At the time of this writing, the world is currently focused on stopping and curtailing the effects of the Covid-19 pandemic. Many families across the US, and the world are focused on making ends meet and safeguarding the health of their loved ones. It is now at this moment, more than ever, that we must pay special attention to the legislation that is being introduced during these turbulent times around the world. Let’s start by going over the EARN IT Act that has been introduced in the US, what it is, and my opinion as a lawyer and cryptocurrency enthusiast.
The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act)
This piece of legislation demands our attention. The EARN IT Act intends to create incentives for companies to “earn” liability protection for violations of laws related to the exploitation of minors.
While the EARN IT Act hopes to eliminate many items that need to be dealt with, many within the privacy and tech industry are standing up to this Act, citing that it would strip away their first amendment rights while also stripping them of their right to privacy. These are substantial claims, and in order to understand the validity they may hold, we will dive into the background of this Act, what it actually says and the implications for the tech industry as a whole.
The EARN IT Act was introduced on March 5th during the second session of the 116th Congress. The bill was introduced by Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina), U.S. Senators Richard Blumenthal (D-Connecticut), Josh Hawley (R-Missouri) and Ranking Member Dianne Feinstein (D-California). Concerning the bill, Senator Lindsey Graham stated:
I appreciate my colleagues working with me on this bill to ensure tech companies are using best business practices to prevent child exploitation online. This bill is a major first step. For the first time, you will have to earn blanket liability protection when it comes to protecting minors. Our goal is to do this in a balanced way that doesn’t overly inhibit innovation, but forcibly deals with child exploitation.
As stated above, the main purpose of the Act is to deal with the exploitation of minors across the internet. This bill aims to ensure that service providers earn Section 230 immunity for child sexual abuse material by enforcing compliance with a set of guidelines developed by a commission that the bill appoints. Section 230 is a key lynchpin to the problems inherent in the EARN IT Act. Section 230 of the Communications Decency Act is based on the idea that the internet is a free market and a universal good for free speech. It states that online platforms and companies which offer interactive computer services, for the majority, cannot be held accountable for things that users say or send on their platforms. Currently, companies do not have to do anything to “earn” these protections under the law.
There is no debating that the exploitation of minors online is a serious and heinous problem. The New York Times conducted an investigative series in Late 2019 showing that reports of suspected child sexual abuse material to the NCMEC CyberTipline have risen exponentially since its inception. For example, over the past five years, reports increased from 1.1 million in 2014 to 16.9 million covering 69.1 million photos, videos and files in 2019. No one has an issue with the validity of this problem, but problems arise when you take a deeper look into how the Act is attempting to solve it.
The EARN IT Act aims to curtail the effects of child exploitation in the following ways:
Providers of “interactive computer services” must “earn” Section 230 immunity regarding child sexual abuse material
One of the most contentious sections of this legislation is in regards to providers having to earn immunity when previously, this protection was afforded to them under Section 230. Under the bill as written, services such as Whatsapp or Facebook Messenger, might be giving up end-to-end encryption.
The Electronic Frontier Foundation states that in regards to the EARN IT Act’s objectives:
“It doesn’t help organizations that support victims. It doesn’t equip law enforcement agencies with resources to investigate claims of child exploitation or training in how to use online platforms to catch perpetrators. Rather, the bill’s authors have shrewdly used defending children as the pretense for an attack on our free speech and security online.”
From a technological perspective, we cannot have a system where some messages are scanned and others are omitted. This is a strategy that even the senators who drafted the legislation will not accept. When speaking about Facebook policy, Senator Graham stated:
“Facebook is talking about end-to-end encryption which means they go blind, We’re not going to go blind and let this abuse go forward in the name of any other freedom.”
It is in fact very likely, that the use of end-to-end encryption will be seen as an obstacle to the best practices section under the Act. This is due to the fact that if a service provider such as Whatsapp, cannot see the encrypted files on its platform, it will be difficult for them to verify whether there is any malicious content being sent via their service. The committee that has been tasked with creating a set of “best practices” is made up of law enforcement personnel, child advocacy group representatives, tech experts and tech industry representatives. This committee has the power to unilaterally create best practices. These best practices and guidelines will then go to the Attorney General, where he will have the ability, at his sole discretion, to make changes to and amend the best practices. It is no secret that the current attorney general strongly favors the elimination or weakening of end-to-end encryption.
Did you know that the EARN IT Act includes the word ‘encryption’ a total of 0 times?
While encryption is not mentioned in the Act, industry leaders in the tech and privacy industry can see the writing on the wall. Head of Whatsapp, Will Cathcart, drafted the thread below which summarizes his feelings towards the Act and some sources which educate readers on the hidden threat to encryption and privacy that is at stake.
Under the Act, Interactive Computer Services, such as Whatsapp and Facebook Messenger, can earn immunity by two safe harbor provisions:
(1) Compliance with recommended best practices for the prevention of online child exploitation conduct, as determined by the 15-member commission; or (2) implementing other reasonable measures instead of the recommended best practices.
To comply with the first safe harbor provision would likely result in a service losing end-to-end encryption. Because, as stated above, if a company such as Facebook or Whatsapp cannot see the contents of what is being sent via its platform, then it is likely to be a detriment when detecting harmful content.
The second safe harbor provision comes with its own difficulties. The question of whether these alternative measures would be deemed reasonable would fall to the courts to decide. In essence, it will boil down to the scope of the legal issue presented to the court. Would end-to-end encryption be deemed reasonable when the goal is to identify content that exploits children? Probably not. It is likely that any company that elects to create their own alternatives to the best practices outlined in the Act would not prevail in court.
The EARN IT Act is currently in its early stages. It has been introduced but no votes have been taken at this time. As it stands, the Act goes against the freedoms afforded to Americans by the 1st and 4th Amendments. While the Act hopes to identify harmful content that exploits children, it does not allocate resources to law enforcement or educate them on how to best help this unique class of victims.
If you feel strongly about this issue, you can always contact your U.S. Senator and Representatives. The freedoms afforded to US citizens by the Constitution should not be sacrificed for a bill that was so haphazardly put together.