Because Too Many People Still Don't Know Why The EARN IT Bill Is Terrible, Here's A Video

from the AV dept

The biggest problem with all the proposals to reform Section 230 is that way too many people don't understand *why* they are a terrible idea. And the EARN IT bill is one of the worst of the worst, because it does not just break Section 230 but also so much more, yet too many people remain oblivious to the issues.

Obviously there's more education to be done, and towards that end Stanford's Riana Pfefferkorn and I recently gave this presentation at the Crypto and Privacy Village at Defcon. The first part is a crash course in Section 230 and how it does the important work it does in protecting the online ecosystem. The second part is an articulation of all the reasons the EARN IT bill in particular is terrible and the specific damage it would do to encryption and civil liberties, along with ruining Section 230 and everything important that it advances.

We'll keep explaining in every way we can why Section 230 should be preserved and the EARN IT bill should be repudiated, but if you're the kind of person who prefers AV explanations, then this video is for you.

(Note: there's a glitch in the video at the beginning. Once it goes dark, skip ahead to about 3 minutes 20 seconds and it will continue.)

Filed Under: earn it act, encryption, section 230

Senators Graham And Blumenthal Can't Even 'Earn' The EARN IT Act: Looking To Sneak Vote Through Without Debate

from the don't-let-them dept

Senator Lindsey Graham very badly wants to push the extremely dangerous EARN IT Act across the finish line. He's up for re-election this fall, and wants to burnish his "I took on big tech" creds, and sees EARN IT as his path to grandstanding glory. Never mind the damage it will do to basically every one. While the bill was radically changed via his manager's amendment last month, it's still an utter disaster that puts basically everything we hold dear about the internet at risk. It will allow for some attacks on encryption and (somewhat bizarrely) will push other services to more fully encrypt. For those that don't do that, there will still be new limitations on Section 230 protections and, very dangerously, it will create strong incentives for internet companies to collect more personal information about every one of their users to make sure they're complying with the law.

It's a weird way to "attack" the power of big tech by forcing them to collect and store more of your private info. But, hey, it's not about what's actually in the bill. It's about whatever bullshit narrative Graham and others know the press will say is in the bill.

Either way, we've heard that Graham and his bi-partisan supporter for EARN IT, Senator Richard Blumenthal, are looking to rush EARN IT through with no debate, via a process known as hotlining. Basically, it's a way to try to get around any floor debate, by asking every Senator's office (by email, apparently!) if they would object to a call for unanimous consent. If no Senator objects, then they basically know they can skip debate and get the bill approved. If Senators object, then (behind the scenes) others can start to lean on (or horse trade) with the Senators to get the objections to go away without it all having to happen on the floor of the Senate. In other words, Graham and Blumenthal are recognizing that they probably can't "earn" the EARN IT Act if it has to go through the official process to have it debated and voted on on the floor, and instead are looking to sneak it through when no one's looking.

While Senator Wyden (once again) has said he'll do whatever he can to to block this, it would help if other Senators would stand up as well. Here's what Wyden had to say about it:

The EARN IT Act will not protect children. It will not stop the spread of child sexual abuse material, nor target the monsters who produce and share it, and it will not help the victims of these evil crimes. What it will do is threaten the free speech, privacy, and security of every single American. This is because, at its core, the amended EARN IT Act magnifies the failures of the Stop Enabling Sex Traffickers Act--SESTA--and its House companion, the Fight Online Sex Trafficking Act--FOSTA. Experts believe that SESTA/FOSTA has done nothing to help victims or stop sex trafficking, while creating collateral damage for marginalized communities and the speech of all Americans. A lawsuit challenging the constitutionality of FOSTA on First Amendment grounds is proceeding through the courts, and there is bicameral Federal legislation to study the widespread negative impacts of the bill on marginalized groups.

