Kristin Kowalski Ferragut
Validating my Children’s Concerns: A Deep Dive Into The EARN IT Act 2022
It was the late 1980s and I was fired up about Parental Advisory Stickers and threats of censorship affecting my music. Tipper Gore was my nemesis; Jello Biafra, my hero. Tipper Gore, founder of the Parents Music Resource Center (PMRC), spearheaded efforts to place Parental warnings on albums. Jello Biafra, lead singer of the Dead Kennedys and spoken word artist, who himself was prosecuted on obscenity charges that were dismissed following a deadlocked jury, argued against such warnings, along with many other musicians. In the end, most record companies opted to place warning stickers on albums voluntarily. Some suffered through this controversy and some interesting considerations came out of the fight, but it’s not the primary subject of this post. The EARN IT Act is (Eliminating Abusive and Rampant Neglect of Interactive Technologies Act), which attempts to combat child sexual abuse material.
In high school, so fired up by the potential ramifications of Parental Advisory warnings on albums, it mystified me how little any adult I ranted to seemed to care. From my current lens of a middle aged Mama of two kids, I can imagine thinking, “So what?” or even “Protecting children is always good,” and writing off my kids’ concerns. My response to the EARN IT Act has been similar. Over several dinner discussions in the past two weeks, my kids have been fired up. I’ve listened but fear I took it less than seriously. But seeing my adulthood in part as vindication of my childhood, I decided to research the EARN IT Act; to care, and to see if I can get behind my kids’ outrage.
My kids find much of their news on TikToc. I can’t judge. I get more than my share from Facebook. My daughter sent me the links to begin my research on the EARN IT Act. (I include what I think is the best of them in the reference list below.) The speaker at underthedesknews reports that the EARN IT Act, “...would end end-to-end encryption of all websites so police could decrypt anything they wanted.” That sounds like a scary enough reason to be against the bill. But it’s not transparently accurate. Appreciating push back against regulations that may threaten free and private communication, I took a deep dive into laws, what encryption is, statistics on online child exploitation, and how photoDNA works. I share here what I consider the most pertinent information for evaluating the EARN IT Act.
The EARN IT Act attempts to protect children from child pornogrophy, that it relabels as “child sexual abuse material” (CSAM), in part by repealing liability protections extended to internet providers under Section 230 of U.S. Code 47 of 1996. It limits nothing in the Electronic Communications Privacy Act of 1986, which updated the Federal Wiretap Act of 1968. (I go back this far because that’s where my head is — worried about Big Brother, white men in black shades and fedora hats, tapping phones.) From my reading, it seems that the Electronic Communication Privacy Act of 1986 extends a similar level of privacy on the internet that one could expect in using the mail. Law enforcement officials need subpoenas, court orders, or search warrants to access private communications on the internet. This all seems to stay intact. Except that under the EARN IT Act internet providers may be held accountable for CSAM sent using their platforms. Thus internet providers may be pressured to monitor messages, no need for court orders or warrants.
Of course, internet providers are already required to report CSAM. Section 2258A of U.S. Code 18 passed in 2008 requires that internet providers report incidents of “online sexual exploitation” to the National Center for Missing and Expoited Children. This law includes a section, however, that specifically protects privacy and stipulates that providers do not have a responsibility to monitor, search, or scan for CSAM. The EARN IT Act may result in other guidelines.
Internet providers do report CSAM. A “Myths and Facts” document developed by the bill’s sponsors, Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) outline that Facebook reported 20 million cases and Amazon reported 2,235 cases in 2020. The numbers of incidents of CSAM are staggering and apparently many go undetected. It remains a profound problem that Congress and law enforcement should rightly be looking to eradicate. But it seems likely that pressuring internet platforms to do the police work may set dangerous precedents, potentially jeopardizing the privacy of innocent individuals using internet messaging for communication.
It’s difficult to be sure how much responsibility internet providers will be expected to shoulder in policing CSAM on their sites under EARN IT because part of what EARN IT does is to create a National Commission on Online Child Sexual Exploitation Prevention that will recommend best practices to providers. The providers would not be required to follow the best practices, although one may assume that not following the recommended best practices may be used against them in a court of law.
