Proposed legislation targets online child sexual exploitation, but tech advocates say it may hamper encryption.
The U.S. Senate Committee on the Judiciary recently convened a hearing on draft legislation known as the EARN IT Act. The legislation is aimed at tackling child pornography online, but it has raised strong opposition from some internet companies because it holds implications for both their liability for hosting child pornography, as well as their use of end-to-end encryption.
Platforms such as Facebook and YouTube currently do not bear financial and legal risk for child pornography on their platforms because of a 1996 law known as Section 230 of the Communications Decency Act. Under this law, internet platforms are immunized from responsibility for content posted by their end users, so called user-generated content.
Sadly, since 1996, child pornography online has proliferated despite voluntary industry efforts to remove the content. In fact, the National Center for Missing and Exploited Children’s CyberTipline received nearly 17 million reports from internet platforms and other sources in 2019. These reports included “69.1 million images, videos, and other files related to child sexual exploitation.”
The EARN IT Act seeks to change incentives for internet platforms to tackle this harmful content by making these platforms more directly responsible for such posts. In essence, the bill would change Section 230 by allowing civil suits in which a court could find platforms to be “recklessly” distributing child pornography online. Platforms may, however, minimize the risk of these lawsuits by implementing best practices established pursuant to the legislation.
The EARN IT Act would enable best practices to emerge by a three-step process.
First, the Act would set up a national commission to enumerate best practices. This commission would consist of 19 experts with varying backgrounds and expertise. To obtain commission approval, 14 of the members must agree to the best practices.
Second, the Act would give the U.S. Attorney General, the U.S. Department of Homeland Security Secretary, and the Federal Trade Commission Chairman the authority to review and modify, within reason, the best practices endorsed by the commission.
Third, the EARN IT Act would give Congress an up-or-down vote—a type of roll-call vote—on the final best practices.
Companies certifying compliance with the EARN IT Act’s best practices could not be sued in court for damages relating to online distribution of child pornography. Companies that ignore the best practices, however, could still avoid lawsuits if they implement “reasonable measures…to prevent the use of the interactive computer service for the exploitation of minors.”
To many observers, the EARN IT Act seems a reasonable approach to tackling harmful online content and protecting children. But the EARN IT Act could pose problems for the use of encryption technology needed by tech platforms to protect data online.
Although the EARN IT Act does not specifically reference encryption technology, it implicates encryption, raising alarm bells for some tech advocates. These advocates argue that the bill creates the risk that, if a platform implements end-to-end encryption, it may become impossible for a platform to monitor for child pornography and benefit from the legislation’s safe harbor. For these reasons, some commentators have referred to the legislation as a “sneak attack on encryption.”
Proponents of the EARN IT Act argue that the legislation simply levels the playing field between the offline and online worlds. In a recent statement from the Senate Judiciary Committee, Chairman Lindsey Graham (R-S.C.) stated that tech companies “will have to earn blanket protection when it comes to protecting minors.”
Proponents also argue that encryption and efforts to tackle child pornography online can and should coexist. For some of the bill’s sponsors, the tension between the bill’s goals and encryption is not a zero-sum game. At the Senate Judiciary Committee hearing, for example, Senator Richard Blumenthal (D-C.T.) said that “encryption can coexist with strong law enforcement.”
The EARN IT Act has 10 co-sponsors in the Senate to date. This number suggests that the legislation has momentum and is likely to gain traction in the current Congress. In addition to the EARN IT Act’s viable congressional support, at least one internet platform, the dating website Match.com, also supports the legislation.
Although the exact next steps for the bill remain unknown at this time, the EARN IT Act will likely remain a topic of debate between internet freedom advocates and supporters of the legislation.
The views expressed in this essay are the author’s own and do not necessarily reflect those of the American Bar Association and the Fox Networks Group.