Yet, the authors of the EARN IT Act decided to take this kind of carveout and expand it further to State civil and criminal statutes. By allowing any individual State to set laws for internet content, this bill would create massive uncertainty, both for strong encryption and constitutionally protected speech online. What is worse, the flood of State laws that could potentially arise under the EARN IT Act raises strong Fourth Amendment concerns, meaning that any CSAM evidence collected could be rendered inadmissible in court and accused CSAM offenders could get off scot-free. This is not a risk that I am willing to take.

Let me be clear: The proliferation of these heinous crimes against children is a serious problem. However, for these reasons and more, the EARN IT Act is not the solution. Moreover, it ignores what Congress can and should be doing to combat this heinous crime. The U.S. has a number of important evidence-based programs in existence that are proven to keep kids safe, and they are in desperate need of funding to do their good work. Yet the EARN IT Act doesn't include a single dollar of funding for these important programs. It is time for the U.S. Government to spend the funds necessary to save children's lives now.

While a Wyden hold would block any attempt to get unanimous consent via the hotlining process, it would help quite a lot if other Senators were willing to speak up and stand with him as well. If it's just Wyden, then he'll face tremendous pressure to remove the hold. If more Senators join Wyden in saying this isn't okay, then Graham and Blumenthal will realize they have a bigger challenge in front of them.

Again, if you haven't been following this debate closely, everything that Wyden says above is accurate. EARN IT is an attack on both free speech and privacy (a twofer) without doing anything to actually deal with the problem of child sexual abuse material online. That is very much a law enforcement issue, and it's one which Congress has failed to provide the funds to law enforcement that it promised on this issue, and (even worse) the DOJ has simply ignored its requirement mandates to deal with this issue as required by Congress. The DOJ seems more focused on attacking tech companies and blaming them for its own failure to do its job.

The EARN IT Act is an incredibly dangerous piece of legislation, but it's also a complicated one -- one that many people don't understand. But Senators see something that says "protect the children" and they immediately think "well, of course we support that." But this bill doesn't protect children. It attacks free speech and privacy online in very insidious ways. Please call your Senators and ask them not to let this through.

Filed Under: debate, earn it, earn it act, encryption, free speech, lindsey graham, privacy, richard blumenthal, section 230, senate

New EARN IT Act Creates An Insane New Dilemma: Either Encrypt All Or Spy On All

from the this-seems-counterproductive dept

Last week, as predicted, the Senate Judiciary Committee voted unanimously to replace the original EARN IT Act, with a new one. As part of the markup, they also voted to approve Senator Patrick Leahy's amendment which some might read to say that EARN IT cannot be used to block encryption -- but the reality is a lot more complicated. As I'll explain, this new bill is terrible in a different way than the old bill: it will create a new dilemma in which internet services will either feel compelled to encrypt everything or in which the only way you'll be able to use any internet service is if you hand over a ton of personal information to the service provider -- potentially putting your privacy at extreme risk.

First lets acknowledge an oddity about this new bill. Both bills involve the creation of a commission to come up with "best practices" in trying to stop "child sexual abuse material" or CSAM (the concept formerly known as child porn). In the old bill, if sites didn't follow the commission's best practices, they could lose their Section 230 protections. This resulted in fears that the commission would outlaw encryption as a "best practice." The new bill retains the commission, but for no recognizable purpose. Instead, it does away with the pretense and just says that a bunch of sites should lose Section 230 protections no matter what. It seems quite odd to first say "we need a commission to determine best practices" and then on a second pass say that before the commission has done anything we're just going to make massive changes to Section 230 based on... nothing at all. No evidence saying that this would create better outcomes. No evidence that Section 230 is a problem with regards to CSAM. Just... nothing.

Specifically, the new bill makes a change to Section 230 that looks similar to the change that was made with FOSTA, saying that you don't get 230 protections if you advertise, promote, present, distribute, or solicit CSAM. But here's the thing: CSAM is already a federal crime and all federal crimes are already exempted from Section 230. On top of that, it's not as if there are a bunch of cases anyone can trot out as examples of Section 230 getting in the way of CSAM prosecutions. There's literally no evidence that this is needed or will help -- because it won't.

