The EARN It Act and its Possible Threats

Siddra Shah is a J.D. candidate, 2021 at NYU School of Law.

On March 5^th, 2020, Senators Lindsey Graham (R-SC), Richard Blumenthal (D-CT), Josh Hawley (R-MO), and Dianne Feinsten (D-CA) introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act). The purpose of the bipartisan legislation is to “encourage the tech industry to take online child sexual exploitation seriously.” Websites would have to earn the liability protection provided by Section 230 of the Communications  Decency Act (“the CDA”) by certifying they are actively fighting child exploitation on their platforms.

Section 230 Background

Section 230 of the CDA provides websites with immunity from lawsuits, by stating that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” It has proved to be important protection for websites that host user-generated content (like social media platforms), by providing legal protection if a user were to post illegal material. Proponents believe Section 230 protects free speech and allows websites to self-police their platforms, while critics claim it absolves websites that host dangerous material, like hate speech, from accountability, and may even facilitate censorship.

Section 230 has remained largely untouched since its adoption in 1996, but there are “exceptions for copyright violations, sex work-related material, and violations of federal criminal law.” One recent exception was 2018’s Fight Online Sex Trafficking Act (“FOSTA”) and Stop Enabling Sex Traffickers Act (“SESTA”), that received its own share of criticism.

How the EARN IT Act Works

            If adopted, the EARN IT Act would essentially act as another exception to Section 230, by forcing websites to “earn” protection “for violations of laws related to child sexual abuse material.” The bill calls for establishing a National Commission on Online Child Sexual Exploitation Prevention, whose members include agency heads and congressionally appointed officials from “law enforcement, survivors and victims’ services organizations, constitutional law experts, technical experts, and industry,” and are tasked with creating “best practices related to identifying and reporting online child sexual exploitation.” The best practices are reviewed by Congress. Companies that certify compliance with the best practices or “other reasonable practices” maintain Section 230 immunity, and companies that do not are open to civil recourse.

Reactions to the EARN IT Act

The EARN It Act received criticism from various groups.

• The Electronic Frontier Foundation (EFF) cautioned that it could be used to “drastically undermine encryption” by giving officials the room to include breaking encryption in its best practices. In an open letter to Congress, the EFF also stated that the EARN It Act violates the First Amendment by regulating protected “editorial activity.” The group also warned of Fourth Amendment violations, stating that it turns “online platforms into government actors that search users’ accounts without a warrant based on probable cause.”
• The American Civil Liberties Union (ACLU) and Americans for Prosperity (AFP) announced joint opposition to the EARN It Act because of its threat to the security of encryption and encrypted communications. In a later letter to Congress, the ACLU reiterated that concern, stating that threatening encrypted communications will lead to censorship. The group also compared the EARN It Act to the FOSTA-SESTA bills, raising the concern that FOSTA-SESTA ended up hurting the group it was intended to protect, and that the EARN It Act is likely to do the same. Finally, the ACLU stated that “the EARN It Act counterproductively risks harming law enforcement’s ability to bring child predators to justice. Currently, online platforms are required to report [child sexual abuse material] . . . when they become aware of the material on their platforms but they are not required to go looking for it . . . . The government cannot circumvent the requirements of the Fourth Amendment by deputizing others to conduct searches on its behalf.”
• The Electronic Privacy Information Center (EPIC) wrote in a statement that it supports efforts to reform Section 230, particularly to “encourage reasonable content moderation,” but also cautioned against best practices that may “diminish user privacy and security,” and recommended that end-to-end encryption be made a “Relevant Consideration” in developing best practices.
• Many online publications and tech reporters have emphasized the EARN It Act’s threat to encryption, citing Attorney General William Barr’s desire to break into suspects’ encrypted devices and communications as proof of the Act’s dubious motives. They caution that this Act provides the backdoor into phones and apps that some law enforcement agencies and lawmakers have been demanding from the industry.
• The Information Technology Industry Council, that represents companies including Apple, Amazon, and Google, stated that the Act could “erode both security and trust by potentially forbidding the use of end-to-end encryption in order to comply with the law.”

In response to some of the concerns of the security of encrypted devices, Senator Blumenthal stated “End-to-end encryption must be able to exist with robust law enforcement and I’m not going to support anything that does not protect the integrity of encryption for users, I can promise you that.” As the bill moves forward, only time will tell how true that statement will be.