A primary concern with those in opposition to the law is the risk to end-to-end encryption. In part of its twenty-one pages (don’t worry, not so daunting; fully ten pages were simply devoted to amending “child pornography” to “child sexual abuse material” (CSAM) in every act, title, and verse) the bill states, “...none of the following actions…shall serve as an independent basis for liability of a provider… for a claim or charge… (i) The provider utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services.” That is not to say, however, that, should there be another reason to charge a provider as liable for wrongdoing in the handling of CSAM, that end-to-end encryption won’t be cited as an additional basis for arguing liability. That is also not to say that part of the Commission’s recommendations may not discourage end-to-end encryption.
The Commission will be comprised of nineteen members, including the Attorney General, Secretary of Homeland Security, Chairman of the Federal Trade Commission, and sixteen people appointed by given members of Congress. Of the nineteen members, “4 shall be individuals who each currently work for an interactive computer service.” So internet providers will have a seat at the table, but only fourteen of the nineteen members will need to agree to the best practices.
Slight infringements on rights tend to grow, so good to keep them in check. And the bill does leave room to imagine worst-case scenarios that might place pressure on internet companies to lax privacy protections. The concern is not in protecting privacy for those disseminating CSAM but the precedent of charging internet providers with actively policing messages to avoid liability if passed upon their servers. This may set a precedent that could result in deleterious implications for marginalized groups that may unfairly suffer scrutiny, perhaps LGBTQ groups or adults that communicate sexual material in messages legally but perhaps construed as “obscene” by authorities or communities, or whatever group the government may choose to target.
CSAM is so heinous a crime that I may be willing to forgo some liberty to stamp it out, like I’m willing to accept the regulations on air travel set by Transportation Security Administration in light of terrorism. (Although then again, I near-always opt to drive rather than fly.) But the EARN IT Act may have far-reaching implications for unintended individuals and groups in a platform that is increasingly essential to us all.
I do not have a solution. But I will dare to make two suggestions that may be immature; no source I referenced suggested them. I am not a legal scholar and may be missing something, but it seems to me, prior to passing a bill of this scope, it may make more sense for a Committee to be formed to brainstorm “best practices,” that then may be included in the legislation, so that people know what they are agreeing to. And secondly, were the bill amended to say that end-to-end encryption shall not “serve as a basis for liability of a provider” rather than “serve as an independent basis for liability,” perhaps we could feel more secure that the legislation would not encourage providers to end end-to-end encryption out of fear of litigation.
Early this month, the Senate Judiciary Committee unanimously approved the EARN IT Act. It must feel good for Congress to agree on something, to support something across party lines. And it’s hard to imagine a cause to feel more righteous in backing than protecting children from the worst of predatory crimes. But this bill seems to place the onus of combating illegal activity on independent companies that may be given recommendations to forego privacy protections, eradicating the security any of us feel in sending private communications on the internet. At various times in my research I updated my kids with, “I don’t think you have anything to worry about.” They were happy enough to be wrong. But after assessing all the information, I think my kids hold valid concerns. With that said, while I don’t support the EARN IT Act, I think that legislation is several steps away from directly threatening the privacy of innocent individuals.
Even if the EARN IT Act passes as is, it may take months for the Commission to be appointed and the Commission’s best practices to be determined. And it will likely take litigation to know how judges will interpret providers’ obligation in light of the EARN IT Act. That may take years. From there, it will be a leap for legislatures and law enforcement to apply the responsibilities of internet providers to supervise areas beyond sex trafficking and CSAM. The precedent of providers being responsible for information passed on their platforms is concerning, but I’ve offered my kids consolation that danger is not imminent.
Parental Advisory Sticker references:
“Deadlock in Biafra Trial Results in Dismissal,” LA Times, 1987, https://www.nytimes.com/1987/08/10/arts/singer-s-trial-on-nudity-in-album-begins-today.html#:~:text=Jello%20Biafra%2C%20the%20founder%20and,1985%20album%2C%20''Frankenchrist.
