Two Republicans and two Democrats in the U.S. Senate have proposed a law to combat child sexual exploitation online. However, critics of the law call it a "Trojan horse" that could compromise American security by restricting access to encryption.
The EARN IT law (Eliminating Abusive and Widespread Neglect of Interactive Technologies) "would create incentives for companies to earn liability coverage for violations of laws related to online material about child sexual abuse," the advocate said today The Law.
Under applicable law, Section 230 of the Communications Decency Act provides website operators with broad legal immunity to host third party content. A 2018 law, known as FOSTA-SESTA, has waived this immunity for content related to prostitution and sex trafficking, and the EARN IT Act would further weaken immunity for website operators who take certain search and removal measures to be determined of children do not take material for sexual abuse.
In a similar development, Attorney General William Barr gave a speech today calling for an analysis of Section 230's impact on "incentives for crime-fighting platforms (child sexual exploitation) and the availability of civil remedies to victims".
Bill lets Trump "control online language"
The bill does not directly prevent websites or online platforms from using encryption. However, a commission would be set up to develop "Best Practices for Interactive Computer Service Providers to Prevent Online Behavior in Child Exploitation" and to commit online platforms to certify compliance with these best practices.
According to the Electronic Frontier Foundation, the proposed 15-member commission would be "dominated by law enforcement agencies" that have repeatedly urged technology companies to weaken encryption. Critics of the bill fear that the Commission's best practices will prevent technology companies from using end-to-end encryption that protects Internet users' private communications.
"This terrible legislation is a Trojan horse that gives Attorney General Barr and (President) Donald Trump the power to control the online language and demand government access to all aspects of American life," said Senator Ron Wyden (D -Ore.) Today. Wyden continued:
While Section 230 is doing nothing to stop the federal government from prosecuting crimes, these senators claim that facilitating the lawsuit against websites will somehow stop pedophiles. This bill is a transparent and deeply cynical effort by some well-connected companies and the Trump administration to use child sexual abuse for their political benefit, damning the effects on freedom of expression and the security and privacy of every individual American.
These "well-connected companies" include IBM, Marriott and Disney, as stated in a recent article in the New York Times. Wyden's statement did not explicitly mention encryption, but his office told Ars: "When (Wyden) talks about weakening security and asking the government for access to all aspects of American life, it refers to encryption."
The EARN IT Act is sponsored by Lindsey Graham (RS.C.), Chairman of the Senate Judiciary Committee, Dianne Feinstein (D-Calif.), Senator Richard Blumenthal (D-Conn.) And Senator Josh Hawley (R-C.). R-Mo.).
The Internet Association, representing technology companies, said "the EARN IT Act that has been introduced could hamper existing efforts by industry to achieve this common goal" to end child exploitation online. Sponsors of the EARN IT Act are not susceptible to this argument.
"First Big Tech said it needed special immunity from human trafficking laws," said Sen. Hawley. "Now it says immunity to child pornography laws is needed. Enough. It is time to stop putting Big Tech's financial interests above protecting children from predators. The EARN IT Act is another way to get today's Internet law in to bring the 21st century. "
The Internet Association also said that Section 230 "empowers Internet companies to proactively identify and remove (child sexual abuse material) and other illegal or offensive material," and that tech companies are already coordinating with law enforcement agencies in this area.
Prohibit encryption "without prohibiting it"
Stanford Law School's Center for Internet and Society (CIS) brought an action against the EARN IT Act in late January after the bill was released. The bill is an attempt to "ban end-to-end encryption without actually prohibiting it," wrote Riana Pfefferkorn, deputy director of surveillance and cyber security in the CIS.
The bill would actually allow non-accountable commissioners to set best practices that make it illegal for online service providers (for chat, email, cloud storage, etc.) to provide end-to-end encryption – something for which it is It is currently 100 percent legal under the applicable federal law, in particular CALEA (Communications Assistance for Law Enforcement Act of 1994).
Stewart Baker, former deputy secretary for politics in the Department of Homeland Security and general counsel at the National Security Agency, wrote in a blog post that "there is nothing radical about the bill."
"The risk of liability is unlikely to affect encryption or end internet security," Baker wrote. However, Baker acknowledged that the bill will likely make the decision to offer encryption more difficult for technology companies:
To see what this has to do with encryption, imagine you are the CEO of a major internet service that is thinking of providing end-to-end encryption to your users. This feature provides users with additional security and makes your product more competitive in the market. But you know that it can also be used to hide child porn distribution networks. After the change, your company can no longer thwart the use of your child pornography trading service because it no longer has insight into the material that users share with each other. So if you implement end-to-end encryption, there is a risk that a jury in future litigation will find that you have deliberately ignored the risk to exploited children – that you have acted ruthlessly about the damage to the language of the law to use.
In other words, EARN IT requires companies offering end-to-end encryption to weigh the consequences of this decision for child sexual abuse victims. And they may have to pay for the suffering that enables their new function.
Think of the children
Similar to the campaign for the FOSTA-SESTA bill that made websites liable for content related to prostitution, EARN IT supporters are trying to label the opponents of the bill as indifferent to child abuse.
"The Internet is full of pictures of children who have been brutally attacked and exploited and who are forced to endure pain for a lifetime after these photos and videos have been distributed online," said Sen. Blumenthal.
Blumenthal argued that technology companies should "deserve" the "exceptional special legal protection" they had under section 230. "Companies that don't adhere to basic standards that protect children from exploitation have betrayed the public trust they have been given through this special exception."
Wyden does not buy this argument, saying the government can do more to combat child abuse without compromising online security. The federal government has "spent years ignoring the law and millions of reports of the most heinous crimes against children," said Wyden.
"I will be offering laws in the coming days to dramatically increase the number of prosecutors and agents who chase child predators, to oblige a single person in the White House to be personally responsible for these efforts, and to provide mandatory funding to people to judge who can. " actually make a difference in this fight, "said Wyden.
TechFreedom, a libertarian advocacy group, argued that the EARN IT Act may not even achieve its primary goal of making children safer. "The EARN IT Act could make law enforcement work significantly more difficult by ending today's close cooperation between law enforcement agencies and technology companies," said Berin Szóka, President of TechFreedom.