Senate's New EARN IT Bill Will Make Child Exploitation Problem Worse, Not Better, And Still Attacks Encryption
from the it's-a-bad-bill dept
You may recall the terrible and dangerous EARN IT Act from two years ago, which was a push by Senators Richard Blumenthal and Lindsey Graham to chip away more at Section 230 and to blame tech companies for child sexual abuse material (CSAM). When it was initially introduced, many people noticed that it would undermine both encryption and Section 230 in a single bill. While the supporters of the bill insisted that it wouldn't undermine encryption, the nature of the bill clearly set things up so that you either needed to encrypt everything or to spy on everything. Eventually, the Senators were persuaded to adopt an amendment from Senator Patrick Leahy to more explicitly attempt to exempt encryption from the bill, but it was done in a pretty weak manner. That said, the bill still died.
But, as with 2020, 2022 is an election year, and in an election year some politicians just really want to get their name in headlines about how they're "protecting the children," and Senator Richard Blumenthal loves the fake "protecting the children" limelight more than most other Senators. And thus he has reintroduced the EARN IT Act, claiming (falsely) that it will somehow "hold tech companies responsible for their complicity in sexual abuse and exploitation of children." This is false. It will actually make it more difficult to stop child sexual abuse, but we'll get there. You can read the bill text here, and note that it is nearly identical to the version that came out of the 2020 markup process with the Leahy Amendment, with a few very minor tweaks. The bill has a lot of big name Senators as co-sponsors, and that's from both parties, suggesting that this bill has a very real chance of becoming law. And that would be dangerous.
If you want to know just how bad the bill is, I found out about the re-introduction of the bill -- before it was announced anywhere else -- via a press release sent to me by NCOSE, formerly "morality in media," the busybody organization of prudes who believe that all pornography should be banned. NCOSE was also a driving force behind FOSTA -- the dangerous law with many similarities to EARN IT that (as we predicted) did nothing to stop sex trafficking, and plenty of things to increase the problem of sex trafficking, while putting women in danger and making it more difficult for the police to actually stop trafficking.
Amusingly (?!?) NCOSE's press release tells me both that without EARN IT tech platforms "have no incentive to prevent" CSAM, and that in 2019 tech platforms reported 70 million CSAM images to NCMEC. They use the former to insist that the law is needed, and the latter to suggest that the problem is obviously out of control -- apparently missing the fact that the latter actually shows how the platforms are doing everything they can to stop CSAM on their platforms (and others!) by following existing laws and reporting it to NCMEC where it can be put into a hash database and shared and blocked elsewhere.
But facts are not what's important here. Emotions, headlines, and votes in November are.
Speaking of the lack of facts necessary, with the bill, they also have a "myth v. fact" sheet which is just chock full of misleading and simply incorrect nonsense. I'll break that down in a separate post, but just as one key example, the document really leans heavily on the fact that Amazon sends a lot fewer reports of CSAM to NCMEC than Facebook does. But, if you think for more than 3 seconds about it (and aren't just grandstanding for headlines) you might notice that Facebook is a social media site and Amazon is not. It's comparing two totally different types of services.
However, for this post I want to focus on the key problems of EARN IT. In the very original version of EARN IT, the bill created a committee to study if exempting CSAM from Section 230 would help stop CSAM. Then it shifted to the same form it's in now where the committee still exists, but they skip the part where the committee has to determine if chipping away at 230 will help, and just includes that as a key part of the bill. The 230 part mimics FOSTA (again which has completely failed to do what it claimed and has made the actual problems worse), in that it adds a new exemption to Section 230 that exempts any CSAM from Section 230.
EARN IT will make the CSAM problem much, much worse.
At least in the FOSTA case, supporters could (incorrectly and misleadingly, as it turned out) point to Backpage as an example of a site that had been sued for trafficking and used Section 230 to block the lawsuit. But here... there's nothing. There really aren't* examples of websites using Section 230 to try to block claims of child sexual abuse material*. So it's not even clear what problem these Senators think they're solving (unless the problem is "not enough headlines during an election year about how I'm protecting the children.")
* Update: After publishing this story, a lawyer pointed out a couple of examples of cases, so I'll qualify the original statement to say there really aren't any credible examples of cases where Section 230 blocked legitimate complaints. The main example the lawyer sent over was a case we had written about just a week earlier regarding a clear nuisance lawsuit against Omegle, in which someone was trying to sue the company because creepy people used the site. This is actually a perfect example of why Section 230 is so important, because it kills such nuisance suits quickly. Without it, the range of internet services would be greatly diminished. Another case involves a recent one against Twitter, which again actually demonstrates the importance and benefits of Section 230, in that people are trying to hold Twitter responsible for the actions of users, rather than going after the actual perpetrators.
