Whatever Problem EARN IT Is Trying To Solve, It Doesn't
from the that-seems-like-a-problem dept
I've already talked about the potential 1st Amendment problems with the EARN IT Act and the potential 4th Amendment problems with it as well. But a recent post by Riana Pfefferkorn at Stanford raises an even bigger issue in all of this: what actual problem is EARN IT trying to solve?
This sounds like a simple question with a potentially simple answer, but the reality, once you start to dig in, suggests that either (1) the backers of EARN IT don't actually know, or (2) if they do know, they know what they actually want is unconstitutional.
Supporters of EARN IT will say, simply, the problem they're trying to solve is the prevalence of child sexual abuse material (CSAM) online. And, that is a real problem (unlike some other moral panics, CSAM is a legitimate, large, and extraordinarily serious problem). But... CSAM is already very, very illegal. So, if you dig in a little further, supporters of EARN IT will say that the problem they're really trying to solve is that... internet companies don't take CSAM seriously enough. But, the law (18 USC 2258A already has pretty strict requirements for websites to report any CSAM they find to NCMEC (the National Center for Missing & Exploited Children) -- and they do. NCMEC reported that it received almost 21.4 million reports of CSAM from websites. Ironically, many supporters of EARN IT point to these numbers as proof that the websites aren't doing enough, while also saying it proves they don't have any incentive to report -- which makes no sense at all.
So... is the problem that those 21.4 million reports didn't result in the DOJ prosecuting enough abusers? If so... isn't the problem somewhere between NCMEC and the DOJ? Because the DOJ can already prosecute for CSAM and Section 230 doesn't get in the way of that (it does not immunize against federal criminal law). And, as Riana noted in her article, this very same Senate Committee just recently heard about how the FBI actually knew about an actual serial child sex abuser named Larry Nasser, and turned a blind eye.
And, if NCMEC is the problem (namely in that it can't process the reports fast enough), then this bill doesn't help at all there either, because the bill doesn't give NCMEC any more funding. And, if the senators are correct that this bill would increase the reports to NCMEC (though it's not clear why that would work), wouldn't that just make it even more difficult for NCMEC to sort through the reports and alert law enforcement?
So... is the problem that companies aren't reporting enough CSAM? If you read the sponsors' myths and facts document, they make this claim -- but, again, the law (with really serious penalties) already requires them to report any CSAM. Taking away Section 230 protections won't change that. Reading between the lines of the "myths and facts" document, they seem to really be saying that the problem is that not every internet service proactively scans every bit of content, but as we've discussed that can't be the problem, because if that is the problem, EARN IT has a massive 4th Amendment problem that will enable actual child sex abusers to suppress evidence!
Basically, if you look step by step through the potential problems that supporters of the bill claim it tries to solve, you immediately realize it doesn't actually solve any of them. And, for nearly all of the potential problems, it seems like there's a much more efficient and effective solution which EARN IT does not do. Riana's post has a handy dandy table walking down each of these paths, but I wanted to make it even clearer, and felt that a table isn't the best way to walk through this. So here is her chart, rewritten (all credit to her brilliant work):
If online services don't report CSAM in violation of 2258A, and the real problem is large-scale, widespread, pervasive noncompliance by numerous providers that knowingly host CSAM without removing or reporting it (NOT just occasional isolated incidents), then there's a very long list of potential remedies:
- Conduct a congressional investigation to determine the extent of the problem
- Hold a hearing to ask DOJ why it has never once brought a 2258A prosecution
- DOJ prosecutes all those providers for illegally hosting CSAM under 2252A as well as violating 2258A’s reporting requirements
- Amend 2258A(e) to increase penalties for noncompliance
- Amend Dodd-Frank to include 2258A compliance in corporate disclosure requirements (akin to Form SD)
- Encourage FTC investigation of noncompliant companies for unfair or deceptive business practices
- Encourage private plaintiffs to file securities-fraud class actions against publicly-traded providers for misleading investors by secretly violating federal reporting duties
But what does EARN IT actually do?
