Earlier this week, Sen. Richard Blumenthal (D-Conn.) and Sen. Lindsey Graham (R-S.C.) reintroduced the EARN IT Act, a bill that targets Section 230 of the Communications Decency Act, which was heavily criticized when it was first introduced in 2020.
Much like its first iteration, the newly introduced version of the bill is also facing widespread condemnation. That criticism is coming from public interest groups, internet rights organizations, and even members of Congress.
The bill would chip away at Section 230 by removing that immunity for state and federal civil laws and state criminal laws regarding child sexual abuse material (CSAM), according to Protocol. Section 230 shields all websites with user-generated content from being liable over what users post on it and has been a bedrock of the modern internet.
It would also establish a National Commission on Online Child Sexual Exploitation Prevention with members of the Department of Justice and other agencies that would develop “best practices” for companies to follow. While the older version of the EARN IT Act made those best practices mandatory for receiving Section 230 protections, the new bill makes it voluntary, as Protocol notes.
Those “best practices” are a major sticking point, with critics pointing out that the Department of Justice has long sought to have back doors into encryption. When the first bill was introduced, critics said it was likely one of the “best practices” would be a back door into encryption.
Other critics have noted that the last time Congress chipped away at Section 230—when it passed the highly controversial SESTA/FOSTA bills—the results were “disastrous.”
However, as experts have said, much of the newly introduced EARN IT Act is the same as the older version. But besides the best practices—which, even if they are voluntary would almost assuredly be followed by companies—it still “paints a target” on encryption.
While the bills’ sponsors attempted to patch up the criticisms that have been raised regarding encryption—specifically saying that can not serve as an “independent basis for liability”—it still leaves the door open for websites that use encryption to have cases brought up against it.
The Center for Democracy & Technology notes that Section 230 protections would be revoked under state criminal and civil claims regarding CSAM. Offering encryption cannot be the “independent basis” for a claim, but can be part of a claim. Overall, CDT says, the expanded risk of lawsuits over user-generated content would cause websites to over moderate and disincentivize them from offering encrypted services.
CDT argued that the new bill “in some cases makes things worse” than the earlier version of it.
“The EARN IT Act paints a target on the backs of providers who offer end-to-end encrypted services,” CDT’s President and CEO Alexandra Reeve Givens said in a statement. “Internet users rely on encrypted services to communicate safely online. Without encryption, activists planning a march, journalists communicating with sources, patients sending messages to health professionals, and even children talking with their parents would face increased risk that their private and sensitive communications will be exposed. By creating a massive disincentive for providers to offer encrypted services, the EARN IT Act will make us all less safe.”
The pushback to the re-introduced bill was widespread.
Sen. Ron Wyden (D-Ore.), one of the co-authors of Section 230 who called earlier iterations of the EARN IT Act “horrendous,” called the latest version “sadly misguided” in a statement released on Wednesday.
“This sadly misguided bill will not protect children. It will not stop the spread of vile child exploitation material or target the monsters that produce it. And it does not spend a single dollar to invest in prevention services for vulnerable children and youth or help victims and their families by providing evidence-based and trauma-informed resources,” the senator said. “Instead, the EARN IT Act threatens the privacy and security of law-abiding Americans by targeting any form of private, secure devices and communication. As a result, the bill will make it easier for predators to track and spy on children and also harm the free speech and free expression of vulnerable groups.”
Various other internet rights, human rights, and public interest groups also slammed the bill.
“The EARN It Act goes even farther, giving platforms one of two options: quit moderating content altogether, or enforce invasive content moderation with outsized impacts on LGBTQ people and other marginalized communities. As Democrats, we need to think critically about the harm this legislation could do to groups that have a long history of being excluded and overlooked,” Chamber of Progress CEO Adam Kovacevich said in a statement.
Similarly, Evan Greer, the director of Fight for the Future, said in a statement that SESTA/FOSTA has a “body count” and urged lawmakers to investigate the “harm done by their last tinkering with Section 230.”
Fight for the Future launched a petition against the previous version of the bill that garnered around 500,000 signatures from people online urging members of Congress to “reject the dangerous EARN IT Act.”
“The EARN IT Act also takes aim at end-to-end encryption, which is one of the most important technologies keeping people safe from violence and abuse. Strong encrypted messaging also protects our hospitals, schools, airports, and water treatment facilities. Disincentivizing popular services from offering strong encryption to users will put lives in danger for absolutely no benefit,” Greer said in a statement.
Despite the widespread condemnation, the Senate Judiciary Committee—which both Blumenthal and Graham serve on—has already scheduled a markup of the bill for tomorrow.
This post has been updated.