lindsey graham (l) richard blumenthal (r)

mark reinstein/Shutterstock National Transportation Safety Board/Flickr (Licensed)

Congress barrels forward with EARN IT Act, determined to end encrypted messaging online

Critics are warning that the bill could threaten encryption, free expression online.

 

Andrew Wyrich

Tech

Posted on Feb 10, 2022   Updated on Feb 16, 2022, 12:48 pm CST

The controversial EARN IT Act is being debated today by the Senate Judiciary Committee despite it facing immense criticism.

The bill, which was previously introduced two years ago and was met with similar push back, would remove Section 230 liability protections from tech platforms if they violated child sexual abuse material (CSAM) laws at the state and federal level. Section 230 shields all websites with user-generated content from being liable over what users post on it and has been a bedrock of the modern internet.

Critics of the law say that it would vastly expand the liability risk of hosting user-generated content and destroy end-to-end encryption. The law would expand the risk of lawsuits over user-generated content, likely causing websites to moderate content more. It would also disincentivize companies from offering users encrypted services.

Ahead of today’s Senate Judiciary Committee hearing to consider the bill, a coalition of more than 60 organizations called on the committee’s Chairman Sen. Dick Durbin (D-Ill.) and Ranking Member Chuck Grassley (R-Iowa) to oppose it. The bill was first introduced by Sen. Richard Blumenthal (D-Conn.) and Sen. Lindsey Graham (R-S.C.).

“We support curbing the scourge of child exploitation online. However, EARN IT will actually make it harder for law enforcement to protect children. It will also result in online censorship that will disproportionately impact marginalized communities and will jeopardize access to encrypted services,” the groups wrote in a letter sent on Wednesday. “Dozens of organizations and experts warned this committee of these risks when this bill was previously considered, and all of those same risks remain.”

The letter—which was led by the Center for Democracy and Technology (CDT) and signed by the American Civil Liberties Union, Electronic Frontier Foundation, Fight for the Future, Free Press Action, the Mozilla Foundation, the Wikimedia Foundation, and others—details the impact the bill could have.

Specifically, they say that because the bill allows for states to impose any liability standard they want on platforms, it would make it “far riskier for platforms to host user-generated content” because it would be faced with “liability under dozens of laws regulating conduct at different standards.” The end result, the letter warns, is “providers may simply choose to forgo hosting user content.”

The letter also notes that SESTA/FOSTA, a bill ostensibly aimed at curbing sex trafficking online and the last time Congress limited Section 230, has rarely been used to combat sex trafficking and instead has forced sex workers “offline and into harm’s way” and has “chilled their online expression generally.”

As for encryption, the letter says EARN IT would open platforms to “sweeping liability” and would “strongly disincentivize” providers from offering encryption. While EARN IT says that offering encryption can’t be an “independent basis for liability” of a platform in cases of violations of CSAM laws, it can be used as evidence to support those claims.

“Even the mere threat that use of encryption could be used as evidence against a provider in a criminal prosecution will serve as a strong disincentive to deploying encrypted services in the first place,” the letter reads.

The EARN IT Act also creates a commission—which would include federal law enforcement agencies—to create a set of “best practices” that providers should follow to address CSAM. While the “best practices” would be voluntary, given the Justice Department’s very vocal desire to have backdoors into encryption it seems “likely” they would include that in the list of “best practices.”

Not complying with those voluntary best practices, the letter warns, “could result in reputational harm to providers” and there is a risk that “refusal to comply could be considered as evidence in support of a provider’s liability, and inform how judges evaluate these cases.”

In a comment to the Washington Post, Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, called ending encrypted messaging the real goal of the bill.

“The goal of this is to make sure that companies can be punished at the state level for providing encryption.”

Despite the pushback, lawmakers have stormed ahead with the bill, which will likely pass out of committee today.

Update 11:15am CT: The Senate Judiciary Committee advanced the EART IT Act bill out of committee on Thursday morning.


Read more about internet rights

ISPs won’t quit trying to derail California’s ‘gold standard’ net neutrality law
A new bill might force data brokers to delete everything they have on you
Congress barrels forward with EARN IT Act, determined to end encrypted messaging online
FCC agrees to crack down on ‘sweetheart deals’ that restrict broadband choice in apartments, condos
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Feb 10, 2022, 9:31 am CST