Harmetz, Aljean, “Singer’s Trial on Nudity in Album Begins Today,” New York Times, 1987, https://www.nytimes.com/1987/08/10/arts/singer-s-trial-on-nudity-in-album-begins-today.html#:~:text=Jello%20Biafra%2C%20the%20founder%20and,1985%20album%2C%20''Frankenchrist.
Kielty, Martin, “30 Years Ago Jello Biafra “Wins” Obscenity Trial,” Diffuser, 2017, https://diffuser.fm/jello-biafra-obscenity-trial/
Purdy, Elizabeth R., “Tipper Gore,” The First Amendment Encyclopedia, 2009, https://www.mtsu.edu/first-amendment/article/1268/tipper-gore
Senate Commerce Committee, Dee Snyder testimony, 1985, https://www.youtube.com/watch?v=S0Vyr1TylTE (Not referenced in my text but likable).
“Tipper Gore and Family Values,” All Things Considered, NPR, 2005 https://www.npr.org/templates/story/story.php?storyId=4279560
EARN IT References:
Baker, Steward, “The EARN IT Act Raises Good Questions About End-to-End Encryption,” Lawfare, 2020 https://www.lawfareblog.com/earn-it-act-raises-good-questions-about-end-end-encryption
Blackburn and Colleagues EARN IT Act Closer to Becoming Law, Marsha Blackburn, U.S. Senator from Tennesse 2022 https://www.blackburn.senate.gov/2022/2/blackburn-colleagues-earn-it-act-closer-to-becoming-law
“The Earn It Act of 2022 ‘Myths and Facts’ Document, Electric Frontier Foundation https://www.eff.org/document/earn-it-act-myths-and-facts-document
Fung, Brian, “A Controversial Bill to Protect Kids Online Just Advanced in the Senate, Here’s What You Should Know,” CNN Business, 2022 https://www.cnn.com/2022/02/11/tech/earn-it-act-senate/index.html
Carnevale, Charlotte, “Meet the Safety Team,” Facebook Safety https://m.facebook.com/nt/screen/?params=%7B%22note_id%22%3A407308153769287%7D&path=%2Fnotes%2Fnote%2F&_rdr
EARN IT Act, Congress.gov, 2022 https://www.congress.gov/bill/117th-congress/senate-bill/3538/text?r=1&s=1
Electronic Communications Privacy Act of 1986 (ECPA), Bureau of Justice Assistance https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285
Mullin, Joe, “It’s Back: Senators Want EARN IT Bill to Scan All Online Messages,” Electronic Frontier Foundation, 2022 https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages
Pfefferkorn, Riana, “The EARN IT Act is Back, and It’s More Dangerous Than Ever,” The Center for Internet at Society, 2022 http://cyberlaw.stanford.edu/blog/2022/02/earn-it-act-back-and-it%E2%80%99s-more-dangerous-ever
Roszensweig, Paul, “The Law and Policy of Client-Side Scanning,” Lawfare, 2020 https://www.lawfareblog.com/law-and-policy-client-side-scanning
Section 2258A of U.S. Code 18, Legal Information Institute, Cornell Law School https://www.law.cornell.edu/uscode/text/18/2258A
underthedesknews, #earnitact explained, TikToc https://www.tiktok.com/foryou?_r=1&_t=8PvNnfAi219&is_from_webapp=v1&item_id=7061990854973639983#/@underthedesknews/video/7061990854973639983
Wyrich, Andrew, “The EARN IT Act is Back and Ready to Destroy Section 230,” Daily Dot, 2022 https://www.dailydot.com/debug/the-earn-it-act-is-back-and-ready-to-destroy-section-230/
Zakrzewski, Cat, “A Bill Aiming to Protect Children Online Reignites a Battle Over Privacy and Free Speech,” The Washington Post, 2022, https://www.washingtonpost.com/technology/2022/02/10/senators-earn-it-privacy-children-safety/
Photo by Towfique Barbhuiya on Unsplash