One nice thing about democracy is that—at least in theory—we don’t need permission to speak freely and privately. We don’t have to prove that our speech meets the government’s criteria, online or offline. We don’t have to “earn” our rights to free speech or privacy.

Times have changed. Today, some U.S. senators have come to the view that speech in the online world is an exceptional case, in which website owners need to “earn it”—whether they intend to carefully moderate user content, or let users speak freely. In 2020, two Senators introduced a bill that would limit speech and security online, titled the EARN IT Act, which is also an acronym that stands for “Eliminating Abusive and Rampant Neglect of Interactive Technologies.”  

Using crimes against children as an excuse to blow a hole in critical legal protections for online speech, Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) co-sponsored this law. The original EARN IT Act created a 19-person government commission, stacked with seats reserved for law enforcement, that would create “best practices” for online platforms to follow. This wouldn’t have just targeted big websites like Facebook—the new rules would apply to a local news websites, hobby blogs, and email services, among other online services. Anyone who didn’t follow the “best practices” would lose critical legal protections and could be held liable, or prosecuted, for the actions of the people who use their services. 

It’s clear what practices law enforcement want Internet companies and website hosts to adopt. U.S. Attorney General William Barr has said it repeatedly—in his view, law enforcement agencies should always have access to encrypted communications. But as we’ve explained over and over again, encryption with a “backdoor” is just broken encryption. It doesn’t matter if you call the means of accessing encryption “client side scanning” or “endpoint filtering” or anything else. Backdoors don’t just get used by good guys, either. Authoritarian governments and criminals are always interested in reading other peoples’ messages. 

The structure of the EARN IT Act was designed to allow Internet speech to be monitored by law enforcement. It would have let law enforcement agencies, from the FBI down to local police, to scan every message sent online. Any company that didn’t grant law enforcement legal access to any digital message (a “best practice” sure to have been mandated by the commission) would be subject to lawsuits or even criminal prosecutions. If it had passed, the bill would have been devastating to both privacy and free expression. That’s because without liability protections, websites will censor and regulate user speech, or even eliminate certain categories for speech altogether. 

But the original bill didn’t even advance out of committee—because public outcry against it was overwhelming. The law as proposed was so unpopular, the EARN IT Act was amended to reduce the power of the government commission. Rather than creating an authoritative law enforcement-dominated commission, the new version of the EARN IT Act establishes the same commission, but simply makes it “advisory.” Instead, the bill gives the power to regulate the Internet to state legislatures. 

This amended EARN IT Act isn’t any better than the original, and in some ways is even worse. It gives wide berth to legislatures in all 50 states, as well as U.S. territories, to regulate the Internet in just about any way they want—as long as the nominal purpose is to stop the online abuse of children. The Senate Judiciary Committee also passed an amendment that purported to protect end-to-end encryption from being violated by the states. That amendment was a worthy nod to the outpouring of concern for the fate of encryption that this surveillance bill had prompted, but it doesn’t go far enough. 

Section 230 Will Be Flogged Until Morale Improves

Looking beyond encryption, the other real target here was Section 230 (47 U.S.C. §230), a law that has been falsely maligned as providing special protection to Big Tech companies. In reality, Section 230 protects the speech and security of everyday Internet users.

Lawmakers in Congress filled the final months of 2020 with ideas about how to weaken Section 230, a federal law that is simply not broken. The PACT Act was an effort to address the dominance of the biggest online platforms, but would end up censoring users and entrenching the dominance of the biggest platforms. Another late 2020 proposal, the Online Content Policy Modernization Act, was simply an unconstitutional mess

These ideas are going to keep coming back in 2021. There’s justifiable criticism of Big Tech, but it’s led many politicians into misguided attempts to control online speech, or give police more power to control and surveil the Internet. If a wrongheaded proposal to gut Section 230 passes, the collateral damage could be severe.  

We all know there are serious problems in the online world, like disinformation, hateful speech, and eroded privacy. By and large, the big problems aren’t related to Section 230, which still fulfills its goal of protecting user speech. The big problems exist because a few tech companies have too much power. Giant tech companies act increasingly like monopolies. Their content moderation systems are broken

We do need new solutions to these problems. And they’re out there: we need to think about beefing up antitrust enforcement, reforming anti-competitive laws like the CFAA, creating strong privacy regulations, freeing user data by making it portable, and creating opportunities for competitive compatibility.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2020.