New 'EARN IT Act' Alternative Seeks $5 Billion to Hunt Child Predators Without Wrecking Encryption

Senator Ron Wyden (D-OR), chief author of the Invest in Child Safety Act, credited news reporters with shining a light on Washington’s failures to properly address child sexual abuse material online.
Senator Ron Wyden (D-OR), chief author of the Invest in Child Safety Act, credited news reporters with shining a light on Washington’s failures to properly address child sexual abuse material online.
Photo: Samuel Corum (Getty)

Democratic lawmakers unveiled new legislation Wednesday aimed at drastically expanding the federal government’s resources devoted to the targeting and prosecution of child predators, developing new technologies to identify child sexual abuse material online, and funding leading community organizations that work to prevent children from becoming victims.


“Nothing is more heinous than sexual abuse of child, but our ability to combat these crimes has not kept up with technology,” Sen. Kirsten Gillibrand said in a statement.

The legislation, dubbed the “Invest in Child Safety Act,” seeks to establish a new office under the direction of the White House to better streamline the government’s efforts at identifying and prosecuting online predators. In coordination with the FBI and the secretaries of Education, Defense, and Health and Human Services, among others, the new office would act to develop and support new enforcement strategies and fund new and existing programs to stop child abuse, including those run by local governments and other non-federal entities.

The bill’s chief author, Sen. Ron Wyden, credited reporting by, primarily, the New York Times, with exposing what he called a “failure” by Congress and the White House “to respond to disgusting crimes against children that are shared online.” Harrowing investigations by Times reporters Michael Keller and Gabriel Dance last year laid bare the failure of Washington and America’s tech companies to aggressively halt the circulation of child sexual abuse material (CSAM) online, despite having the technical means to do so.

“Our bill will finally provide agencies with enough investigators and prosecutors to confront this menace, fund the organizations who help protect at-risk kids from becoming victims, and provide aid to survivors,” Wyden said.

“Last year, tech companies reported more than 45 million instances of child sexual abuse material being circulated online,” said Sen. Bob Casey. “The proliferation of these heinous crimes are overwhelming law enforcement agencies and they need support to stop these perpetrators.”

The bill, which also directs funding to school-based mental health services, amends the existing law behind the CyberTipline, the nation’s central reporting system for child abuse content, managed by the nonprofit National Center for Missing & Exploited Children (NCMEC), doubling the allotted time companies can preserve digital evidence from 90 to 180 days. The bill also requires entities reporting to the CyberTipline to preserve illicit material using only methods established by information security experts at the National Institute of Standards and Technology (NIST).


CyberTipline has received “over 72 million reports” to date, according to NCMEC President and CEO John F. Clark.

Matthew Green, a professor at Johns Hopkins University who specializes in cryptography and cybersecurity, said in a statement that, as a parent, he was gratified to see the bill provided law enforcement additional resources to eliminate the spread of CSAM. “Unlike other recent proposals, which use Silicon Valley as a scapegoat while failing to fund law enforcement agencies, this bill is a serious attempt to provide resources to the front-line agencies that do this essential work,” he said.


In March, Senate Judiciary Committee Chairman Lindsey Graham and Democratic member Richard Blumenthal rolled out highly contentious legislation called the “EARN IT Act,” which threatens to strip online platforms, such as Facebook, of civil immunity under Section 230 of the Communications Decency Act if they did not follow guidelines laid out by the attorney general, a vocal opponent of strong encryption. Section 230 is the law that protects website owners from being sued over the content posted by users. Its passage in the mid-90s is widely credited with creating the legal conditions that helped kicked off the internet age.


Legal experts and digital rights advocates have roundly condemned the EARN IT Act, claiming it is both “unconstitutional” and “a disaster” that would undermine the privacy and security of consumers while rattling the digital economy. Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, labeled the bill a “sneak ban on encryption.”

Alex Stamos, the former chief information security officer at Facebook, who now directs the Stanford Internet Observatory, joined Green in applauding the alternate approach of Wyden’s new bill, saying it would modernize an “overloaded technical infrastructure” that has created huge prosecution backlogs. “America’s tech companies report tens of millions of instances of child sexual abuse per year,” he said, “but only a tiny portion of those reports are investigated and even fewer perpetrators are prosecuted and convicted.”


More on the technical side, the bill will allow NCMEC to offer nonprofit partners access to hash values derived from child sexual abuse images. Hash values are mathematical algorithms used to generate “fingerprints” from electronic images, among other file types, represented by an alphanumeric string. One such technology known as PhotoDNA, originally developed by Microsoft, is widely used by tech companies, including Facebook, to scan for CSAM across vast digital platforms.

The Invest in Child Safety Act would additionally lead to the hiring of “not less than 100” new FBI agents and investigators tasked with developing cases against online predators. And it would double funding for various related programs, including the Internet Crimes Against Children (ICAC) task force, overseen by the Justice Department, and the National Criminal Justice Training Center (NCJTC), which trains criminal justice professionals in the prosecution and prevention of child victimization cases.


Ahead of its introduction, the bill received endorsements from the National Children’s Alliance, the Child Welfare League of America, and the Family Online Safety Institute, as well as David Kaye, the United Nation’s Special Rapporteur on Promotion and Protection of Freedom of Expression.

“Law enforcement agencies at all levels in the United States are significantly under-resourced when it comes to investigating and prosecuting child sexual abuse material online, and only able to pursue a fraction of the cases referred to them,” the Open Technology Institute said in its endorsement. “The Invest in Child Safety Act would directly address this problem, providing meaningful resources that would equip law enforcement and the National Center for Missing and Exploited Children to more effectively combat this crisis and hold predators accountable.”


Senior Reporter, Privacy & Security


Hey don’t get me wrong, child abuse stuff is bad. But $5Billion? When did a billion dollars just become like no big deal?!?! and how do they even come up with these numbers.

You could pay 100 IT pros $200K/year each for the next decade for $200M. Now, let’s double that for hardware and overhead and whatever. So $400M for a decade. They’re asking for 12x that amount right out of the gate?!?! Does not compute.