- Amend Section 230 instead of enforcing existing law
- Don’t demand that DOJ explain why they aren’t doing their job
- Conduct a congressional investigation to determine the extent of the problem
- Hold a hearing to ask DOJ why it has never once brought a 2258A prosecution
- DOJ prosecutes those isolated violations or the particular rogue provider
But instead of exploring that, here's what EARN IT actually does:
- Amend Section 230 instead of enforcing existing law
- Don’t demand that DOJ explain why they aren’t doing their job
- Hold hearings to have DOJ explain why their investigations never result in charges
- Amend Section 230 instead of enforcing existing law
- Don’t demand that DOJ explain why they aren’t doing their job
- Tell DOJ to move for courts to unseal all sealed records in 2258A cases
- Require DOJ to report data on all 2258A prosecutions since 2258A’s enactment
- Amend 2258A to require regular reporting to Congress by DOJ of enforcement statistics
- Investigate whether providers (especially publicly-traded ones) kept 2258A fines a secret
- Amend Section 230 instead of enforcing existing law
- Don’t demand that DOJ reveal to Congress its 2258A enforcement details
- Hold a hearing to ask DOJ why it has never once brought a 2258A prosecution
- Amend 2258A by adding a private right of action so that victims can do the work that DOJ isn’t doing
- Amend Section 230 instead of enforcing existing law
- Don’t demand that DOJ explain why they aren’t doing their job
About the only thing that supporters of EARN IT have claimed in response to this point is that, because EARN IT allows for state AGs and civil suits, it is "adding more cops to the beat" to take on failures to report under 2258A. But... that's kinda weird. Because wouldn't it make a hell of a lot more sense to first find out why the existing cops don't bother? Because no one has done that. And, worse, when it comes to the civil suits, this response basically means "the DOJ doesn't care to help victims of CSAM, so we're leaving it up to them to take matters into their own hands." And that doesn't seem like a reasonable solution no matter how you look at it.
If anything, it looks like Congress putting the burden for the DOJ's perpetual failings... on the victims of CSAM. Yikes!
Of course, there are other possible problems here as well, and Riana details them in the chart. In these cases, the problems aren't with failure to report CSAM, but elsewhere in the process. So... if websites do properly report CSAM to NCMEC's CyberTipline, perhaps the problem is that CSAM isn’t being taken down promptly enough or reported to NCMEC “as soon as reasonably possible” as required by 2258A(a)(1)(A)(i).
Well, then, as Riana notes, there are a few things Congress could do:
- Debate whether to insert a firm timeframe into 2258A(a)(1)(A)(i)
- Hold a hearing to ask ICS providers of various sizes why delays happen and whether a specific timeframe is feasible
- Amend Section 230
Well, then, the possible solutions from Congress would seem to be:
- Hold a hearing to ask NCMEC what it would take to process all the reports they already get
- Appropriate those additional resources to NCMEC
- Amend Section 230 to induce providers to make even more reports NCMEC can’t keep up with
- Give zero additional resources to NCMEC
- Order GAO to conduct a study on what happens to CyberTips passed by NCMEC to DOJ
- Hold a hearing to ask DOJ why it isn’t acting on tips or filing its required reports
- Appropriate additional resources to DOJ
- Earmark $1 million for IT improvements
- Don’t demand that DOJ explain why they aren’t doing their job
And finally, perhaps websites do report CSAM in compliance with 2258A to NCMEC's CyberTipline, and maybe NCMEC does relay important information to the DOJ... and horrifyingly, perhaps federal law enforcement is failing child sex abuse victims just as the FBI turned a blind eye to Larry Nassar’s abuse of dozens of child gymnasts for years.