As we've detailed before, the real scandal in all of this is not that internet companies are facilitating CSAM, but that the DOJ has literally ignored its Congressional mandate to go after those engaged in CSAM production and distribution. Congress tasked the DOJ with tackling CSAM and the DOJ has just not done it. The DOJ was required to compile data and set goals to eliminate CSAM... and has just not done it. That's why it's bizarre that EARN IT is getting all of the attention rather than an alternative bill from Senators Wyden, Gillibrand, Casey and Brown that would tell the DOJ to actually get serious about doing its job with regards to CSAM, rather than blaming everyone else.

But digging into the details, the real problem here is that, as structured, the new EARN IT Act would be a disaster in trying to achieve the goals the sponsors have set out for it. First off, thanks to the addition of Senator Leahy's Amendment, some may see the bill as one that effectively requires encryption to avoid liability for CSAM. Even that's not totally clear, however. While you can read Leahy's amendment to say that encryption is protected, the actual structure of the final bill punts many issues to state law, and that means having to comply with 50 different state laws. Some, like Illinois, have lower standards for the mens rea regarding CSAM, and the worry is that we won't know whether or not offering end-to-end encryption would be seen as violating state laws until long and costly cases go through their lengthy process.

Either way, this weird CSAM carveout from Section 230 is somewhat equivalent to the moderator's dilemma that other attempts to change Section 230 create. Because most of those other reforms put in place a "knowledge" standard, it gives many sites a reason to never look at the content on their platform. In this case, due to the explicit call out saying that encryption isn't impacted, that would effectively say that if you want to keep 230 protections, you should encrypt absolutely everything. Which, ironically, is the exact opposite of what Attorney General Bill Barr has been asking for.

But, as with the moderator's dilemma, there's also a flipside (if you don't want to ignore everything, then you have to greatly restrict what you allow through). Under the new EARN IT, the flipside is that the government more or less says that you are now responsible for being able to track and identify anyone on your service who is not using encryption -- meaning you would need to carefully verify every user of your platform. No more simple signups. No more anonymity. And, incredibly, this would mean that sites would need to collect a ton of data on every user. Want to use this new service? First submit your phone number, driver's license, etc.

At a time when people are saying they trust big internet companies less and less with their data, why would Senators Graham, Blumenthal, Feinstein, and Hawley (HAWLEY!?!?) be encouraging websites to collect even more (and more intrusive) data on all their users?

Since this is somewhat different than the traditional moderator's dilemma, it might be called the "censor's dilemma" or possibly the "middleman's dilemma," in that this is even more tied to the government's demand that websites block certain content entirely, which puts them in the role of a government middleman or censor (which, not coincidentally, would raise serious constitutional issues with the EARN IT Act turning private entities into state censors).

Either way it is difficult to see how these two outcomes are what Congress (or, for that matter, the DOJ) actually wants:

• Much greater encouragement for websites to encrypt everything
• Much greater encouragement for websites to demand much more personal and private information on users.

And yet, thanks to Congress' standard bungling, that's what we have with the current EARN IT Act. And while it might be nice if the law actually did encourage more encryption, don't pin your hopes on that. As noted above, it's not entirely clear that it really does lead to that outcome, and we might not know until after a whole bunch of litigation. Furthermore, if that is is the end result, it will almost certainly lead to a different kind of backlash and support for even worse laws that seek to blow up encryption through other methods.

In short: the EARN IT Act is bad. At best it might encourage more encryption, but it would also create a whole host of unintended consequences, including much less privacy and no more anonymity on many websites. It's difficult to see how that accomplishes any of the goals of the bill's supporters.

