A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) advanced to the Senate floor Thursday, alarming privacy advocates who say the legislation turns the companies into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption.
The bipartisan Cooper Davis Act — named for a Kansas teenager who died after unknowingly taking a fentanyl-laced pill he bought on Snapchat — requires social media companies and other web communication providers to give the DEA users’ names and other information when the companies have “actual knowledge” that illicit drugs are being distributed on their platforms.
Many privacy advocates caution that, if passed in its current form, the bill could be a death blow to end-to-end encryption services because it includes particularly controversial language holding companies accountable for conduct they don’t report if they “deliberately blind” themselves to the violations.
Officials from the DEA have spent several months honing the bill with key senators, Judiciary Committee Chairman Dick Durbin (D-IL) said Thursday.
Providers of encrypted services would face a difficult choice should the bill pass, said Greg Nojeim, Senior Counsel & Director of Security and Surveillance Project at the Center for Democracy and Technology.
Privacy advocates counter that determining what constitutes child sexual abuse imagery on platforms is much easier than patrolling speech, particularly in various languages and with street slang, to sniff out drug sales.