Well, then it seems fairly obvious what Congress should do:
- Hold a hearing on the FBI’s failure to protect children (this did happen in September 2021)
- Amend Section 230, effectively delegating enforcement for child sexual abuse to states and victims themselves
No matter what the problem with online CSAM is, EARN IT isn’t going to fix it. It’s only going to make things worse, both for child victims and for everyone who uses the internet. The truth about EARN IT is that either there isn’t a serious noncompliance problem among providers that’s pervasive enough to merit a new law, but Congress just can’t resist using Section 230 as a political punching bag to harm all internet users in the name of sticking it to Big Tech… or there is a problem, but the DOJ is asleep at the wheel – and EARN IT is a concession that Congress no longer expects them to do their jobs.
Either option should be shameful and embarrassing for the bill’s supporters to admit. Instead, this horrible legislation, if it passes, will be hailed as a bipartisan victory that shows Congress can still come together across the aisle to get things done. Apparently, harming Americans’ rights online while making CSAM prosecutions harder is something both parties can agree on, even in an election year.
So, whatever problem the backers of EARN IT think they're solving for, EARN IT doesn't do it. That seems like it should be a big fucking deal. But, instead of responding to these points, the sponsors claim that people highlighting this "don't care about CSAM."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 2258a, csam, doj, earn it, encryption, fbi, reporting, surveillance
Companies: ncmec
Reader Comments
Subscribe: RSS
View by: Time | Thread
It may effectively eliminate encryption and enhance surveillance
I think J.D. Tuccille has the right idea here. It is a back-door attempt to make encryption taboo and to get private companies to do the snooping the governmant cannot legally do itself.
This is what the changes to Section 230 would accomplish.
[ link to this | view in chronology ]
GrandStand
The EARN IT act allows legislators to virtue-signal and look good, without the government doing any work. This increases the politicians' chances of getting reelected.
[ link to this | view in chronology ]
It’s also a backdoor to banning encryption and a foot in the door to banning either certain kinds of speech or the moderation thereof on social media services. Nothing good will come of this bill being made law.
[ link to this | view in chronology ]
Re: GrandStand
You know that the Earn Act is so fundamentally fucked up that even Koby is against it.
[ link to this | view in chronology ]
But
Is there any effort to show/display data or Pictures of WHAT they think is the problem?
Then another subject comes to mind, in International Data. Yep, you can submit Tons of it, but its coming from other nations. Its the accessibility to it.
Then we get to numbers and enforcement and How many people can handle it, IF even 1 million of the complaints, end up in the USA. And then you find out its a mother/father showing off old pics of their kids, Naked near a Plastic swimming pool.
[ link to this | view in chronology ]
The 'I know you are but what am I?' strategy I see
But, instead of responding to these points, the sponsors claim that people highlighting this "don't care about CSAM."
Sure hope the ISS windows are heavily tinted, that level of projection has got to be blinding even up in orbit.
Any time a supporter of EARN IT try to pull the 'for the children!'/'You don't care about the children!' lie articles like this need to be thrown in their face, because for all their screaming about how anyone how isn't fully on their side wants to see children exploited they are showing that no-one supports the exploitation of children more than a politician and that of all the things they could do that actually might work the only thing they can think of is shifting the blame and exploiting children to try to gut encryption.
[ link to this | view in chronology ]
So, Sen. Blumenthal doesn't want to fund the police.
[ link to this | view in chronology ]
Re:
Or NCMEC, hiring more investigators, etc.
Near as I see it, what EARN IT would do is two things:
FURTHER overwhelm NCMEC and mind you according to Riana they're already overwhelmed with the amount of reports they get right now and cannot process them all.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Yep. Still nothing about the people abusing children in the first place. And the secondary people who keep putting the material out there. Maybe if you arrested them, there would be less shit on the internet to report and remove.
Separately, i wonder what the stats are on how much material reported is duplicate.
[ link to this | view in chronology ]
Re:
Most of it, as the basis for reporting is matching hashes of previously found material. If the same stuff did not keep on turning up time after time, automated tools would be much less useful.
[ link to this | view in chronology ]
Next
Lets lock down the internet from the rest of the world.
They do to many strange things we dont like.
We cant have people communicating between nations.
We cant have citizens comparing what they see on TV.
[ link to this | view in chronology ]