Filed Under: censor's dilemma, data, dilemma, earn it, earn it act, encryption, lindsey graham, middleman's dilemma, moderator's dilemma, patrick leahy, privacy, richard blumenthal, verification

News Orgs Attack Big Tech For Being Bad For Privacy... While Their Lobbying Against Big Tech Will Harm Privacy

from the guys,-come-on dept

It's kind of difficult to take "privacy advocates" seriously if they're supportive of the EARN IT Act and its structure that would effectively enable the Attorney General to ban real encryption. That's why it was so ridiculous that vocal privacy advocate non-profit EPIC (in the midst of a truly horrifying scandal in which its President exposed employees to COVID-19 without telling them) came out in favor of the EARN IT Act. As with so much that EPIC does, the issue was more that they saw EARN IT as "anti-big tech companies" and to hell with how it actually impacts privacy and encryption.

This is an ongoing problem. Many people who (whether for good reasons or not) dislike big internet companies seem way too willing to embrace bills that appear aimed against them as a sort of "stick it to them" attack, rather than recognizing the long term impact of those bills. We've seen that in the past with bills from the EU's Copyright Directive, the GDPR, and the California Consumer Privacy Act (CCPA), all of which some groups supported solely because it would "be bad" for Google, Facebook and other internet giants, without recognizing the wider impact.

Apparently we can add big news publishers to this list as well. While papers like the NY Times and the Washington Post have run a bunch of stories about how "big tech" is bad about privacy, it's difficult to take them seriously when their lobbyists are out there lobbying in favor of a bill that would ban encryption. And yet, there is the News Media Alliance, formerly the Newspaper Association of America, cheerfully attacking Section 230 of the CDA (which, someone should remind them, all of their websites rely on...) at the DOJ's hearing back in February. Because the EARN IT Act is structured in a way to try to play Section 230 and encryption off of one another, the News Media Alliance's support of attacking 230 gives cover to the EARN IT Act's effective chipping away at encryption.

And that should greatly concern all of the journalists who work for these newspapers, like the NY Times and the Washington Post among others. Reporters at those newspapers rely heavily on encryption as they cultivate sources. And the newspapers themselves rely strongly on Section 230 to protect them against bogus SLAPP suits, even as they pretend that Section 230 is a "special favor" for large tech companies.

The end result, as with EPIC, is that it seems that the focus on "big internet companies are the problem" means that they're compromising on their own principles in order to "punish" the big internet companies. Suggesting Section 230 should be amended gives cover to the plan to trade Section 230 protections for undermining encryption -- thereby undermining both. And that's really dangerous, given that news reporters and news sites rely on both strong encryption and on Section 230.

The News Media Alliance is playing a dangerous game, while being blinded by its dislike of big internet companies.

Filed Under: cda 230, earn it, earn it act, encryption, section 230

The EARN IT Act Creates A New Moderator's Dilemma

from the moderate-perfectly-or-else dept

Last month, a bipartisan group of U.S. senators unveiled the much discussed EARN IT Act, which would require tech platforms to comply with recommended best practices designed to combat the spread of child sexual abuse material (CSAM) or no longer avail themselves of Section 230 protections. While these efforts are commendable, the bill would cause significant problems.

Most notably, the legislation would create a Commission led by the Attorney General with the authority to draw up a list of recommended best practices. Many have rightly explained that AG Barr will likely use this new authority to prohibit end-to-end encryption as a best practice. However, less discussed is the recklessness standard the bill adopts. This bill would drastically reduce free speech online because it eliminates the traditional moderator’s dilemma and instead creates a new one: either comply with the recommended best practices, or open the legal floodgates.

Prior to the passage of the Communications Decency Act in 1996, under common law intermediary liability, platforms could only be held liable if they had knowledge of the infringing content. This meant that if a platform couldn’t survive litigation costs, they could simply choose not to moderate at all. While not always a desirable outcome, this did provide legal certainty for smaller companies and start-ups that they wouldn’t be litigated into bankruptcy. This dilemma was eventually resolved thanks to Section 230 protections, which prevent companies from having to make that choice.

