New EARN IT Act Creates An Insane New Dilemma: Either Encrypt All Or Spy On All
from the this-seems-counterproductive dept
Last week, as predicted, the Senate Judiciary Committee voted unanimously to replace the original EARN IT Act, with a new one. As part of the markup, they also voted to approve Senator Patrick Leahy's amendment which some might read to say that EARN IT cannot be used to block encryption -- but the reality is a lot more complicated. As I'll explain, this new bill is terrible in a different way than the old bill: it will create a new dilemma in which internet services will either feel compelled to encrypt everything or in which the only way you'll be able to use any internet service is if you hand over a ton of personal information to the service provider -- potentially putting your privacy at extreme risk.
First lets acknowledge an oddity about this new bill. Both bills involve the creation of a commission to come up with "best practices" in trying to stop "child sexual abuse material" or CSAM (the concept formerly known as child porn). In the old bill, if sites didn't follow the commission's best practices, they could lose their Section 230 protections. This resulted in fears that the commission would outlaw encryption as a "best practice." The new bill retains the commission, but for no recognizable purpose. Instead, it does away with the pretense and just says that a bunch of sites should lose Section 230 protections no matter what. It seems quite odd to first say "we need a commission to determine best practices" and then on a second pass say that before the commission has done anything we're just going to make massive changes to Section 230 based on... nothing at all. No evidence saying that this would create better outcomes. No evidence that Section 230 is a problem with regards to CSAM. Just... nothing.
Specifically, the new bill makes a change to Section 230 that looks similar to the change that was made with FOSTA, saying that you don't get 230 protections if you advertise, promote, present, distribute, or solicit CSAM. But here's the thing: CSAM is already a federal crime and all federal crimes are already exempted from Section 230. On top of that, it's not as if there are a bunch of cases anyone can trot out as examples of Section 230 getting in the way of CSAM prosecutions. There's literally no evidence that this is needed or will help -- because it won't.
As we've detailed before, the real scandal in all of this is not that internet companies are facilitating CSAM, but that the DOJ has literally ignored its Congressional mandate to go after those engaged in CSAM production and distribution. Congress tasked the DOJ with tackling CSAM and the DOJ has just not done it. The DOJ was required to compile data and set goals to eliminate CSAM... and has just not done it. That's why it's bizarre that EARN IT is getting all of the attention rather than an alternative bill from Senators Wyden, Gillibrand, Casey and Brown that would tell the DOJ to actually get serious about doing its job with regards to CSAM, rather than blaming everyone else.
But digging into the details, the real problem here is that, as structured, the new EARN IT Act would be a disaster in trying to achieve the goals the sponsors have set out for it. First off, thanks to the addition of Senator Leahy's Amendment, some may see the bill as one that effectively requires encryption to avoid liability for CSAM. Even that's not totally clear, however. While you can read Leahy's amendment to say that encryption is protected, the actual structure of the final bill punts many issues to state law, and that means having to comply with 50 different state laws. Some, like Illinois, have lower standards for the mens rea regarding CSAM, and the worry is that we won't know whether or not offering end-to-end encryption would be seen as violating state laws until long and costly cases go through their lengthy process.
Either way, this weird CSAM carveout from Section 230 is somewhat equivalent to the moderator's dilemma that other attempts to change Section 230 create. Because most of those other reforms put in place a "knowledge" standard, it gives many sites a reason to never look at the content on their platform. In this case, due to the explicit call out saying that encryption isn't impacted, that would effectively say that if you want to keep 230 protections, you should encrypt absolutely everything. Which, ironically, is the exact opposite of what Attorney General Bill Barr has been asking for.
But, as with the moderator's dilemma, there's also a flipside (if you don't want to ignore everything, then you have to greatly restrict what you allow through). Under the new EARN IT, the flipside is that the government more or less says that you are now responsible for being able to track and identify anyone on your service who is not using encryption -- meaning you would need to carefully verify every user of your platform. No more simple signups. No more anonymity. And, incredibly, this would mean that sites would need to collect a ton of data on every user. Want to use this new service? First submit your phone number, driver's license, etc.
