Online privacy is under attack, and sex workers and internet freedom activists are sounding the alarm, this time over a Senate bill called the “EARN IT Act.” If it passes, its impact could be even more devastating than 2018’s SESTA-FOSTA, which holds online platforms legally accountable for users’ content.
The EARN IT Act introduces additional liability for websites that do not adhere to guidelines for removing child exploitation content. Increased liability was also introduced under SESTA-FOSTA, an “anti-sex trafficking” bill that forced online services to actively monitor and prevent sex-trafficking on their services. In reality, this led sites including Craigslist and Reddit to shut down community spaces that sex workers relied on to meet clients and receive support from their colleagues. Sites like Wix, Dropbox, and Google Drive additionally began pulling sex workers’ content.
"This bill is such a clear extension and expansion of SESTA-FOSTA; even more aggressively geared toward surveillance and government anti-encryption crackdowns," sex worker and tech privacy advocacy collective Hacking//Hustling writes. "Remember how hard we fought before, we need that level of commitment, and more, again."
It's no secret that SESTA-FOSTA devastated sex workers across the internet. But why do sex work advocates say the EARN IT Act is so dangerous? The Daily Dot sat down with Hacking//Hustling to understand why the organization is encouraging sex workers, LGBTQ community members, left-leaning activists, and other marginalized groups to fight the bill.
What is the EARN IT Act?
Senate Bill 3398 is a bipartisan bill led by Sen. Lindsey Graham (R-S.C.) and co-sponsored by Sen. Richard Blumenthal (D-Conn.) and Sen. Dianne Feinstein (D-Calif.). Its full name is the "Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020," and, as the name suggests, it primarily has to do with surveilling online speech.
The EARN IT Act calls for a 19-person committee that will create "recommended best practices for websites regarding all elements of online sexual exploitation of minors." The members of the National Commission on Online Child Sexual Exploitation Prevention would include the attorney general, the secretary of homeland security, and the chairman of the Federal Trade Commission, along with 16 additional appointees split between law enforcement, prosecutors, child sexual abuse material survivors, tech and security industry members, and internet platform staff. The attorney general would serve as chairperson.
The commission would send the attorney general its recommended best practices for reducing child sexual exploitation. This ranges from “the enticement, grooming, sex trafficking, and sexual abuse of children" to "the proliferation of online child sexual abuse material." The EARN IT Act does not specify what these terms mean, thus giving the commission broad authority to define what these best practices entail.
These are ultimately signed off by the Justice Department, as the attorney general is given full veto power over all suggestions. After 18 months, the final best practices will be fast-tracked through Congress and turned into required practices websites must fulfill in order to receive online certification from the federal government.
In theory, platforms can choose whether or not to become certified. But "certified interactive computer service providers" would receive immunity from child sexual exploitation civil claims that the EARN IT Act would amend in the Communications Decency Act's Section 230.
Section 230 is a key part of the internet as we know it. The U.S. law declares "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." This clause protects services like Facebook, Twitter, and Reddit from being sued for illegal content its users share.
If the EARN IT Act passes, any social media network or online website that does not receive certification could be held liable. Civil claims would be based on whether an online service "recklessly" allowed the "distribution" and "transportation" of child sexual abuse material, regardless of whether they knew this activity took place. As Hacking//Hustling's clause-by-clause breakdown of the bill explains, this is because civil suits "only require a plaintiff to prove the defendant 'more likely than not' broke the law." Thus, websites like Twitter, Gmail, Instagram, or Reddit do not "have to know their tech was used to distribute child pornography" to face a suit.
In other words, websites can either follow the federal government's certification process, or they can wage their bets against lawsuits.
Regardless of whether a website gains certification or not, the bill would significantly increase the amount of surveillance required to report online child sexual abuse. This would force online platforms to actively monitor email, IP addresses, or "any other information which may identify or locate any involved minor," lest they face a lawsuit.
What will these "best practices" look like?
The EARN IT Act takes direct aim at Section 230 in an attempt to water down its free speech protections. But no one knows what the commission's "best practices" will look like—and we may not know for quite some time.
Hacking//Hustling founding member Danielle Blunt emphasized that the EARN IT Act would create a commission of "unknown" individuals to make "unknown rules" about how sites can earn Section 230 protections.
"Like FOSTA-SESTA, EARN IT would also create an environment of fear, added stress, and isolation," Blunt told the Daily Dot.
What we do know is that the EARN IT Act would give the Justice Department and American law enforcement increased power over online services by forcing websites to meet its certification standards. Activists fear these best practices and surveillance requirements will be used as an excuse to target marginalized people, such as communities of color, abortion activists, queer organizations, sex workers, and adult content creators.
"There is no way to know for sure [who will be impacted] because the bill is written in a way to fast track the decision making without space for public debate," Blunt said. "But the EARN IT Act will likely lead to further policing of everything online; especially for already marginalized communities."
What does this have to do with encryption?