However, the EARN IT Act changes that equation in two key ways. First, it amends Section 230 by allowing civil and state criminal suits against companies who do not adhere to the recommended best practices. Second, for the underlying Federal crime (which Section 230 doesn’t affect), the bill would change the scienter requirement from actual knowledge to recklessness.  What does this mean in practice? Currently, under existing Federal law, platforms must have actual knowledge of CSAM on their service before any legal requirement goes into effect. So if, for example, a user posts material that could be considered CSAM but the platform is not aware of it, then they can’t be guilty of illegally transporting CSAM. Platforms must remove and report content when it is identified to them, but they are not held liable for any and all content on the website. However, a recklessness standard turns this dynamic on its head.

What actions are “reckless” is ultimately up to the jurisdiction, but the model penal code can provide a general idea of what it entails: a person acts recklessly when he or she “consciously disregards a substantial and unjustifiable risk that the material element exists or will result from his conduct.” But what’s worse, the bill opens the platform’s actions to civil cases. Federal criminal enforcement normally targets the really bad actors, and companies that comply with reporting requirements will generally be immune from liability. However with these changes, if a user posts material that could potentially be considered CSAM, despite no knowledge on the part of the platform, civil litigants could argue that the moderation and detection practices of the companies, or lack thereof, constituted a conscious disregard of the risk that CSAM will be shared by users.

When the law introduces ambiguity into liability, companies tend to err on the side of caution. In this case, that means the removal of potentially infringing content to ensure they cannot be brought before a court. For example, in the copyright context, a Digital Millennium Copyright Act safe-harbor exists for internet service providers (ISPs) who “reasonably implement” policies for terminating repeat infringers on their service in “appropriate circumstances.” However, courts have refused to apply that safe-harbor when a company didn’t terminate enough subscribers. This uncertainty about whether a safe-harbor applies will undoubtedly lead ISPs to act on more complaints, ensuring they cannot be liable for the infringement. Is it "reckless" for a company not to investigate postings from an IP address if other postings from that IP address were CSAM? What if the IP address belongs to a public library with hundreds of daily users?

This ambiguity will likely force platforms to moderate user content and over-remove legitimate content to ensure they cannot be held liable. Large firms that have the resources to moderate more heavily and that can survive an increase in lawsuits may start to invest the majority of moderation resources into CSAM out of an abundance of caution. As a result, this would leave less resources to target and remove other problematic content such as terrorist recruitment or hate speech. Mid-sized firms may end up over-removing user content that in any way features a child or limit posting to trusted sources, insulating them from potential lawsuits that could cripple the business. And small firms, who likely can’t survive an increase in litigation could ban user content entirely, ensuring nothing on the website hasn’t been posted without vetting. These consequences, and the general burden on the First Amendment, are exactly the type of harms that drove courts to adopt a knowledge standard for online intermediary liability, ensuring that the free flow of information was not unduly limited.

Yet, the EARN IT Act ignores this. Instead, the bill assumes that companies will simply adhere to the best practices and therefore retain Section 230 immunity, avoiding these bad outcomes. After all, who wouldn’t want to comply with best practices? Instead, this could force companies to choose between vital privacy protections like end-to-end encryption or litigation. The fact is there are better ways to combat the spread of CSAM online which don’t require platforms to remove key privacy features for user.

As it stands now, the EARN IT Act solves the moderator’s dilemma by creating a new one: comply, or else.

Jeffrey Westling is a technology and innovation policy fellow at the R Street Institute, a free-market think tank based in Washington, D.C.