At a time when people are saying they trust big internet companies less and less with their data, why would Senators Graham, Blumenthal, Feinstein, and Hawley (HAWLEY!?!?) be encouraging websites to collect even more (and more intrusive) data on all their users?
Since this is somewhat different than the traditional moderator's dilemma, it might be called the "censor's dilemma" or possibly the "middleman's dilemma," in that this is even more tied to the government's demand that websites block certain content entirely, which puts them in the role of a government middleman or censor (which, not coincidentally, would raise serious constitutional issues with the EARN IT Act turning private entities into state censors).
Either way it is difficult to see how these two outcomes are what Congress (or, for that matter, the DOJ) actually wants:
- Much greater encouragement for websites to encrypt everything
- Much greater encouragement for websites to demand much more personal and private information on users.
In short: the EARN IT Act is bad. At best it might encourage more encryption, but it would also create a whole host of unintended consequences, including much less privacy and no more anonymity on many websites. It's difficult to see how that accomplishes any of the goals of the bill's supporters.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: censor's dilemma, data, dilemma, earn it, earn it act, encryption, lindsey graham, middleman's dilemma, moderator's dilemma, patrick leahy, privacy, richard blumenthal, verification
Reader Comments
Subscribe: RSS
View by: Time | Thread
Conspiracy Theory Time
They aren't going after the people engaging in this because too often, the ones in power are already known to engage in this and they don't want to rock the boat. They already are blackmailing a select few in power to do their bidding and if they went ahead and stopped those who engage in CSAM, they would destroy their own gravy train.
[ link to this | view in chronology ]
Why do I think that CSAM is being used as an excuse to gain the tools to control the population, by enabling online tracking of every bodies Internet us.
[ link to this | view in chronology ]
Politicians love to say “think of the children”. It helps them hide how they use that cover to fuck up the civil liberties of the average citizen.
[ link to this | view in chronology ]
Re: "Think of the CHILDREN!"
Call me a cynic but whenever I hear a politician or priest screaming
"Think of the children!" I tend to look for a predatory gleam in their
eyes or a telltale bulge in their pants..
Too often the ones decrying an the foulness of an act the loudest
are those indulging in the same activities..
[ link to this | view in chronology ]
Unintended consequences
There comes a point when nominally unintended, but completely predictable, consequences must be considered to be plausibly deniable intended consequences, intended to create problems or provoke backlash, which are in turn intended to create conditions favorable to passing future authoritarian laws. We must be constantly vigilant for the early signs of the long con.
[ link to this | view in chronology ]
The distasteful solution
There remains a solution demonstrated by the internet and the sex-positive community: let pervs be pervs.
We have CGI that makes convincingly real people in convincingly real environments, and that could include convincingly real child porn. (Heck, our law enforcement use CGI girls to entrap would-be child sex abusers.)
Decriminalize the rendered stuff, and no children ever will have to participate in porn again.
Granted there are a tiny group that gets off on the abuse, just as there are a tiny group that gets off on real snuff or real crush or lighting real cats on fire. But that tiny group is much smaller than the number of people consuming real porn now. (Even Lolicon and adult discussions of age-play have put a dent in child porn consumption.)
Most of the pervs, by far, don't want to hurt kids (or hamsters or cats). And as much as we want to round up the deviants and perverts and give them the Zyklon-B treatment, ultimately the right way is to find safe, consensual ways for them to get what they need without hurting anyone, and not judge them for their kink when they can manage to enjoy it without causing harm.
OR we can give the Department of Justice even more powers to fill their prisons with warm bodies and drive society even faster to outright blood-splattered revolt.
Now Anonymous Coward can call me crazy if he wants. I'd pull the lever too.
[ link to this | view in chronology ]
Re: The distasteful solution
(Even Lolicon ...
We also need to stop conflating paedophilia, ephebephilia, and "illegal depending on where you are but i like some sort of sexual material which may or may not involve subjects who are technically underage".
They are different things and need to be handled differently, if one actually wants the problems solved to a larger extent.
