The EARN IT Act Has Gotten Even More Terrible. So Of Course It’s Moving Forward
[February 8, 2022 update: EARN IT is back and worse than ever. The current draft has an inferior version of the Leahy Amendment. Otherwise, this post remains current.]
I previously blogged the EARN IT Act (S.3398) in February and March. The EARN IT Act is another entry in Congress’ long tradition of election-year initiatives that purport to advance children’s welfare, but actually use children as political props to advance completely unrelated goals.
* * *
A summary of the bill as introduced: to get Internet companies to fight child porn (now called CSAM) more, a Congressionally appointed commission would develop best practices for anti-CSAM efforts. Congress would expeditiously review and approve the commission’s recommendations. Internet companies could “earn” Section 230 immunity for CSAM-related claims by complying with the Congress-approved best practices. The bill had many problems, including a skewed commission membership/vote allocation and a janky process to compel Congress to approve the commission’s recommendations. The bill also had a poison pill: Section 230 immunity for CSAM-related claims would go away after a few years even if the commission or Congress never approved any best practices.
Prior to a Senate Judiciary Committee markup in July, Sen. Graham introduced a manager’s amendment that materially changed the bill. The bill retained the commission, but it no longer sought to compel Congress to review or approve the commission’s recommendations. Instead, the bill would unconditionally carve back Section 230 for CSAM-related claims. The Senate Judiciary Committee unanimously approved the manager’s amendment after an amendment from Sen. Leahy. The bill is now pending with the full Senate.
Key Provisions of the Current Version
The bill has four main provisions:
- it creates the misarchitected commission to develop recommendations on how Internet services should handle CSAM
- it globally replaces the term “child pornography” in the U.S. Code with the term CSAM
- it changes how Internet services interact with NCMEC
- it carves back Section 230. Here is the current language, including Leahy’s amendment (230(e)(7)):
Section 230(e) of the Communications Act of 1934 (47 U.S.C. 230(e)) is amended by adding at the end the following:
“(6) NO EFFECT ON CHILD SEXUAL EXPLOITATION LAW.—Nothing in this section (other than subsection (c)(2)(A)) shall be construed to impair or limit—
“(A) any claim in a civil action brought against a provider of an interactive computer service under section 2255 of title 18, United States Code, if the conduct underlying the claim constitutes a violation of section 2252 or section 2252A of that title;
“(B) any charge in a criminal prosecution brought against a provider of an interactive computer service under State law regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material, as defined in section 2256(8) of title 18, United States Code; or
“(C) any claim in a civil action brought against a provider of an interactive computer service under State law regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material, as defined in section 2256(8) of title 18, United States Code.
“(7) CYBERSECURITY PROTECTIONS DO NOT GIVE RISE TO LIABILITY.—Notwithstanding paragraph (6), a provider of an interactive computer service shall not be deemed to be in violation of section 2252 or 2252A of title 18, United States Code, for the purposes of subparagraph (A) of such paragraph (6), and shall not otherwise be subject to any charge in a criminal prosecution under State law under subparagraph (B) of such paragraph (6), or any claim in a civil action under State law under subparagraph (C) of such paragraph (6), because the provider—
“(A) utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services;
“(B) does not possess the information necessary to decrypt a communication; or
“(C) fails to take an action that would otherwise undermine the ability of the provider to offer full end-to-end encrypted messaging services, device encryption, or other encryption services.”
Problems With the Section 230 Carveback
The Absence of Evidence That Amending Section 230 Will Help Fight CSAM
Decoupling the commission’s findings from the Section 230 amendments turned the bill on its head. The bill initially tasked the commission to do factual and technical research before altering Section 230’s prerequisites. The manager’s amendment abandoned any attempt to understand how to optimize Section 230 for the fight against CSAM. Instead, the bill revises Section 230 without any input from the commission’s purported experts. In other words, the bill takes it on faith that unconditional Section 230 carvebacks will improve the CSAM fight.
Could Section 230 Reform Increase CSAM?
As we saw with FOSTA, faith-based amendments to Section 230 don’t produce the results Congress wants and can be counterproductive.