Filed Under: attorney general, best practices, cda 230, earn it, earn it act, encryption, moderator's dilemma, recklessness, section 230

Burning The Ladder: Match.com Supports Burning Section 230 To The Ground, Despite Relying On It To Exist

from the what-the-fuck? dept

Here's one I didn't quite expect to see. Match.com -- the dating website owned by IAC, which owns basically every other major dating site, including OkCupid, PlentyOfFish, Tinder, Hinge, and a bunch of others as well -- has announced that it will support the idiotic EARN IT Act, that would utterly destroy Section 230 and the ability of websites to host user generated content. Match's publicly stated reasons for this are... bizarre. It doesn't actually explain why it supports it. It just says it does, that protecting children is important, and then some mumbo jumbo about the kids online these days -- none of which touches on what the bill would actually do.

At Match Group, the safety of our users is at the heart of all we do and something we are constantly investing in. However, the EARN It Act rightfully acknowledges that online safety is a societal issue that demands action from leaders in the social media and tech space and on Capitol Hill. The EARN IT Act would help accomplish this by establishing a joint commission of lawmakers, experts and industry participants to set standards and best practices for internet companies to follow in addressing online exploitation of children.

The only way I can read this in a manner that makes sense, is Match has realized -- as the absolute most dominant player in the field -- that it can handle whatever recommendations come out of this panel in order to retain its 230 protections. But it also knows that all those smaller competitors, the ones that Match keeps buying up left and right, probably, cannot. So, from a competitive standpoint, this strengthens Match's position vis-a-vis upstart competitors, and probably depresses their value, making them easier to buy up. Win-win... if you're Match.com.

The rest of the blog post is just pure propaganda.

As the mom of a teenager, I am constantly thinking about my own daughter’s safety. And as the chief executive of a company that includes some of the world’s leading dating brands—Match, Tinder, OkCupid, and Hinge—I find myself often awake at night thinking about my daughter’s future, her digital footprint and the safety and privacy issues that come with this territory.

And that's why you're supporting a bill that literally removes your ability to decide how best to run your platform and hands it to a bunch of bureaucrats who don't know your business? Say what?

I remember a time when tech didn’t encompass every area of life. That’s no longer true for today’s kids. They have been immersed in a device-driven, always-on world since birth, and it’s incumbent on us to give them the tools to thrive in this increasingly digital world.

And that's why... you no longer want to be able to decide which tools to give them... but instead give that right to the government? Why?

Given our kids spend so much time with technology, we need to take bolder steps to protect them. We know that sex traffickers, pedophiles and other predators target children in places where they believe them to be most vulnerable. The internet will continue to fail our children without the entire internet ecosystem investing in and adopting new rules, technologies and practices to better govern online interactions and crack down on predatory behavior.

Beyond the whole "targeting children" issue being overblown, one place where they are targeted is on dating sites -- and you're now signing up to be held liable for that on your own website.

That is why Match Group has voluntarily chosen to make all of our platforms 18+. Beyond the age requirement, we vigilantly deploy a network of industry-leading automated and manual moderation and review tools, systems and processes designed to find and remove people from our app who should not be there. This includes both underage users and the bad actors that could prey on them. We work with partners like the National Center for Missing and Exploited Children, Polaris, RAINN, Thorn and others to solicit recommendations from these experts. We welcome the opportunity to work with regulators to ensure that we are all coming together to protect our next generation of citizens. And, like most tech companies, we will continue to invest in new technologies and adopt new practices to try to stay ahead of predators.

That already happens. Most platforms already do that. So why are you good with adding liability on top of that, other than knowing you can handle it while your competitors cannot?

What's even more bizarre is why would IAC allow Match.com to support legislation like this that will harm other IAC properties, like Vimeo, HomeAdvisor, Angie's List, Dotdash (the former About.com), and more? The whole thing seems self defeating, unless the entire point is just to fuck over smaller competitors. Section 230 helped Match.com become the giant success it is today, and now it's burning the ladder it used to reach those heights, so no one else can get there. Despicable.