Activists are taking countermeasures against EARN IT by paying close attention to Barr's views on internet content moderation. And they aren't flattering. Barr has long criticized Section 230's immunity as an "expansive reach" bolstered by its "broad interpretation" in court. The Electronic Frontier Foundation warns that Barr has "made clear, over and over again" that he wants to get rid of end-to-end encryption. Barr and his international colleagues wrote to Mark Zuckerberg last fall that "companies should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes."
Given the attorney general has veto power over any of the EARN IT commission's best practices, it seems likely that Barr will railroad the commission into creating a backdoor for law enforcement to read and monitor encrypted messages. Hypothetically, if Apple wants to avoid additional liability, it will be forced to comply with Barr's approved best practices, and thus give the government a way to decrypt all of its encrypted iMessages.
But a backdoor is just that: a door. Anyone who can enter it can access encrypted content."You can’t have an internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys," the Electronic Frontier Foundation writes. "The two are mutually exclusive. Concepts like 'client-side scanning' aren’t a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others."
Increased content surveillance could theoretically give online services enormous power over monitoring and restricting users' private speech, up to and including increased surveillance from the Justice Department.
"Under the guise of ‘protecting children’, this bill will create a backdoor for law enforcement to monitor all private communications, ending end-to-end encryption," Blunt said. "This bill would limit speech around queerness, abortion, harm reduction and would severley limit a sex worker’s ability to safely negotiate with clients."
How will this impact sex workers?
Sex workers fear the EARN IT Act will dismantle providers' and performers' online harm reduction tactics. By introducing a backdoor to decrypt end-to-end encrypted messages, sex workers (and their clients) are far more likely to have their private information passed along to the police or leaked to the general public. Names, addresses, phone numbers, meeting locations, and discreet conversations over encrypted calls could all lead to sex workers being doxed, stalked, or arrested by police. In worst case scenarios, information obtained by law enforcement under the commission's policies could be used as evidence in court to prosecute full-service sex workers.
Additionally, backdoor access comes with vast security risks for any website. Sex workers fear malicious hackers may be able to use exploits to steal and share adult performers' sexual content without their consent. Not only would this harm creators' income; it would deeply violate their privacy on the web.
The EARN IT Act also runs the risk of replicating SESTA-FOSTA's chilling effect on platforms. Like Tumblr's ban on NSFW content, websites like Twitter may preemptively restrict sexual content and prevent sex workers from using these services.
"If EARN IT passes, our work will become more dangerous and at higher risk of being surveilled and policed. But many forms of sex work are already criminalized, regardless if we are using E2E, we could be talking to an undercover cop without knowing it," Blunt said. "If EARN IT passes, safer communication will be less accessible, we will adapt but will face higher exposure to violence, more chilled speech, and less ability to negotiate clearly with clients."
Why does it matter?
Think about something you've sent over the internet in private. Maybe it's a complaint about the Trump administration. Maybe it's the name of your hometown. Or it could be something more compromising: nude photos, sexual fantasies, or texts with your weed dealer. These things are private for a reason, and encrypted messaging lets us maintain their privacy. If you use an iPhone, you already rely on end-to-end encryption to send texts to other iPhone users; iMessages are encrypted. And the EARN IT Act directly threatens your privacy—and the privacy of anyone else who prefers the utmost private forms of communication.
The EARN IT Act presents severe risks to many different vulnerable groups. Journalists regularly use ProtonMail, Signal, Wire, WhatsApp, Keybase, and other encrypted services to contact sources. Activists rely on secure communication to create events, plan strikes, and protest government buildings. Section 230 protects marginalized internet users' right to free speech and prevents the state from silencing their voices on political issues like abortion, obscenity laws, and the right to practice BDSM. And not unlike sex workers, the right to privacy is paramount because unencrypted personal identifying information may be used to put journalists, activists, and marginalized users at risk of swatting, home invasions, sexual assault, or arrest and prosecution.
If the government gains the right to monitor your encrypted messages through backdoor access, law enforcement will be able to track your digital footprint both publicly and privately. That is a vast amount of information, doubly so under social distancing during the coronavirus pandemic.
Potential backdoor access to HIPAA-compliant encrypted messaging platforms means a hacker could theoretically access your private telehealth sessions. Suddenly, taking a video call with your therapist over Zoom isn't truly private: The government, an identity thief, or a stalker with advanced tech knowledge could gain backdoor access and monitor your most intimate thoughts without either party knowing. The level of surveillance would be unprecedented. On principle, that's unsettling. Everyone requires privacy to function.
"The primary reason for curtains/blinds/drapes covering our windows in our house is to stop people from being able to see in. The reason we don’t want them to see in is because we consider much of what we do inside our homes to be private," CryptoSeb writes from The Crypto Paper. "Whether that be having dinner at the table, watching a movie with your kids, or even engaging in intimate or sexual acts with your partner. None of these things are illegal by any means but even knowing this, we still keep the curtains and blinds on our windows."