The Senate Judiciary Committee voted unanimously on Thursday to advance the EARN IT Act, a ruinous waste of bipartisanship that once threatened to destroy online platforms should they refuse to grant federal agencies unfettered access to the private communications of their users. The bill was designed to preclude services like Facebook from offering users access to messaging tools secured through end-to-end encryption. The consequence for not exposing Americans to hackers, blackmailers, and unscrupulous cops was losing liability protections under Section 230 of the Communications Decency Act, meaning in most cases companies could no longer afford to host user-generated content at all.
Introduced by Sen. Lindsay Graham (R-SC) and Richard Blumenthal (D-CT), the EARN IT Act underwent significant changes this week after its authors were bombarded with letters from experts outlining its numerous inherent flaws; that it would essentially flatline the internet economy among them. In an effort to salvage the bill, it was revamped a day before a crucial vote. Thus any dewdrop of earn-ment was suddenly missing from the so-called EARN IT Act.
There are no plans to rename the bill at this time.
The bill’s objective—undermining the secure communications of criminals but mostly just law-abiding Americans so the FBI can try to catch more of the former—was re-packaged as an effort to prevent the spread of child sexual abuse material (CSAM) online, a common legislative strategy for pushing privacy-invasive bills. (Who wants to be featured in a negative campaign ad claiming they voted against catching pedophiles?) It also serves as a fairly convenient political bludgeon for two U.S. senators whose contempt for Big Tech isn’t the least bit covert.
As one Senate aide joked to Gizmodo, attaching Section 230 to the bill assured tech reporters were “legally obligated” to write about the bill.
But due to its massive failings, the bill now simply carves out Section 230 (à la SESTA-FOSTA) so it no longer applies to CSAM under federal and state laws. This means in 50 states, victims of CSAM can directly sue Facebook, Twitter, and so on if the illicit material is found on their platforms. It’s unclear, frankly, why any of this is necessary. Social media companies are not legally protected under Section 230 if it’s found they’re participating in, or even wittingly allowing, the exchange of CSAM online. Section 230 protects online companies against certain liabilities related to user-generated content, but it does not protect website owners against violations of federal law.
The fact that the Senate is trying the same tactic with CSAM that it tried sex trafficking—carving it out of Section 230—should be a huge red flag. SESTA-FOSTA was an abject failure in every sense, not only because it didn’t prevent sex trafficking, but many sex workers (and others forced into prostitution) considered it a death sentence.
Sen. Patrick Leahy (D-VT) has managed to squeeze in a provision that ensures no liability will arise from the use of encryption, which is to say, maybe that’s the case. Experts remain unsure how it will all play out in the end since the bill, if passed, would certainly result in a wad of court appeals unlikely to be resolved before the collapse of civilization.
“Strong encryption is absolutely essential for the privacy and security of everyone’s communications and against abuse by bad actors and government overreach,” said Free Press Action Senior Policy Counsel Gaurav Laroia. “Despite the encryption protections the Leahy amendment seeks, it cannot anticipate and guard against all the actions state legislatures could take to restrict and outlaw effective encryption technologies or the measures that skittish general counsels at these companies could take to avoid costly suits.”
As the Center for Democracy and Technology notes in a statement emailed to Gizmodo, the bill would enable state criminal and civil claims “under State law regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material.”
“This is a vague and broad list of potential offenses that will encompass a wide variety of state laws that apply different legal standards to the same conduct,” the group says.
What experts are sure of is that online platforms are most likely to respond to it passing by curtailing the speech of their users, as the American Civil Liberties Union writes in a statement: “Even if the speech covered by the law could be restricted without raising constitutional concern, the content moderation practices the companies will deploy to avoid liability risk will sweep far more broadly than the illegal content.”
“By revoking the Section 230 protections for most CSAM claims outright, the amendment significantly expands companies’ risk of liability, thereby endangering both free expression and strong encryption services,” the Open Technology Institute said in a statement. “This incentivizes companies to over-censor speech, including that which is constitutionally protected, and to avoid offering end-to-end encryption, for fear of increased liability in many jurisdictions.”
“The EARN IT Act is and always will be a threat to free speech and free expression online,” said Dayton Young, product director at Fight for the Future, a digital rights organization. The bill, he adds, is “tailor-made to remove important legal safeguards for social media platforms, Internet providers, VPNs, and messaging apps that protect our online communications and personal data.”