The best they can say is that companies need the threat of law to report and takedown CSAM. Except, again, pretty much every major website that hosts user content already does this. This is why groups like NCOSE can trumpet "70 million CSAM images" being reported to NCMEC. Because all of the major internet companies actually do what they're supposed to do.
And here's where we get into one of the many reasons this bill is so dangerous. It totally misunderstands how Section 230 works, and in doing so (as with FOSTA) it is likely to make the very real problem of CSAM worse, not better. Section 230 gives companies the flexibility to try different approaches to dealing with various content moderation challenges. It allows for greater and greater experimentation and adjustments as they learn what works -- without fear of liability for any "failure." Removing Section 230 protections does the opposite. It says if you do anything, you may face crippling legal liability. This actually makes companies less willing to do anything that involves trying to seek out, take down, and report CSAM because of the greatly increased liability that comes with admitting that there is CSAM on your platform to search for and deal with.
EARN IT gets the problem exactly backwards. It disincentivizes action by companies, because the vast majority of actions will actually increase rather than decrease liability. As Eric Goldman wrote two years ago, this version of EARN IT doesn't penalize companies for CSAM, it penalizes them for (1) not magically making all CSAM disappear, for (2) knowing too much about CSAM (i.e., telling them to stop looking for it and taking it down) or (3) not exiting the industry altogether (as we saw a bunch of dating sites do post FOSTA).
EARN IT is based on the extremely faulty assumption that internet companies don't care about CSAM and need more incentive to do so, rather than the real problem, which is that CSAM has always been a huge problem and stopping it requires actual law enforcement work focused on the producers of that content. But by threatening internet websites with massive liability if they make a mistake, it actually makes law enforcement's job harder, because they will be less able to actually work with law enforcement. This is not theoretical. We already saw exactly this problem with FOSTA, in which multiple law enforcement agencies have said that FOSTA made their job harder because they can no longer find the information they need to stop sex traffickers. EARN IT creates the exact same problem for CSAM.
So the end result is that by misunderstanding Section 230, by misunderstanding internet company's existing willingness to fight CSAM, EARN IT will undoubtedly make the CSAM problem worse by making it more difficult for companies to track CSAM down and report it, and more difficult for law enforcement to track down an arrest those actually responsible for it. It's a very, very bad and dangerous bill -- and that's before we even get to the issue of encryption!
EARN IT is still very dangerous for encryption
EARN IT supporters claim they "fixed" the threat to encryption in the original bill by using text similar to Senator Leahy's amendment to say that using encryption cannot "serve as an independent basis for liability." But, the language still puts encryption very much at risk. As we've seen, the law enforcement/political class is very quick to want to (falsely) blame encryption for CSAM. And by saying that encryption cannot serve as "an independent basis" for liability, that still leaves open the door to using it as one piece of evidence in a case under EARN IT.
Indeed, one of the changes to the bill from the one in 2020 is that immediately after saying encryption can't be an independent basis for liability it adds a new section that wasn't there before that effectively walks back the encryption-protecting stuff. The new section says: "Nothing in [the part that says encryption isn't a basis for liability] shall be construed to prohibit a court from considering evidence of actions or circumstances described in that subparagraph if the evidence is otherwise admissable." In other words, as long as anyone bringing a case under EARN IT can point to something that is not related to encryption, it can point to the use of encryption as additional evidence of liability for CSAM on the platform.
Again, the end result is drastically increasing liability for the use of encryption. While no one will be able to use the encryption alone as evidence, as long as they point to one other thing -- such as a failure to find a single piece of CSAM -- then they can bring the encryption evidence back in and suggest (incorrectly) some sort of pattern or willful blindness.
And this doesn't even touch on what will come out of the "committee" and its best practices recommendations, which very well might include an attack on end-to-end encryption.
The end result is that (1) EARN IT is attacking a problem that doesn't exist (the use Section 230 to avoid responsibility for CSAM) (2) EARN IT will make the actual problem of CSAM worse by making it much more risky for internet companies to fight CSAM and (3) EARN IT puts encryption at risk by potentially increasing the liability risk of any company that offers encryption.
