People Are Lying To The Media About EARN IT; The Media Has To Stop Parroting Their False Claims

Failures

from the that's-not-how-any-of-this-works dept

Update: After this post went up, Tech Review appears to have done a major edit to that article, and added a correction about the completely false claim regarding Section 230 protecting CSAM. The article still has problems, but is no longer quite as egregiously wrong. The post below is about the original article.

MIT’s Tech Review has an article this week which is presented as a news article claiming (questionably) that “the US now hosts more child sexual abuse material (CSAM) online than any other country,” and claiming that unless we pass the EARN IT Act, “the problem will only grow.” The problem is that the article is rife with false or misleading claims that the reporter didn’t apparently fact check.

The biggest problem with the article is that it blames this turn of events on two things: a bunch of “prolific CSAM sites” moving their servers from the Netherlands to the US and then… Section 230.

The second is that internet platforms in the US are protected by Section 230 of the Communications Decency Act, which means they can’t be sued if a user uploads something illegal. While there are exceptions for copyright violations and material related to adult sex work, there is no exception for CSAM. 

So, this is the claim that many people make, but a reporter in a respectable publication should not be making it, because it’s just flat out wrong. Incredibly, the reporter points out that there are “exceptions” for copyright violations, but she fails to note that the exception that she names, 230(e)(2), comes after another exception, 230(e)(1), which literally says:

(1) No effect on criminal law

Nothing in this section shall be construed to impair the enforcement of section 223 or 231 of this title, chapter 71 (relating to obscenity) or 110 (relating to sexual exploitation of children) of title 18, or any other Federal criminal statute.

It’s almost as if the reporter just accepted the claim that there was no exception for CSAM and didn’t bother to, you know, look at the actual law. Child sexual abuse material violates federal law. Section 230 directly exempts all federal law. The idea that 230 does not have an exception for CSAM is just flat out wrong. It’s not a question of interpretation. It’s a question of facts and MIT’s Tech Review is lying to you.

The article then gets worse.

This gives tech companies little legal incentive to invest time, money, and resources in keeping it off their platforms, says Hany Farid, a professor of computer science at the University of California, Berkeley, and the co-developer of PhotoDNA, a technology that turns images into unique digital signatures, known as hashes, to identify CSAM.

People keep saying that companies have “little legal incentive” to deal with CSAM as if 18 USC 2258A doesn’t exist. But it does. And that law says pretty damn clearly that websites need to report CSAM on their platforms. If a website fails to do so, then it can be fined $150k for its first violations and up to $300k for each subsequent violation.

I’m not sure how anyone can look at that and say that there is no legal incentive to keep CSAM off their platform.

And, just to make an even clearer point, you will be hard pressed to find any legitimate internet service that wants that content on its website for fairly obvious reasons. One, it’s reprehensible content. Two, it’s a good way to have your entire service shut down when the DOJ goes after you. Three, it’s not good for any kind of regular business (especially ad-based) if you’re “the platform that allows” that kind of reprehensible content.

To claim that there is no incentive, legal or otherwise, is just flat out wrong.

Later in the article, the reporter does mention that companies must report the content, but then argues this is different because “they’re not required to actively search for it.” And this gets to the heart of the debate about EARN IT. The supporters of EARN IT insist that it’s not a “surveillance” bill, but then when you drill down into the details, they admit that what they’re mad at are just a few companies that are refusing to install these kinds of filtering technologies. Except that as we’ve detailed (and which the article does not even bother to contend with), if the US government is passing a law that mandates filters, that creates a massive 4th Amendment problem that will make it more difficult to actually go after CSAM purveyors legally (under the 4th Amendment the government can’t mandate a general search like this, and if it does, that will enable those prosecuted to suppress the evidence).

Also, we’ve gone through this over and over again. If the real problem is the failure of companies to find and report CSAM, then the real issue is why hasn’t the DOJ done anything about it? They already have the tools under both Section 230 (exempted from CSAM) and 2258A to bring a prosecution. But they have not. And EARN IT does nothing to better fund the DOJ or even ask why the DOJ never actually brings any of these prosecutions?

Incredibly, some of the “experts,” all of whom are among the people who will benefit from EARN IT passing (as the reporter apparently didn’t bother to even ask anyone else), kind of make this point clear, without even realizing it:

Besides “bad press” there isn’t much punishment for platforms that fail to remove CSAM quickly, says Lloyd Richardson, director of technology at the Canadian Centre for Child Protection. “I think you’d be hard pressed to find a country that’s levied a fine against an electronic service provider for slow or non-removal of CSAM,” he says. 

Well, isn’t that the issue then? If the problem is that countries aren’t enforcing the law, shouldn’t we be asking why and how to get them to enforce the law? Instead, they want this new law, EARN IT, that doesn’t do anything to actually increase such enforcement, but rather will open up lots of websites to totally frivolous lawsuits if they dare do something like offer encrypted messaging to end users.

Incredibly, later in the article, the reporter admits that (as mentioned in the beginning of the article), the reason so many websites that host this kind of abusive materials moved out of the Netherlands was… because the government finally got serious about enforcing the laws it had. But then it immediately says but since the content just moved to the US, that wasn’t really effective and “the solution, child protection experts argue, will come in the form of legislation.”

But, again, this is already illegal. We already have laws. The issue is not legislation. The issue is enforcement.

Also, finally at the end, the reporter mentions that “privacy and human rights advocates” don’t like EARN IT, but misrepresents their actual arguments, and presents it as a false dichotomy between tech companies “prioritizing the privacy of those distributing CSAM on their platforms over the safety of those victimized by it.” That’s just rage-inducingly wrong.

Companies are rightly prioritizing encryption to protect the privacy of everyone, and encryption is especially important to marginalized and at risk people who need to be able to reach out for help in a way that is not compromised. And, again, any major internet company already takes this stuff extremely seriously, as they have to under existing law.

Also, as mentioned earlier, the article never once mentions the 4th Amendment — and with it the fact that by forcing websites to scan, it actually will make it much, much harder to stop CSAM. Experts have explained this. Why didn’t the reporter speak to any actual experts?

The whole article repeatedly conflates the sketchy, fly-by-night, dark web purveyors with the big internet companies. EARN IT isn’t going to be used against those dark web forums. Just like FOSTA, it’s going to be used against random third parties who were incidentally used by some of those sketchy companies. We know this. We’ve seen it. Mailchimp and Salesforce have both been sued under FOSTA because some people tangentially associated with sex trafficking also used those services.

And with EARN IT, anyone who offers encryption is going to get hit with those kinds of lawsuits as well.

An honest account of EARN IT and what it does would have (1) not lied about what Section 230 does and does not protect, (2) not misrepresented the state of the law for websites in the US today, (3) would not have only quoted people who are heavily involved in the fight for EARN IT, (4) not have misrepresented the warnings of people highlighting EARN IT’s many problems, (5) not left out that the real problem is the lack of will by the DOJ to actually enforce existing law, (6) would have been willing to discuss the actual threats of undermining encryption, (7) would have been willing to discuss the actual problems of demanding universal surveillance/upload filters, and (8) not let someone get away with a bogus quote falsely claiming that companies care more about the privacy of CSAM purveyors than stopping CSAM. That last one is really infuriating, because there are many really good people trying to figure out how these companies can stop the spread of CSAM, and articles like this, full of lies and nonsense, demean all the work they’ve been putting in.

MIT’s Tech Review should know better, and it shouldn’t publish garbage like this.

Filed Under: csam, earn it, incentives, photodna, scanning, section 230, surveillance
Companies: tech review