I previously blogged the EARN IT Act (p.3398) in February and March. The EARN IT Act is another entry in the long tradition of Congress of election year initiatives that pretend to promote children's well-being but actually use children as political props to advance completely independent goals.
* * *
A summary of the proposed law as it was introduced: To get Internet companies to fight child pornography (now called CSAM) more vigorously, a commission appointed by Congress would develop best practices for anti-CSAM efforts. Congress would quickly review and approve the Commission's recommendations. Internet companies could "earn" Section 230 immunity for CSAM-related claims by following Congress-approved best practices. The bill has had many problems, including distorted membership / vote distribution by the Commission and a jerky process to force Congress to approve the Commission's recommendations. The bill also included a poison pill: immunity under section 230 against CSAM-related claims would disappear after a few years, even if the commission or congress never approved best practices.
Prior to a markup by the Senate Judiciary Committee in July, Senator Graham introduced a manager change that significantly changed the bill. The draft law retained the commission, but no longer wanted to force Congress to review or approve the commission's recommendations. Instead, the invoice would unconditionally cut back section 230 for CSAM-related claims. The Senate Judiciary Committee unanimously approved the manager's change following a change by Senator Leahy. The bill is now pending across the Senate.
Important provisions of the current version
The bill contains four main provisions:
- It creates the misguided commission to develop recommendations on how Internet services should deal with CSAM
- It replaces the term “child pornography” in the United States Code with the term CSAM worldwide
- It changes how Internet services interact with NCMEC
- it cuts back section 230. Here is the current language, including Leahy's amendment (230 (e) (7)):
Section 230 (e) of the Communications Act of 1934 (47 U.S. C. 230 (e)) is amended by adding the following at the end:
“(6) NO IMPACT ON CHILD'S SEXUAL EXPLOITATION RIGHT. – Nothing in this section (other than subsection (c) (2) (A)) should be construed to affect or limit.
"(A) any lawsuit in a civil suit against an interactive computer service provider under Section 2255 of Title 18, United States Code, if the behavior underlying the claim violates Section 2252 or Section 2252A of that Title;
"(B) any criminal prosecution charge against an interactive computer service provider under state law for advertising, promoting, presenting, distributing or promoting material about child sexual abuse as defined in Section 2256 (8) of the Title 18 , United States Code; or
"(C) any lawsuit in a civil lawsuit against a provider of an interactive computer service under state law regarding advertising, promotion, presentation, distribution, or promotion of material about child sexual abuse within the meaning of Section 2256 (8) of Title 18, Code of the United States.
“(7) CYBERSECURITY PROTECTORS DO NOT INCREASE LIABILITY. – Notwithstanding paragraph (6), an interactive computer service provider is not considered a violation of Section 2252 or 2252A of Title 18, United States Code for the purposes of subparagraph (A) of this paragraph (6) and is otherwise not subject to any charge Prosecution under state law under subparagraph (B) of this paragraph (6) or an action in a civil suit under the state law under letter C of this paragraph (6) because the provider –
"(A) uses full end-to-end encrypted messaging services, device encryption, or other encryption services;
"(B) does not have the information needed to decrypt communication; or
"(C) does not take any action that would otherwise interfere with the provider's ability to offer complete end-to-end encrypted messaging, device encryption, or other encryption services."
Problems with the Section 230 carveback
The lack of evidence that the change to section 230 will help combat CSAM
Decoupling the results of the Commission from the amendments to section 230 turned the draft law upside down. The draft law initially commissioned the Commission to carry out factual and technical investigations before the requirements of section 230 were changed. With the change of manager, any attempt to understand how Section 230 can be optimized to fight CSAM has been abandoned. Instead, the draft law revises section 230 without input from the supposed experts from the Commission. In other words, the bill assumes that Section 230 unconditional carvebacks will improve the CSAM fight.
Could Section 230 Reform Increase CSAM?
As we have seen at FOSTA, belief-based changes to section 230 do not produce the results Congress wants, and can be counterproductive.
