The day before a committee debate and vote on the EARN IT Act, the bill’s sponsors replaced their bill with an amended version. Here’s their new idea: instead of giving a 19-person federal commission, dominated by law enforcement, the power to regulate the Internet, the bill now effectively gives that power to state legislatures.
And instead of requiring that Internet websites and platforms comply with the commission’s “best practices” in order to keep their vital legal protections under Section 230 for hosting user content, it simply blows a hole in those protections. State lawmakers will be able to create new laws allowing private lawsuits and criminal prosecutions against Internet platforms, as long as they say their purpose is to stop crimes against children.
The whole idea behind Section 230 is to make sure that you are responsible for your own speech online—not someone else’s. Currently, if a state prosecutor wants to bring a criminal case related to something said or done online, or a private lawyer wants to sue, in nearly all cases, the prosecutor has to seek out the actual speaker. They can’t just haul a website owner into court because of the user’s actions. But that will change if EARN IT passes. That’s why we sent a letter [PDF] yesterday to the Senate Judiciary Committee opposing the amended EARN IT bill.
Section 230 protections enabled the Internet as we know it. Despite the politicized attacks on Section 230 from both left and right, the law actually works fine. It’s not a shield for Big Tech—it’s a shield for everyone who hosts online conversations. It protects small messaging and email services, and every blog’s comments section.
Once websites lose Section 230 protections, they’ll take drastic measures to mitigate their exposure. That will limit free speech across the Internet. They’ll shut down forums and comment sections, and cave to bogus claims that particular users are violating the rules, without doing a proper investigation. We’ve seen false accusations succeed in silencing users time and again in the copyright space, and even used to harass innocent users. If EARN IT passes, the range of possibilities for false accusations and censorship will expand.
EARN IT Still Threatens Encryption
When we say the original EARN IT was a threat to encryption, we’re not guessing. We know that a commission controlled by Attorney General William Barr will try to ban encryption, because Barr has said many times that he thinks encrypted services should be compelled to create backdoors for police. The Manager’s Amendment, approved by the Committee today, doesn’t eliminate this problem. It just empowers over 50 jurisdictions to follow Barr’s lead in banning encryption.
An amendment by Sen. Patrick Leahy (D-VT), also voted into the bill, purports to protect encryption from being the states’ focus. It’s certainly an improvement, but we’re still concerned that the amended bill could be used to attack encryption. Sen. Leahy’s amendment prohibits holding companies liable because they use “end-to-end encryption, device encryption, or other encryption services.” But the bill still encourages state lawmakers to look for loopholes to undermine end-to-end encryption, such as demanding that messages be scanned on a local device, before they get encrypted and sent along to their recipient. We think that would violate the spirit of Senator Leahy’s amendment, but the bill opens the door for that question to be litigated over and over, in courts across the country.
And again, this isn’t a theoretical problem. The idea of using “client-side scanning” to allow certain messages to be selected and sent to the government, circumventing the protections of end-to-end encryption, is one we’ve heard a lot of talk about in the past year. Despite the testimonials of certain experts who have sided with law enforcement, the fact is, client-side scanning breaks the protections of encryption. The EARN IT Act doesn’t stop client-side scanning, which is the most likely strategy for state lawmakers who want to use this bill to expand police powers in order to read our messages.
And it will only take one state to inspire a wave of prosecutions and lawsuits against online platforms. And just as some federal law enforcement agencies have declared they’re opposed to encryption, so have some state and local police.
The previous version of the bill suggested that if online platforms want to keep their Section 230 immunity, they would need to “earn it,” by following the dictates of an unelected government commission. But the new text doesn’t even give them a chance. The bill’s sponsors simply dropped the “earn” from EARN IT. Website owners—especially those that enable encryption—just can’t “earn” their immunity from liability for user content under the new bill. They’ll just have to defend themselves in court, as soon as a single state prosecutor, or even just a lawyer in private practice, decides that offering end-to-end encryption was a sign of indifference towards crimes against children.
Offering users real privacy, in the form of end-to-end encrypted messaging, and robust platforms for free speech shouldn’t produce lawsuits and prosecutions. The new EARN IT bill will do just that, and should be opposed.