It's a bad and dangerous bill and the many, many Senators supporting it for kicks and headlines should be ashamed of themselves.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: csam, earn it, encryption, fosta, lindsey graham, richard blumenthal, section 230
Reader Comments
Subscribe: RSS
View by: Time | Thread
This is getting really annoying
[ link to this | view in chronology ]
I am just tired (of Blumenthal’s “Think of the Children” S
I’m so sick of trying to help protect the internet from dying by a thousand cuts constantly. It’s been emotionally draining and negative on my mental state. And it’s because of these seemingly endless waves of moral panicking, generated by people like Blumenthal.
I think Blumenthal is more punchable than Manchin and Sinema, combined. Because of one thing: Blumenthal is wholeheartedly fake. He has the potential to be better than this, but he never does. He surrounds himself with fake moralizing campaigns and bad faith laws that do more harm than good to make it seem like he’s a paragon. It’s all about presentation, all ego, no substance.
I’m well aware that a lot of politicians are about perception, but Blumenthal takes it a whole, illogical new level. He wants to make it seem like he’s a paragon, but doesn’t think of the consequences. If he actually wanted to make things better, he shouldn’t have revived the Earn It act. Hell, he shouldn’t have been plastering his name on the bill in the first place.
If he’s supposed to be a Democrat, then he doesn’t represent me.
[ link to this | view in chronology ]
Re: I am just tired (of Blumenthal’s “Think of the Children�
Richard Blumenthal is the direct ideological descendant of Joseph Lieberman. He represents the same state and the same party (until Joe LIeberman lost a primary to current governor of Connecticut Ned Lamont). They're both sanctimonious blowhards who like to monger fear on the latest moral panic (for Lieberman, Violent Video Games; for Blumenthal, the Internet) when their proposed solutions make everything worse instead of better.
[ link to this | view in chronology ]
Nope, less than a second
[ link to this | view in chronology ]
Re: Nope, less than a second
Then you need more Nope.
[ link to this | view in chronology ]
If I were a Senator, I would rather not be remembered for doing this.
Of course, we all know how it'll play out: the law passes, CSAM gets worse, politicians rise up to say we need an even stronger law to stop the rising tide....
[ link to this | view in chronology ]
Re:
It currently has nineteen cosponsors after being announced yesterday. I don't see how it fails to become law.
[ link to this | view in chronology ]
Re: Re:
It’s 2018 all over again
[ link to this | view in chronology ]
Re: Re: Re:
How many cosponsors did the 2020 bill have?
[ link to this | view in chronology ]
Re: Re: Re: Re:
16 so it picked up 3 more.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Yes, here's the list.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
How likely is the bill to pass before the midterms?
[ link to this | view in chronology ]
Re: Re:
What is the likelihood of the bill passing the Senate within the next two months? Is the bill going to be a priority to pass? there talk the new Supreme Court Justice situation will stall everything.
[ link to this | view in chronology ]
Re: Re: Re:
It's been scheduled for markup THIS Thursday. A House companion bill is inbound.
It's as Riana Pefferkon noted in her article talking about the House EARN IT bill from Autumn 2020:
"Once the 117th Congress begins early next year, there will be a bipartisan, bicameral full-court press to push EARN IT through."
This is that push.
[ link to this | view in chronology ]
Re: Re: Re: Re:
When could we see the bill voted on?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
It has to go through the legislative process. If they’re lucky, there might be a chance of this being rush through. Thankfully the votes around Biden’s nominees would slow down the bill, but I don’t know for how long. Fingers crossed.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Hope is not a strategy, unfortunately. As SOPA/PIPA has shown, we must rise up!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Problem is the net is more divided now than back when sopa was opposed plus most people still lose the ability to critically think once the claim "do you support pedophiles?" is spoken.
[ link to this | view in chronology ]
Re:
As post-FOSTA showed you left out a step:
'Completely and utterly ignore the law you passed and pretend that it couldn't possibly have anything to do with the sudden proliferation of [Content you claimed was vital to be stopped]'
[ link to this | view in chronology ]
for the fun
https://en.wikipedia.org/wiki/Scunthorpe_problem
[ link to this | view in chronology ]
Is the bill more or less likely to pass this time?
[ link to this | view in chronology ]
Re:
The Earn It Act already has 19 co-sponsors in the senate: 10 Republicans, 9 Democrats. This might make it easier for the bill to pass in the near future. This will take a lot of strength to overcome this monster this time around. It’s going to be an uphill battle, but remember SOPA had 12 co-sponsors and it failed.
[ link to this | view in chronology ]
Re: Re: Just too much.
