The Republican-controlled U.S. Senate Judiciary Committee on Wednesday held a hearing for a bipartisan bill that sponsors claim is an effort to force technology companies to combat online child sexual exploitation but critics warn is actually "a sneak attack on encryption."
"This is one of the most misguided pieces of internet legislation we've seen in a decade."
--Evan Green, Fight for the Future
Since Sens. Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.) unveiled the long-rumored Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act (S. 3398) last week, digital rights advocates worldwide have come out forcefully against it.
Encryption is a process of protecting digital information by making plain language unreadable without a key; it is used to safeguard data that is both stored on devices and in transit. For example, communications applications often use end-to-end encryption (E2EE) to ensure that only an intended recipient can read a message.
"Encryption protects our airports, power plants, and the water treatment facilities that our children drink from," Evan Greer, deputy director of Fight for the Future, explained last week. "This bill sets the stage for backdoors in encryption that put everyone in danger. And it potentially opens the floodgates for widespread internet censorship in the process."
"The EARN IT Act will make children less safe, not more safe," said Greer, whose group has collected over 14,000 of signatures of people opposed to the bill. "This is one of the most misguided pieces of internet legislation we've seen in a decade. We're not going to let this happen."
Exiled American whistleblower Edward Snowden, who exposed mass surveillance by the National Security Agency, denounced the EARN IT Act in a tweet Wednesday and shared a blog post about the bill by Electronic Frontier Foundation (EFF) activism director Elliot Harmon.
"The government is attempting to exploit anger at tech companies to pass a law that intentionally undermines digital security and censors speech," Snowden warned. "That such a law is even being considered by Congress is a national disgrace."
Privacy advocates like Snowden--along with representatives from the technology industry--have long objected to government efforts in the United States and elsewhere to undermine encryption through moves like requiring "backdoors" for law enforcement officials to access private messages and other encrypted data.
The Graham-Blumenthal bill focuses on Section 230 of the Communications Decency Act of 1996, which says that "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Effectively, it generally gives tech companies immunity from legal liability for how people use their platforms.
"Under EARN IT, those companies wouldn't automatically have a liability exemption for activity and content related to child sexual exploitation," WIREDreported. "Instead, companies would have to 'earn' the protection by showing that they are following recommendations for combating child sexual exploitation laid out by a 16-person commission."
The proposed National Commission on Online Child Exploitation Prevention would be composed of congressionally appointed experts in internet crimes against children, prosecuting such crimes, providing victims' services, computer science or software, and child safety at interactive computer services. It would also include the attorney general, the secretary of Homeland Security, and the chair of the Federal Trade Commission--or representatives for those officials.
"Once the commission completed its recommendations, the attorney general, the secretary of Homeland Security, and the chair of the Federal Trade Commission would approve or veto the best practices," EFF's Harmon explained. "If they all agreed, then Congress would have an extremely short timeline to debate the best practices and write them into law without amendments."
Depending on the rules put forth by the commission, WIRED noted, "companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether."
That potential threat to encryption is at the center of privacy advocates' criticism of the bill, which is co-sponsored by Sens. Josh Hawley (R-Mo.), Dianne Feinstein (D-Calif.), Kevin Cramer (R-N.D.), Doug Jones (D-Ala.), Joni Ernst (R-Iowa), Bob Casey (D-Penn.), Sheldon Whitehouse (D-R.I.), and Dick Durbin (D-Ill.).
"The EARN It Act threatens the safety of activists, domestic violence victims, and millions of others who rely on strong encryption every day," ACLU senior legislative counsel Kate Ruane declared in a statement last week. "Because of the safety and security encryption provides, Congress has repeatedly rejected legislation that would create an encryption backdoor."
"This bill is not the solution to the real and serious harms it claims to address."
--Kate Ruane, ACLU
"This legislation would empower an unelected commission to effectively mandate what Congress has time and again decided against, while also jeopardizing free expression on the internet in the process," Ruane said. "This bill is not the solution to the real and serious harms it claims to address."
In a statement Wednesday, Gaurav Laroia, senior policy counsel at the group Free Press Action, said that "online child sexual-abuse material, as the bill labels it, is a heinous problem. It's understandable that the co-sponsors of this bill want to address it. But the legislation's construct could upset the entire internet ecosystem to combat activities that are already clearly unlawful."
Laroia also expressed particular concern over the fact that the legislation would take effect under President Donald Trump and be implemented by his appointees. As he put it: "The legislation sets up the U.S. government as the arbiter of all communications and conversations that happen on the internet--a terrible idea in any instance, and a truly terrifying one when the person driving this effort and seeking this power is none other than Donald Trump's attorney general, Bill Barr."
Noting reports that Barr's Department of Justice "could float proposed best practices very soon--undermining the commission and the processes the bill lays out for lengthy bureaucratic and congressional consideration of this scheme before it even begins," Laroia added that "the particularly frightening part is the collateral damage caused by ceding so much authority to this government or any government. For example, handing over this kind of power to an administration and attorney general with such an abysmal record on LGBTQIA+ rights could seriously impact the availability of lifesaving information."
Harmon argued in his EFF blog post Tuesday that the EARN IT Act would "censor innocent people" and "undermine our security" while failing to provide "meaningful solutions" to the "very serious issue of child exploitation online." He wrote:
The EARN IT Act doesn't just undermine Section 230; it also violates the First Amendment rights of both platforms and their users. As EFF explained in a letter to Congress, the EARN IT Act seeks to regulate how platforms manage online speech, yet internet platforms' editorial activities are protected from government interference by the First Amendment. Additionally, to pass constitutional scrutiny, a law that regulates the content of speech must be as narrowly tailored as possible to avoid chilling legitimate speech. But the EARN IT Act isn't narrowly tailored at all: as we explain in our letter, it would inevitably lead platforms to become more restrictive in the types of speech they allow, particularly in their approach to sexual speech, silencing innocent users in the process.
The Graham-Blumenthal bill, Harmon added, wouldn't be the first internet legislation Congress has passed in the Trump era that could result in "disastrous consequences." In 2018, Trump signed into law a bill package known as SESTA/FOSTA, which amended Section 230 in a purported effort to prevent sex trafficking, despite warnings that doing so would endanger sex workers.
On the International Day to End Violence Against Sex Workers in December 2019, a small group of Democrats in both chambers of Congress introduced legislation that would commission a federal investigation into how, in the words of co-sponsor Rep. Barbara Lee (D-Calif.), "SESTA/FOSTA has demonized and harmed sex workers," including by making it harder for them "to access critical health and safety resources."