Caitlin Hall-Swan is a J.D. candidate, 2021 at NYU School of Law.
On March 5th, Senate Judiciary Committee Chairman Lindsey Graham, U.S. Senators Richard Blumenthal, Josh Hawley, and Ranking Member Dianne Feinstein introduced legislation coined as the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or the EARN IT Act of 2020.
The bill establishes a commission, headed by Attorney General William Barr, that will develop “best practices” for interactive online service providers. If providers fail to certify compliance with these best practices, they lose liability protections encoded in Section 230 of the 1996 Communications Decency Act that shield communication intermediaries from legal claims alleging violations of child sexual exploitation laws.
Under Section 230, “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Essentially, online communication “hosts” and intermediaries, such as Facebook or Yelp, are protected from legal liability stemming from what users of those sites say and do. Proponents of Section 230 applaud the 1996 legislation for facilitating online innovation and free speech.
The EARN IT Act, in amending Section 230, has sparked a massive controversy over encryption and data privacy. Ostensibly, the commission is meant to curtail child pornography and child sexual abuse. However, political players and internet users alike are concerned about the wider ramifications.
Democratic Senator Ron Wyden, for example, has commented that “[t]his terrible legislation is a Trojan horse to give Attorney General Barr and President Donald Trump the power to control online speech and require government access to every aspect of Americans’ lives.” While the bill purports to simply create “best practices,” many are of the opinion that the commission’s determination of “best practices” will result in a serious compromise to end-to-end encryption. In the past, Barr has suggested that tech companies build a way for law enforcement to access encrypted communications. A commission headed by Barr could create similar restrictions on encryption. In a warning about the dangers of the EARN IT Act, the Electronic Frontier Foundation writes:
“Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn’t be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate.”
Tech giants have weighed in with their concerns that the EARN IT Act would make it impossible for online intermediaries to provide end-to-end encryption. A group of industry experts, including the Computer & Communications Industry Association, Consumer Technology Association, Internet Association, Internet Infrastructure Coalition, and NetChoice, wrote a letter to Senators Graham and Blumenthal. After assuring the technology sector’s commitment to reducing online child sexual abuse material, they wrote:
“We are . . . concerned by the bill’s implications for companies’ ability to design secure and trustworthy products and services. Strong encryption is critical for national security, a vibrant and competitive digital economy, and the online and physical safety of individuals, including children. Creating a false choice between encryption and intermediary protections would exacerbate threats to these technology users, placing those most vulnerable Americans at greatest risk.”
Proponents of the EARN IT Act argue that the bill is not about ending encryption at all. In a Senate Judiciary Committee hearing, Graham and Blumenthal stated that the bill is not about ending encryption, but about best business practices.
The proponents of the bill, however, continue to leave open the question of what exactly “best business practices” entail. If not by reducing encryption, how else might online intermediaries regulate the content available on their platforms? EARN IT Act proponents haven’t offered a clear answer, but have responded that “best practices” will require advice from tech experts and companies as well as approval by three agency heads with specific interests in data security, privacy, and law enforcement matters.
When pressed about the EARN IT Act’s potential to limit encryption options utilized by major online platforms, Barr answered that “predator’s supposed privacy interests should not outweigh our children’s privacy and security.”
Opponents of the bill aren’t satisfied. Some are of the mindset that Blumenthal simply doesn’t understand internet services. In response to the recent rise in popularity of the videoconferencing software Zoom, Blumenthal sent a letter to the company that questioned whether they were providing end-to-end encryption for video conferences to users now using the platform to attend school, seek medical help, and socialize with friends. Those paying attention to the ongoing controversy are confused; why is Blumenthal suddenly worried about data security when he’s pushing forward a bill that would compromise the very same?
Techdirt writes a strong criticism:
“I know that Senator Blumenthal loves to grandstand over tech issues, but it might help if he understood the technology, the law, and the Constitution before making such a fool of himself. Unfortunately, for over a decade he’s shown a decided lack of interest in doing any of those things, and I guess he has no intention of starting now.”
With such widespread contempt towards the EARN IT Act and its creators, it remains to be seen whether we see an enacted version.