I find having to worry about all of this shit to be too draining on my soul. With the number of co-sponsors maliciously lying about their encryption killing Bill, I think the odds are way out of our favor this time around to even bother.
[ link to this | view in chronology ]
Re: Re: Re: Just too much.
Do you think the bill will pass?
[ link to this | view in chronology ]
If you're going to lose make them work for it
As I(and I'm sure others) have noted multiple times in the past, fight back and you might lose, give up and you ensure it.
The odds may be stacked against the public and it may very well result in this legal abomination passing but to make a call-back to recent articles SOPA was basically a done-deal and that got killed off by a sufficiently large pushback, so even sure things can be shot down if enough people make clear that they're not happy.
Even if it does make it through there's still value in making your opposition heard as it makes it ever so slightly harder for them to lie about how the current law is super popular so clearly people wouldn't have any problems with 'just a few' teeny-tiny additions/expansions.
[ link to this | view in chronology ]
Re: If you're going to lose make them work for it
Well said.
[ link to this | view in chronology ]
Re:
Much, much, much more likely.
[ link to this | view in chronology ]
Re: Re:
When could the bill pass the Senate? within 2 to 3 months? there is talk the new Supreme Court Justice situation will stall everything in congress.
[ link to this | view in chronology ]
Re: Re: Re:
I'm guessing this month or march. The bill was re-introduced yesterday, already set for markup this Thursday. This feels like an attempt to fast track it this month. Additionally the current makeup of Congress favors those who want earn it passed.
Back in 2020 it was mostly Senate republicans and democrats who are basically republicans (just like now, check the sponsors) pushing earn it with Ron Wyden using the filibuster to stop their efforts.
The house dems didn't want to give Trump a win and needed to appear as pro-privacy/free speech for the 2020 election. Now the dems have the presidency, both chambers of Congress and if you've noticed have spent a few years repeatedly demanding social media censorship and desperately want to give biden victories. biden isn't like obama who opposed sopa/pipa to appeal to younger voters.
This is similar to how FOSTA passed with the group who made it happen last time back again. Far as I'm aware Wyden hasn't spoken about new earn it yet but even if he does oppose it, it's very possible there will be enough Senate democrats to join the republicans in passing it beating a filibuster.
Then pelosi's band of house idiots pass it and we have to choose between breaking the law because they can't stop us from using encryption or being obedient sheep to a group who consider themselves above laws.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Seem unlikely it will pass the Senate this month or march seeing they are busy with Supreme Court Justice situation so its likely not to be a priority right now.
Do want to point out alot of bills have there markup right after the bill come out but then take forever to go to vote and even if its pass it can take a long time to go to the House and even longer if there a House version .
Why do you think it will pass this month or march seeing it will be hard to fast track it right now.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Maybe but I view it this way; if you haven't already start learning about encryption now, invest in a foreign VPN, find a foreign message board to enjoy because I doubt any of your optimism will succeed this time.
Both sides want some form of censorship, they don't care about the 1st or 4th amendment, only their personal power over all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Thing is it look like the bill it pass with a month or two but will take way longer.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
*Thing is it look like the bill will not pass within a month or two but will take much longer.
[ link to this | view in chronology ]
Re: Re:
The likelihood just makes me wonder why should I even bother. I sent messages to my Senators to oppose this outright murder of the internet, but I think I'm just pissing in the wind at this point.
[ link to this | view in chronology ]
The Devil works hard, but Mike Masnick works harder - thanks for getting this response out so fast
[ link to this | view in chronology ]
Another thing this opens up is that there are several state laws (Illinois, South Carolina, Florida) that say that failing to inspect communications on their services for CSAM is grounds for liability which strongly encourages companies to search.
So one possible way to avoid liability? Either not look for it or report fewer CSAM to avoid triggering liability.
Then of course this brings in the fact that because these state laws butt up against the 4th Amendment by strongly implying they search or face liability, it means that should someone be prosecuted under these state laws they will have a credible argument that the evidence seized was in violation of the 4th Amendment due to the Supreme Court case of "United States vs Henderson" and thus would require all evidence obtained by the fruits of an illegal search without a warrant to be suppressed thus allowing them to potentially go free.
So on many levels this bill would make the problem of fighting CSAM even worse because if the evidence just ends up getting suppressed what point is there to look?
[ link to this | view in chronology ]
The evidence won't be suppressed.
The Fourth Amendment rarely protects against anything involving digital technology, especially because of the accursed Third Party Doctrine.