Filed Under: competition, dating sites, earn it, earn it act, intermediary liability, section 230
Companies: iac, match.com

Senators Pretend That EARN IT Act Wouldn't Be Used To Undermine Encryption; They're Wrong

from the plausible-deniability dept

On Wednesday, the Senate held a hearing about the EARN IT Act, the bill that is designed to undermine the internet and encryption in one single move -- all in the name of "protecting the children" (something that it simply will not do). Pretty much the entire thing was infuriating, but I wanted to focus on one key aspect. Senators supporting the bill, including sponsor Richard Blumenthal -- who has been attacking the internet since well before he was in the Senate and was just the Attorney General of Connecticut -- kept trying to insist the bill had nothing to do with encryption and wouldn't be used to undermine encryption. In response to a letter from Facebook, Blumenthal kept insisting that the bill is not about encryption, and also insisting (incorrectly) that if the internet companies just nerded harder, they could keep encryption while still giving law enforcement access.

“This bill says nothing about encryption,” Sen. Richard Blumenthal..., said at a hearing Wednesday to discuss the legislation...

[....]

“Strong law enforcement is compatible with strong encryption,” Blumenthal said. “I believe it, Big Tech knows it and either is Facebook is lying — and I think they’re telling us the truth when they say that law enforcement is consistent with strong encryption — or Big Tech is using encryption as a subterfuge to oppose this bill.”

No, the only one engaged in lying or subterfuge here is Blumenthal (alternatively, he's so fucking ignorant that he should resign). "Strong" encryption is end-to-end encryption. Once you create a backdoor that lets law enforcement in, you've broken the encryption and it's no longer stronger. Even worse, it's very, very weak, and it puts everyone (even Senator Blumenthal and all his constituents) at risk. If you want to understand how this bill is very much about killing encryption, maybe listen to cryptographer Matthew Green explain it to you (he's not working for "Big Tech," Senator):

EARN IT works by revoking a type of liability called Section 230 that makes it possible for providers to operate on the Internet, by preventing the provider for being held responsible for what their customers do on a platform like Facebook. The new bill would make it financially impossible for providers like WhatsApp and Apple to operate services unless they conduct “best practices” for scanning their systems for CSAM.

Since there are no “best practices” in existence, and the techniques for doing this while preserving privacy are completely unknown, the bill creates a government-appointed committee that will tell technology providers what technology they have to use. The specific nature of the committee is byzantine and described within the bill itself. Needless to say, the makeup of the committee, which can include as few as zero data security experts, ensures that end-to-end encryption will almost certainly not be considered a best practice.

So in short: this bill is a backdoor way to allow the government to ban encryption on commercial services. And even more beautifully: it doesn’t come out and actually ban the use of encryption, it just makes encryption commercially infeasible for major providers to deploy, ensuring that they’ll go bankrupt if they try to disobey this committee’s recommendations.

It’s the kind of bill you’d come up with if you knew the thing you wanted to do was unconstitutional and highly unpopular, and you basically didn’t care.

Or listen to Stanford's Riana Pfefferkorn explain how the bill's real target is encryption. As she explains, the authors of the bill (including Blumenthal) had ample opportunity to put in language that would make it clear that it does not target encryption. They chose not to.

As for the "subterfuge" Blumenthal calls out, the only real "subterfuge" here is by Blumenthal and Graham in crafting this bill with the help of the DOJ. Remember, just the day before the DOJ flat out said that 230 should be conditioned on letting law enforcement into any encrypted communications. So if Blumenthal really means that this bill won't impact encryption he should write it into the fucking bill. Because as it's structured right now, in order to keep 230 protections, internet companies will have to follow a set of "best practices" put together by a panel headed by the Attorney General who has said multiple times that he doesn't believe real encryption should be allowed on these services.

So if Blumenthal wants us to believe that his bill won't undermine encryption, he should address it explicitly, rather than lying about it in a Senate hearing, while simultaneously claiming that Facebook (and every other company) can do the impossible in giving law enforcement backdoor access while keeping encrypted data secure.

