Senate Waters Down EARN IT At The Last Minute; Gives Civil Liberties Groups No Time To Point Out The Many Remaining Problems
from the this-is-still-a-bad-bill dept
As expected, the EARN IT Act is set to be marked up this week, and today (a day before the markup) Senators Graham and Blumenthal announced a “manager’s amendment” that basically rewrites the entire bill. It has some resemblance to the original bill, in that this bill will also create a giant “national commission on online child sexual exploitation prevention” to “develop recommended best practices” that various websites can use to “prevent, reduce, and respond to the online sexual exploitation of children,” but then has removed the whole “earn it” part of the “EARN IT” Act in that there seems to be no legal consequences for any site not following these “best practices” (yet). In the original bill, not following the best practices would lose sites their Section 230 protections. Now… not following them is just… not following them. The Commission just gets to shout into the wind.
Of course, we’ve seen mission creep on things like this before, where “best practices” later get encoded into law, so there remain significant concerns about how this all plays out in the long run, even if they’ve removed some of the bite from this version.
Instead, the major “change” with this version of EARN IT, is that it basically replicates FOSTA in creating a specific “carve out” for child sexual abuse material (CSAM, or the artist formerly known as “child porn”). It’s almost an exact replica of FOSTA, except instead of “sex trafficking and prostitution” they say the same thing about 230 not impacting laws regarding CSAM. This is… weird? And pointless? It’s not like there is some long list of cases regarding CSAM where Section 230 got in the way. There are no sites anyone can point to as “hiding behind Section 230” in order to encourage such content. This is all… performative. And, if anything, we’re already seeing people realize that FOSTA did nothing to stop sex trafficking, but did have massive unintended consequences.
That said, there are still massive problems with this bill, and that includes significant constitutional concerns. First off, it remains unclear why the government needs to set up this commission. The companies have spent years working with various stakeholders to build out a set of voluntary best practices that have been implemented and have been effective in finding and stopping a huge amount of CSAM. Of course, there remains a lot more out there, and users get ever sneakier in trying to produce and share such content — but a big part of the problem seems to be that the government is so focused on blaming tech platforms for CSAM that they do little to nothing to stop the people who are actually creating and sharing the material. That’s why Senator Wyden tried to call law enforcement’s bluff over all of this by putting out a competing bill that basically pushes law enforcement to do its job, which it has mostly been ignoring.
On the encryption front: much of the early concern was that this commission (with Attorney General Bill Barr’s hand heavily leaning on the scales) would say that offering end-to-end encryption was not a “best practice” and thus could lead to sites that offered such communication tools losing 230 protections for other parts of their site. This version of EARN IT removes that specific concern… but it’s still a threat to encryption, though in a roundabout way. Specifically, in that FOSTA-like carve out, the bill would allow states to enforce federal criminal laws regarding CSAM, and would allow states to set their own laws for what standard counts as the standard necessary to show that a site “knowingly” aided in the “advertisement, promotion, presentation, distribution or solicitation” of CSAM.
And… you could certainly see some states move (perhaps with a nudge from Bill Barr or some other law enforcement) to say that offering end-to-end encryption trips the knowledge standard on something like “distribution.” It’s roundabout, but it remains a threat to encryption.
Then there are the constitutional concerns. A bunch of people had raised significant 4th Amendment concerns in that if the government was determining the standards for fighting CSAM, that would turn the platforms into “state actors” for the purpose of fighting CSAM — meaning that 4th Amendment standards would apply to what the companies themselves could do to hunt down and stop those passing around CSAM. That would make it significantly harder to actually track down the stuff. With the rewritten bill, this again is not as clear, and there remain concerns about the interaction with state law. Under this law, a site can be held liable for CSAM if it was “reckless” and there are reasons to believe that state laws might suggest that it’s reckless not to do monitoring for CSAM — which could put us right back into that state actor 4th Amendment issue.
These are not all of the problems with the bill, but frankly, the new version is just… weird? It’s like they had that original “earn” 230 idea worked out, and were convinced that couldn’t actually work, but were too wedded to the general idea to try to craft a law that actually works. So they just kinda chucked it all and said “recreate FOSTA” despite that not making any sense.
Oh, and they spring this on everybody the day before they mark it up, giving most experts almost no time to review and analyze. This is not how good lawmaking is done. But what do you expect these days?