The EARN IT Bill Puts All Of Us In Danger
15 March 2020
Technologies such as encryption and common-sense laws such as Section 230 in the U.S. are a strong foundation for our safety and freedom of speech on the web. If you exist in the modern world, these affect you–using this website, online banking, social media, credit cards, medical care, and so on–these protect you. Strong, proven, and non-backdoored encryption is the only way to keep your electronic data safe (because it is going online, even if you aren’t the one putting it there). Section 230 is a law that says we’re responsible for what we post online, rather than the site we posted it to (with a few exceptions) so sites will be less inclined to censor us. Encryption and Section 230 are why social media as we know it exists today, why we can forward a personal email without legal repercussion, and why many sites we rely on, such as Wikipedia, can operate.
But, global free speech and safety are often under attack by politicians who don’t understand–or don’t care about–the repercussions of breaking encryption, backdooring it, or changing who is liable for what gets said online. They propose laws that put our online safety and free speech at risk for child protection or maintaining morality–emotionally charged arguments that are hard to argue against and that are often not true. When passed, they can have wide-reaching repercussions, like in Turkey where such laws are used for heavy-handed censorship of safe educational resources like Wikipedia. And, it’s happening again. In January of this year (2020), Bloomberg leaked a draft bill that was quietly being circulated by Senators Lindsey Graham and Richard Blumenthal.
The bill, called EARN IT, would create a “National Commission on Online Child Exploitation Prevention” staffed by the Attorney General, the Chairman of the Federal Trade Commission (FTC), the Secretary of Homeland Security, and 12 other members chosen by Congressional leaders. Its job would be recommending “best practices for providers of interactive computer services regarding the prevention of online child exploitation conduct,” which would be backed by the threat of stripping a site’s Section 230 protections. These recommendations could then be unilaterally overridden by the Attorney General.
While perhaps well-intentioned, EARN IT is not the solution to the problem. First, it’s extremely and unnecessarily broad, granting too much power to the commission and Attorney General. Under the draft bill, the commission it forms would be able to change and expand the law as it saw fit, as long as it could find an argument that the change might help prevent exploitation. The law could change unpredictably and without enough oversight due to changes in administration or actions from an Attorney General. Attorney General Barr, for example, has made his opinions on encryption clear (opinions that ignore experts), and could use the commission to make it impossible to keep our data safe by forcing companies to weaken their security. It also doesn’t provide any meaningful new authority to the government to actually solve problems.
The bill could also make it much harder for online innovation. Forcing platforms to screen posts makes it difficult for a new company to get a start on the web. Even fairly large platforms, such as Tumblr, have had difficulty here. While this is a problem, and one that the technology industry has been working to solve, EARN IT is doing few favors here–exploitative content is already illegal, and platforms are already obligated by federal law to take it down, report it to law enforcement, and cooperate with investigations. However, it does help big tech companies operate with less threat of competition.
Finally, EARN IT lowers the bar for filing a lawsuit that could threaten a service’s Section 230 protections. A plaintiff would not need to prove a company actually knew about exploitative content to win a lawsuit. The bar would be lowered so low that a company simply providing a secure messaging service might be enough for a plaintiff to argue that company acted “recklessly” under EARN IT. Here too, is no new authority. Section 230 already allows the Department of Justice to enforce the law against a provider it believes is breaking the law and knowingly distributing exploitive content.
Child protection and law enforcement are deserved topics for public concern, but EARN IT doesn’t help those causes. It doesn’t give the government any new powers, it just gives it the ability to strip the protections that keep us safe and our speech free. It’s a direct attack on the web that puts our right to free and private speech, our security, and the innovation we’ve come to expect from the web at risk. Forcing companies to weaken encryption online or off, or to censor speech does not make us safer, and does not prevent child exploitation or cybercrime. In fact, it may actually increase cybercrime. Backdoors are sold on the dark web–finding them is a well-paying, full-time job for some hackers and breaking encryption is a stated goal of the EARN IT bill’s sponsors. Not to mention, encryption has not stopped the Department of Justice from taking action against exploitative sites–which they did by analyzing financial transactions, rather than breaking encryption.