In addition, this bill concerns liability to lawsuits. The Fourth Amendment applies to criminal cases, not civil cases.
[ link to this | view in chronology ]
Re Re: The evidence would be suppressed.
Actually it would.
The bill opens up companies to both civil and criminal liability. Also in the case of where these various state laws would apply such as Illinois and South Carolina, as it was established in Supreme Court precedent in "United States vs Stevenson", if a statute or regulation would so strongly encourage a company to search that the search is not primarily the result of a private initiative then the 4th Amendment applies to that search and would transform the company into an agent of the state for 4A purposes because it was done without a warrant.
And that's what the bill would open up under these state laws and whatever practices the commission might recomend. Any mandate to search be it direct or indirect risks any evidence obtained being suppressed because the search was done not by the company's own initiative but motivated by the fact that if they didn't they would be held liable.
[ link to this | view in chronology ]
It's still about shit on some server somewhere, and not about LEOs actually, you know, investigating anything or finding the actual abusers. Of course there is always going to be more material somewhere, if you don't stop the perpetrators.
[ link to this | view in chronology ]
I looked through the list of supporting Senators and thought, well, that explains it. A shit list who's who.
[ link to this | view in chronology ]
Wrong
First of all Loeffner of Georgia and Jones of Alabama are no longer in the senate. Second from what I heard another internet antitrust bill is going up for markup this Thursday. Third Ron Wyden opposes this EARN IT and he is the Finance Chairman which will make it hard for Senators to vote for it when the chairman controls the finance purse and is pro internet freedom accept for the TPP and even there he protected section 230. It may be difficult with a 50/50 senate. Do not be fooled. It may not go through until the GOP becomes the majority in the house and senate in 2022.
[ link to this | view in chronology ]
Re: Wrong
This sounds very nonsensical.
What influence did kelly loeffler have on earn it? I don't see her name attached to it at all. doug jones being gone doesn't mean there wouldn't be another democrat that supports it. blumenthal, graham and all the previous co-sponsors are the ones pushing it again.
Another anti-trust bill being marked up doesn't change the status of earn it's passage chances unless it opposes earn it.
What does Wyden's status and power as the finance chairman have to do with being able to stop the EARN IT act?
[ link to this | view in chronology ]
Do not be fooled? You're too optimistic.
The pushes against Section 230 and EARN IT are bipartisan. It doesn't matter which party has a majority. Ron Wyden is an outlier on issues of privacy and internet freedom. He's not representative of the Democrats.
[ link to this | view in chronology ]
Re: Do not be fooled? You're too optimistic.
Previous commenter here. I meant "pushes against Section 230 and encryption".
[ link to this | view in chronology ]
"EARN IT is based on the extremely faulty assumption that internet companies don't care about CSAM and need more incentive to do so, rather than the real problem, which is that CSAM has always been a huge problem and stopping it requires actual law enforcement work focused on the producers of that content."
The problem is that child porn production is not a problem Congress can solve. This is because the production of CP is a local act that violates only local laws. Congress only jurisdictional hook for doing anything about CP is that they can regulate interstate commerce. (Let's forget about the fact that trade in CP meets no common-sense definition of commerce.) So going after CP producers would, in effect, mean that Congress was spending money and someone else--a local politician or a local LEO--would get all the credit. That's violates the first rule of national political grandstanding which is to keep the focus on the Congressman.
[ link to this | view in chronology ]
'Just brush this under the rug and problem solved!'
If they want attention I say give it to them, just make it honest.
Any time they bring up how they're Doing Something with this correctly point out how this is basically FOSTA 2.0 and how that made it harder to find and prosecute the victims and perpetrators respectively of sex trafficking, leaving them worse off than before, and as such any politician in favor of this bill is actually working overtime on the side of those creating and sharing CSAM rather than against them.
Politicians love them some simplistic 'think of the children' to shut thought and opposition down so the solution is simple: use it against them. Any politician who supports and signs on to this bill should be treated as someone in favor of CSAM and against the children. Do not pass GO, do not let them spin this as them protecting children, support for this bill is support for CSAM.
[ link to this | view in chronology ]
Well, looks like we found 19 senators who don't want their CSAM habit exposed. I bet a look at their internet habits would be very interesting...
[ link to this | view in chronology ]
Re:
Normally I might call and excessive but when you're talking about a bill that stands to greatly help the purveyors and creators of CSAM that seems like a reasonable opinion to hold until proven otherwise.
[ link to this | view in chronology ]