The EARN IT Act (S. 3538) is a proposed legislation first introduced in 2020 in the United States Congress. It aims to amend Section 230 of the Communications Act of 1934, which allows operators of websites to remove user-posted content that they deem inappropriate, and provides them with immunity from civil lawsuits related to such posting. Section 230 is the only surviving portion of the Communications Decency Act, passed in 1996.
A number of events in the 2010s led lawmakers to question the legal freedom that website operators have, and among other legislation options, the EARN IT Act was proposed to alter Section 230's protections and put more responsibility on website operators. While it initially failed to pass in 2020, it was reintroduced in 2022 and for a third time in 2023.
Section 230 was introduced as an amendment with the 1996 Communications Decency Act (CDA) that sought to amend the Communications Act of 1934. Section 230 was introduced by Senators Christopher Cox and Ron Wyden after seeing news of a pair of lawsuits, Cubby, Inc. v. CompuServe Inc. and Stratton Oakmont, Inc. v. Prodigy Services Co., which ruled very differently for two interactive computer services on the matter of their liability for user content solely because Prodigy moderated its content and CompuServe did not.[1][2] The intent of Section 230 was to provide the same metaphor that ISPs were simply distributors of materials like booksellers, rather than publishers, and thus should not be responsible for the content they distribute for fear of creating a chilling effect on free speech.[3]
Section 230 contained two primary clauses that apply to any "interactive computer service" such as a website, an ISP, or similar content provider.
Section 230(c)(1) states simply that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."
Section 230(c)(2) is considered the "Good Samaritan clause," that as long as any service provider or user finds any content "obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable", constitutionally protected or otherwise, they may take actions in good faith to restrict said content.
The CDA passed and was signed into law, but it was immediately challenged in the court system under Reno v. American Civil Liberties Union. The case concluded in 1997, ruling that all of the CDA excluding Section 230 was unconstitutional.[4]
Section 230 itself was challenged in other cases, but case law established its constitutionality, primarily with Zeran v. America Online, Inc. in 1997, in which the Fourth Circuit stated that Congress had recognized the threat of tort-based challenges to the growing Internet and properly provided the liability protections that ISPs needed to sustain operations.[5] Since then, Section 230 has generally survived all subsequent legal challenges, and the ability for the Internet to grow at a great pace has been attributed to it. Congress has passed one law that has impacted Section 230, the FOSTA-SESTA Act in 2018 that specifically removed liability protection from services that did not take actions against users knowingly involved in sex exploitation of children or sex trafficking.[6]
Events leading to EARN IT
The 2016 United States presidential election drew concerns about possible Russian interference in the elections. In the wake of various allegations, the U.S. government, then with a Republican leadership, started questioning the role of the Big Tech companies—Google, Apple, Microsoft, and Facebook—as well as other social media sites like Twitter in moderating content. They faced increased pressure to address misinformation, hate, and violent content on their sites.[7] Social media sites took steps to moderate content[8] and, under their Section 230 allowance, blocked accounts they had deemed to violate their terms of service, most of which had come out of alt- and far-right groups. This led Republican lawmakers to claim that these sites were using Section 230 immunity to create a bias.[9][10][11] Senator Ted Cruz argued that section 230 should only apply to providers that are politically "neutral", suggesting that a provider "should be considered to be a liable 'publisher or speaker' of user content if they pick and choose what gets published or spoke."[12] Senator Josh Hawley alleged that Section 230 immunity was a "sweetheart deal between big tech and big government".[13][14]
Legislation
The bill, as amended,[15] would create a National Commission On Online Child Sexual Exploitation Prevention, a 19-member panel. The Attorney General, the Secretary of the Department of Homeland Security, and the Chairman of the Federal Communications Commission (or their representatives) would serve as three of the members, while the remaining 16 are selected by the majority and minority leaders of both the House and Senate from experts in investigating child exploitation, assisting those that have been exploited as children, consumer protections, and computer security, including representatives from computer services. The Commission once formed will develop and continually update a Best Practices document aimed to provide guidance to service providers to help them to prevent child exploitation and aid in investigation of such crimes.
The bill also crafts two additional changes to Section 230(c)(2)'s liability, allows any state to bring a lawsuit to service providers if they fail to deal with child sexual abuse material on their service.