(Also the cops and feds could, you know, go after shit when it is reported to them.)
[ link to this | view in chronology ]
Conflating different kinks
It still creates the same problem. If we're going after people who fetishize pre-tweens or toddlers we're still prosecuting thought crimes. It only highlights how we prosecute people for who they are rather than what they did.
Society's inability to examine sexual deviance with adult, sober way consideration is problem across the international community, in which US counties don't agree on what kind of cartoons (or literary fiction) are or are not legal, where Australia criminalizes porn of women who look too young, and where search engines won't even show LGBT+ related hits unless its algo decides that was specifically asked for. (Even with all the content filtering allegedly turned off.) We don't get it. We don't even try to get it.
Human society just may not be capable of being adult enough to address actual matters of child welfare, and so when we have bills like SESTA and EARN IT being pushed with protecting children as an excuse, it is an insult to the rest of us. If the federal government actually was interested in the well being of children, they could provide support to low-income families and schools. Until they do that, it's all bullshit.
I've stated it before. Killing porn access in the open web is only going to drive porn seekers to the dark web, and anarchists, lunatics and terrorists are going to be the ones lighting their way (not to mention child-porn peddlers). It's not going to stop porn consumption. It's not going to help or dispel sex workers. It's not going to do anything for kids.
[ link to this | view in chronology ]
This bill seems to be a poison pill either way. Either encrypt and risk a backlash that will definitely ensure even worse bills are introduced (such as Graham's OTHER anti-encryption bill that just seeks to ban encryption outright) or services will now have to gather up more sensitive data.
What's not said though is how these sites not only run the risk of becoming state actors via the 4th Amendment but these sites will turn into honeypots that hackers will be positively SALIVATING at.
It's lose-lose either way.
[ link to this | view in chronology ]
Re:
A non-realistic approach to dissuading nonsense legislation would be to create innumerable bots that act like Government targets without breaking any laws.
[ link to this | view in chronology ]
Innumerable bots
If you are suggesting penetration testing our laws towards producing absurd results, I approve!
[ link to this | view in chronology ]
Like watching children play with a nuke...
Watching them scramble around would almost be funny if the subject wasn't so incredibly important and the potential damage so insanely high. They want to just gut 230 and cripple encryption, but because both of those have public support still they have to come up with convoluted bills to pretend that they aren't doing so, to the point that they end up tripping even themselves.
[ link to this | view in chronology ]
God forgive them, for they know not for what they do..
ISP..? gets all your info?
SITE display and words can not be of any source for Child PROBLEMS??
230..Taking protections away from the Site Creator AND the server management corp?
Anyone hear about the Bad regs/law in the USA causing Corps to MOVE OUT?? The ones about Pollution and cleaning UP the mess's they create.. Who are you going to Sue when They all move Out of the USA to mexico, Cuba, S. America, and Any other place except here?
HOw many more jobs lost? And its NOT even to control pollution. Its for the Children not being in the sex trades, Which is Less Than 0.001%, or the idea of Who is responsible for your Child.. Forget it, just give your kid to the state, and Stop worrying.
[ link to this | view in chronology ]
the whole aim of the government is to get as much info on everyone as possible, so:
Much greater encouragement for websites to demand much more personal and private information on users
and what do you think will happen to all that extra info?
[ link to this | view in chronology ]
Who cares about these stupid kids
Where is all this child porn, I never see any online. Are you congress people looking it up and finding it, seeking it, they need to be arrested. Why punish all of America, we're not into child porn and don't care about ya'lls children stinking asses
[ link to this | view in chronology ]
Re: Who cares about these stupid kids
In the old days the internet was a much more disgusting place. This stuff was in the open on usenet and the web. If you like porn of any kind you would eventually run across it. Just because you don't see it TODAY doesn't mean it's not circulating on old BBSs, darkweb, torrents, open directories, Mega, etc. The problem is, you ban one type of technology, two more pop up and replace it - while making it more and more difficult for law enforcement to catch the bad guys. It takes a tiny mind to write the fine print in our laws.
[ link to this | view in chronology ]