and recipient can access them. When you sign up for a service that provides end to end encryption, you are assigned a “private key” and a “public key” pairing. The private key is not shared with anyone – it’s stored on your device. The public key is shared with everyone – it’s stored on the server which handles these communications. The way these keys are used is best described with an example, so here’s one:

If Mike wants to send Jim an encrypted message, then Mike can use Jim’s public key to scramble the message into something completely unintelligible. The only way to unscramble it is to use Jim’s private key, which only Jim should have access to. For Jim to send a message back to Mike, he just has to use Mike’s public key to scramble the message so that only Mike’s private key can unscramble it.

Theoretically the only other entity that could access these messages is the company responsible for issuing the private-public key pairings, but there are lots of regulations and systems in place to help prevent that. The government is concerned about illegal activity being conducted or coordinated using companies/services that provide this kind of encryption, so they want to add legislation that requires these companies/services to provide the government a way to unscramble these messages despite not being either the sender or recipient.