Finally, the bill replaces nearly all instances of the wording "child pornography" in existing laws with "child sexual abuse material".
The National Center for Missing and Exploited Children endorsed the EARN IT Act on March 5, 2020, writing that "it provides ESPs [electronic service providers] with a roadmap to adopt specific, consistent best practices developed by industry and subject matter experts to prevent, reduce, and respond to the online sexual exploitation of children".[23] On the same day, the National Center on Sexual Exploitation, an anti-pornography organization, praised the act as "the best piece of accountability in the tech space since the passage of FOSTA-SESTA in 2018, which makes it illegal for interactive computer services to knowingly facilitate sex trafficking".[24]
A coalition of 25 organizations, including FreedomWorks and the Wikimedia Foundation, published an open letter on March 6, 2020, expressing "strong opposition" to the EARN IT Act, citing perceived conflicts with the First and Fourth Amendments.[25][26] The EARN IT Act was also criticized by the Electronic Frontier Foundation as "a direct threat to constitutional protections for free speech and expression" on January 31,[27][28] by Human Rights Watch as a bill that "falsely suggests that we must choose between protecting children and protecting other fundamental rights, including privacy and free expression" on June 1,[29][30] and by the American Civil Liberties Union, which stated that "the EARN IT Act will undermine the privacy of every single American, stifle our ability to communicate freely online, and harm LGBTQ people, sex workers, and protesters" on July 1.[31][32] Opponents of the EARN IT Act argued that some of the "best practices" would most likely include a backdoor for law enforcement into any encryption used on the site, in addition to the dismantling of Section 230's approach, based on commentary made by members of the federal agencies that would be placed on this commission. For example, former Attorney General Barr has extensively argued that the use of end-to-end encryption by online services can obstruct investigations by law enforcement, especially those involving child exploitation and has pushed for a governmental backdoor into encryption services. The Senators behind EARN IT have stated that there is no intent to bring any such encryption backdoors with this legislation;[33] according to The Washington Post, Richard Blumenthal said that "lawmakers wouldn't offer a blanket exemption to using encryption as evidence, arguing companies might use it as a 'get-out-of-jail-free card.'"[34][35]
In February 2022, 60 privacy and human rights groups sent a letter to lawmakers expressing opposition to the EARN IT Act.[36]
Kir Nuthi, former Public Affairs Manager for NetChoice, explained in Slate that compelling all internet services to proactively monitor for child sexual abuse material could make it inadmissible as evidence under the Fourth Amendment due to the Exclusionary rule, as it was not collected voluntarily.[37]
Members of Congress
In a statement following the Senate Judiciary Committee's unanimous passage of the bill, Graham praised the bipartisanship against the "scourge of child sexual abuse material and the exploitation of children on the internet."[38] Further, he asserted that social media companies and internet service providers would be able to defend themselves in a civil suit as long as they employ "the best business practices."[38][non-primary source needed]
Wyden was critical of the bill, calling it "a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned."[16][39] Graham stated that the goal of the bill was "to do this in a balanced way that doesn't overly inhibit innovation, but forcibly deals with child exploitation."[40] As an implicit response to EARN IT, Wyden along with House Representative Anna G. Eshoo proposed a new bill, the Invest in Child Safety Act, in May 2020 that would give US$5 billion to the Department of Justice to give additional manpower and tools to enable them to address child exploitation directly rather than to rely on technology companies to rein in the problem.[41]
Technical implications
While the language of the proposed bill does not directly mention encryption, security experts anticipate that it will be addressed in committee recommendations should the bill pass. These recommendations may include requiring any online service that provides end-to-end encryption to begin including backdoors that would allow government or law enforcement to read private communications.[42] Many companies with strong security use end-to-end encryption on data transmitted between the company and the consumer. This encryption also means, by definition, that no-one, including governments, is able to scan this data for child sexual abuse material and other prohibited content before it reaches its destination. Some experts worry that companies may eliminate encryption on their online platforms because they fear civil and criminal liability if they are unable to prevent such content from being posted on their platforms.[43] These experts argue that the proposed bill could discourage the use of encryption, resulting in less secure personal data that may be more easily accessible to hackers.[44] Other experts have gone a step further, arguing that any barriers to the use of encryption will result in a more dangerous and less free internet.[45][46]