The EARN IT Act assumes that Internet companies could do more to fight CSAM, but Section 230 reduces their motivation to do so. Any such assumption is unquestionably false. Internet services have always treated CSAM as toxic content. Accordingly, Internet services actively prevent CSAM and immediately remediate any CSAM-related activity they identify. This has been true since before Section 230’s enactment. Following Section 230’s enactment, Internet services have long feared federal criminal prosecutions for CSAM (an explicit exception to Section 230), so Section 230 has never given Internet services any reason to ignore CSAM.
If Internet services are already doing all they can to address CSAM, how will Internet services respond to the Section 230 carveback? Congress hopes that Internet services will nerd harder and magically make CSAM disappear. Instead, the EARN IT Act creates a moderator’s dilemma, which prompts one of three responses by each Internet service:
- (1) keep trying to eliminate CSAM but face new liability for any mistakes. Because Internet services can’t perfectly eliminate CSAM, this turns Internet services into financial guarantors of any missed CSAM. To reduce this financial exposure, Internet services will overfilter, which hurts constitutionally protected and socially beneficial speech.
- (2) dramatically reduce anti-CSAM policing efforts under the theory that this avoids liability-creating scienter. This strategy probably doesn’t work for CSAM because of its high legal risks (CSAM-related claims may have low or no scienter requirements). But if any services adopt this strategy, they become CSAM safe havens that are counterproductive to the bill’s purported goal. Alternatively, more services could adopt end-to-end (E2E) encryption to negate their knowledge and control of the encrypted communications. That might be a net-positive outcome, but it’s probably not the outcome Congress intends.
- or (3) exit the industry to avoid unmanageable legal risks. As FOSTA did, this bill unquestionably will shrink the Internet.
So, just like FOSTA, Congress won’t get its desired outcomes. Internet services’ countermoves will possibly exacerbate the CSAM problem and definitely create unwanted consequences.
Opening Up Section 230 to State Law Variation
Like FOSTA, the bill exposes Internet services to state criminal prosecutions and civil claims that Section 230 previously covered. Unlike FOSTA, CSAM claims wouldn’t need to conform to federal standards. Thus, the EARN IT Act ensures that Internet services will–for the first time since 1996–bear unrestricted exposure to heterogeneous state laws. Further, states will have carte blanche to craft new anti-CSAM laws targeting Internet services. These laws could adopt a virtually unlimited range of preconditions for Internet services to avoid CSAM liability, i.e., you must do X, Y, and Z or you’re liable. (We have rarely seen state laws like this to date because Section 230 thwarted them). This gives every state the potential power to set de facto national standards for the Internet. Section 230 helps Internet services only worry about a single national legal standard. The EARN IT Act would burn up that benefit.
Worst Practices in Intermediary Regulation
Last year, a huge coalition of experts put out a statement of seven principles to guide lawmaker thinking on intermediary liability. This bill violates most of the principles, especially principles #1, 2, 3, 5, and 6.
The Bill’s Cynical Motivations?
The amendments have eliminated every plausible justification for the EARN IT Act. By decoupling the commission from Section 230 reform, the bill proved that it didn’t care about improving the CSAM situation. That reinforced the pervasive suspicion that E2E encryption was the bill’s real target–and exposed the bill’s possibly cynical agenda of pretending to protect children to mask its real goal. Then, the Leahy amendment provided a narrow safe harbor for E2E encryption. It’s not clear if the Leahy amendment successfully protects E2E encryption, but it does undermine anti-encryption as an undisclosed objective.
With the collapse of its justifications, why is this bill still around? And why is Sen. Graham pushing it aggressively? This week, Graham unsuccessfully sought full Senate approval via unanimous consent (a procedure called “hotlining”). One possible explanation is that Sen. Graham sees the bill as a key sales point in his tougher-than-expected reelection campaign. If so, the EARN IT Act would burn down Section 230, using children as political props to support a false political narrative, solely to aid Sen. Graham’s political fortunes. Are the bill’s justifications really that hollow? And is carving up Section 230 really Congress’ most urgent priority right now?
Please call your Senators today and tell them that “protecting the children” never should be used as a political smokescreen for bad policies that won’t help children. You can also check out https://www.noearnitact.org/.
Pingback: While Our Country Is Engulfed By Urgent Must-Solve Problems, Congress Is Working Hard to Burn Down Section 230 - Technology & Marketing Law Blog()