The EARN IT Act assumes that Internet companies could do more against CSAM, but Section 230 reduces their motivation to do so. Such an assumption is undoubtedly wrong. Internet services have always treated CSAM as toxic content. Accordingly, Internet services actively prevent CSAM and immediately correct all CSAM-related activities that they identify. This has been the case since section 230 entered into force. After section 230 came into force, Internet services have long feared that the federal government would prosecute CSAM (an explicit exception to section 230). Therefore, Section 230 has never given Internet services a reason to ignore CSAM.
If Internet services are already doing everything to address CSAM, how will Internet services respond to the carveback in section 230? Congress hopes Internet services will become tougher and magically make CSAM disappear. Instead, the EARN IT Act creates a moderator dilemma that prompts one of three responses from any Internet service:
- (1) Keep trying to eliminate CSAM, but be liable for errors. Because internet services cannot perfectly eliminate CSAM, internet services become financial guarantors for missed CSAM. In order to reduce this financial risk, Internet services will be filtered out, which affects the constitutionally protected and socially advantageous language.
- (2) drastically reduce anti-CSAM policing under the theory that this avoids a liability scientist. This strategy probably doesn't work at CSAM due to the high legal risks (CSAM-related claims may have little or no requirements for scientists). However, when services use this strategy, they become CSAM-safe harbors that are counterproductive to the alleged goal of the bill. Alternatively, more services could use end-to-end encryption (E2E) to negate their knowledge and control over encrypted communication. This may be a net positive result, but it is probably not the result that Congress is aiming for.
- or (3) leave the industry to avoid unmanageable legal risks. Like FOSTA, this bill will no doubt make the Internet smaller.
Just like FOSTA, the congress will not achieve the desired results. Countermeasures by Internet services may exacerbate the CSAM problem and definitely have undesirable consequences.
Section 230 opened to state law changes
Like FOSTA, the Internet Services Bill exposes government law enforcement and civil rights issues previously discussed in Section 230. In contrast to FOSTA, CSAM claims would not have to meet federal standards. The EARN IT Act thus ensures that, for the first time since 1996, Internet services are fully exposed to heterogeneous state laws. In addition, states have the option to enact new anti-CSAM laws for Internet services. These laws can create virtually unlimited conditions for Internet services to avoid CSAM liability, i.e. H. You must do X, Y and Z, or you are liable. (We have rarely seen government laws like this because Section 230 thwarted them). This gives every state the potential power to set de facto national standards for the Internet. Section 230 helps Internet services to worry about only one national legal standard. The EARN IT Act would burn this advantage.
Worst practices in interim settlement
Last year, a large coalition of experts published a seven-principles statement to help legislators consider intermediary liability. This bill violates most principles, particularly principles 1, 2, 3, 5, and 6.
The cynical motivations of the law?
The changes have eliminated any plausible justification for the EARN IT Act. The decoupling of the Commission from the reform of section 230 proved that it was not about improving the CSAM situation. This amplified the ubiquitous suspicion that E2E encryption was the actual target of the bill – and exposed the potentially cynical agenda of the bill to pretend to protect children to mask their actual goal. Then the Leahy change offered a tight secure haven for E2E encryption. It is not clear whether the Leahy change successfully protects E2E encryption, but it does undermine anti-encryption as an undisclosed target.
Why does this bill still exist after its justifications collapse? And why is Senator Graham pushing it aggressively? This week, Graham unsuccessfully requested Senate approval (a process called "hotlining"). One possible explanation is that Senator Graham sees the bill as a key selling point in his tougher than expected re-election campaign. In this case, the EARN IT Act Section 230 would burn down and use children as political props to support a false political narrative just to support Sen. Graham's political fate. Are the justifications for the invoice really that hollow? And is Section 230 division really the top priority of Congress right now?
You're welcome Call your senators today and tell them that "protecting children" should never be used as a political smoke screen for bad policies that don't help children. You can also check https://www.noearnitact.org/.