Filed Under: earn it, earn it act, encryption, intermediary liability, richard blumenthal, section 230

Senators Hawley & Feinstein Join Graham & Blumenthal In Announcing Bill To Undermine Both Encryption And Section 230

from the for-the-children dept

In late January, we had an analysis of an absolutely dreadful bill proposed by Senators Lindsey Graham and Richard Blumenthal -- both with a long history of attacking the internet -- called the EARN IT Act. The crux of the bill was that, in the name of "protecting the children," the bill would drastically change Section 230 of the Communications Decency Act, making companies liable for "recklessly" failing to magically stop "child sexual abuse material" -- opening them up to civil lawsuits for any such failures. Even worse, it would enable the Attorney General -- who has made it quite clear that he hates encryption -- to effectively force companies to build in security-destroying backdoors.

On Thurdsay, the EARN IT Act (Eliminating Abusive and Rampant Neglect of Interactive Technologies Act) was officially introduced with two additional awful Senators: from the Republican side there's tech hating Josh Hawley, and on the Democratic side, there's encryption hating Dianne Feinstein.

This version of the bill has a few changes from the draft version that made the rounds before, but in effect it is trying to accomplish the same basic things: forcing companies to backdoor encryption or lose Section 230 protections, while at the same time opening up platforms to a wide range of lawsuits (a la what we're seeing with FOSTA suits) from ambulance chasing tort lawyers trying to shake down internet platforms for money, while claiming to do so in the name of "protecting the children."

Senator Ron Wyden, who authored Section 230 decades ago, had the most succinct explanation of why the EARN IT Act is bad on multiple levels:

After the federal government spent years ignoring the law and millions of reports of the most heinous crimes against children, William Barr, Lindsey Graham and Richard Blumenthal are offering a deeply flawed and counterproductive bill in response.

This terrible legislation is a Trojan horse to give Attorney General Barr and Donald Trump the power to control online speech and require government access to every aspect of Americans' lives. It is a desperate attempt to distract from the Justice Department's failure to request the manpower, funding and resources to combat this scourge, despite clear direction from Congress more than a decade ago.

While Section 230 does nothing to stop the federal government from prosecuting crimes, these senators claim that making it easier to sue websites is somehow going to stop pedophiles.

This bill is a transparent and deeply cynical effort by a few well-connect corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned.

There are a number of key points on this, starting with the fact that Barr's DOJ has consistently failed to do what it's mandated by Congress to do in fighting against child sexual exploitation. Any news story that fails to mention this key point is failing you in not explaining the context. Barr is looking for someone to blame for his own failures, and he's picked on the politically convenient internet industry -- while simultaneously getting to undermine the encryption he hates.

Another key point in the Wyden statement is that much of the EARN IT Act is dubious and cynical, but as Berin Szoka pointed out, this is likely to make stopping actual sexual exploitation that much more difficult:

“Perversely, the EARN IT Act makes it easier to sue websites than people who actually create and disseminate CSAM,” explained Szóka. “Facing potentially staggering civil liability means website providers will have no choice but to comply with the Commission’s nominally voluntary ‘best practices.’”

In that same link, Berin highlights another Constitutional problem with the Act, which could make it much more difficult for law enforcement to track down those actually responsible for child porn -- a perverse end result, which is not unlike what we've already seen happen with sex trafficking in response to FOSTA, where police have been saying that the law has made it more difficult for them to investigate trafficking.

This is a bad bill, put forth for cynical reasons, wrapped in a insincere "protect the children" blanket -- pushed for by a crew of companies who failed to innovate on the internet, and sponsored by Senators who have a long history of making it clear that they will beat up on civil liberties and innovation at any opportunity.

Filed Under: cda 230, csam, dianne feinstein, earn it act, encryption, intermediary liability, josh hawley, lindsey graham, richard blumenthal, section 230, think of the children, william barr