In 2020, members of Congress introduced the EARN IT Act—an abbreviation for the full name, which was the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act. The act proposed a national commission for developing best practices for the elimination of child sex-abuse material (CSAM). It also stated that any online platforms hosting such material would lose the protection of Section 230 of the Communications Decency Act, which gives electronic service providers immunity from prosecution for most of the content that is posted by their users.
The bill immediately came under fire from a number of groups—including the Electronic Frontier Foundation and the Freedom of the Press Foundation—who argued that it failed on a number of levels. Mike Masnick, of Techdirt, wrote that Section 230 doesn’t actually protect electronic platforms from liability for illegal content such as CSAM, so passing a law exempting them from that protection is redundant and unnecessary. Critics of the bill also said it might pressure online services to stop offering end-to-end encryption, used by activists and journalists around the world, because using encryption is a potential red flag for those investigating CSAM.
In the end, the bill was dropped. But it was resurrected earlier this year, reintroduced by senators Richard Blumenthal and Lindsey Graham (the House has revived its version as well), and many critics of the original say the current version is just as worrisome, if not moreso. Joe Mullin, a policy analyst for the Electronic Frontier Foundation wrote that the bill would still “pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe.” Further, Mullin writes, the act would enable “private actors to scan every message sent online and report violations to law enforcement,” and potentially allow anything hosted online—including backups, websites, cloud-stored photos, and more—to be scanned by third parties.
“Make no mistake,” Riana Pfefferkorn, a research fellow at the Stanford Internet Observatory, wrote at Stanford’s Center for Internet and Society. “This was a dangerous bill two years ago, and because it’s doubled down on its anti-encryption stance, it’s even more dangerous now.” By threatening tech companies with litigation for not doing enough to fight CSAM on their services, Pfefferkorn wrote, EARN IT “would do a lot of damage to innocent internet users who have broken no law”; if passed, she wrote, the act will result in companies “overzealously censoring lots of perfectly legal user speech just in case anything that could potentially be deemed CSAM might be lurking in there.”
This week, Article19, an international nonprofit that supports freedom of expression, published an open letter that it had sent to senators Dick Durbin and Chuck Grassley, who both serve on the Senate Judiciary Committee.In the letter, Article 19 expressed its strenuous opposition to the EARN IT Act, warning that the act makes it more likely platforms will “engage in overbroad censorship of online speech, especially content created by diverse communities, including LGBTQ individuals, whose posts are disproportionately labeled as sexually explicit.” By opening the door to potential liability for encrypted content, Article19 says the act “would strongly disincentivise providers from providing strong encryption.”
When the original version of the bill came out, Runa Sandvik, who has worked on security for journalists at the New York Times and the Freedom of the Press Foundation, noted at TechCrunch that the bill, while intended to combat “a horrific crime,” nevertheless “introduces significant harm to journalists’ ability to protect their sources.” Tim Cushing, writing for Techdirt around the same time, said that if you remove encryption from online networks and services, “you make it that much easier to expose journalists’ sources and snoop on their communications.” This isn’t just an existential threat but a very real one, Cushing said, given that several different administrations have tried to crack down on those who leak documents to journalists. Techdirt’s Masnick has argued in multiple recent posts that the updated version of the EARN IT act has made these aspects of the bill even worse.
Here’s more on electronic privacy:
- See no evil: Because the EARN IT Act requires platforms to take action if they are aware of CSAM, argues Techdirt’s Masnick, the act risks incentivizing platforms to moderate their content even less; that way, Masnick reasons, they could claim that they didn’t know about it. “The senators seem to think that if you remove Section 230 for a type of law-violating content, that magically means that website will be liable for that content,” Masnick writes. “The problem is that this is not how any of this actually works.”
- Home Office: The UK Home Office is pushing for new powers under that country’s proposed Online Safety Bill that would require internet companies to monitor for “legal but harmful” user content in addition to more obviously illegal content, the Financial Times reports. If the proposals go forward, the paper says, “communications regulator Ofcom would be granted powers to demand from tech companies a higher level of proactive monitoring, rather than merely relying on their users to report abusive or offensive material.”
- Apple plans: After announcing last August that it planned to scan users’ phones for photos that might fit the definition of CSAM, a move that received widespread criticism from a number of privacy groups, Apple said it was taking some time to reconsider its plan, and subsequently removed any mention of it from its website, according to MacRumors. However, an Apple spokesman said in December that despite removing any mention of the feature, its “plans for CSAM detection have not changed,” and that scanning of content on users’ phones will be rolled out in the near future.
Other notable stories:
- Mark Zuckerberg, CEO of Meta (formerly Facebook), announced Wednesday in a blog post that he has appointed Nick Clegg, the former deputy prime minister of Britain, to be the company’s president of global affairs. Clegg joined Facebook in 2018 as vice-president of global affairs and communications. Zuckerberg said that Clegg would be responsible for all policy matters, “including how we interact with governments as they consider adopting new policies and regulations, as well as how we make the case publicly for our products and our work.” One British politician responded, “If Nick Clegg is the answer, you know you’re in trouble.”
- The judge that rejected Sarah Palin’s lawsuit against the New York Times did so before the jury had reached its decision in the case, but he allowed them to keep deliberating so that their verdict could be considered in any appeal. According to Bloomberg, however, several jurors found out about his decision before they reached their own because they got pop-up notifications on their smartphones. A clerk reportedly informed the judge that “at most three” jurors knew his ruling before they delivered their verdict, although all three claimed that the news did not influence their decision to find the Times not guilty.
- Britain’s Supreme Court dismissed an appeal by Bloomberg on Wednesday in a landmark privacy case. “The judges ruled that a person under criminal investigation has a reasonable expectation of privacy until they are actually charged with a crime,” Reuters reported. “Bloomberg reported in 2016 that a US citizen who worked for a regional division of a listed company operating overseas had been interviewed by a UK law enforcement body as part of an investigation into allegations of fraud, bribery and corruption at the company.”
- Phelim Kine writes for Politico about the potential security risks inherent in Otter.ai, a popular tool many journalists use to transcribe interviews. “Even savvy, skeptical journalists who take robust efforts to protect sources have found themselves in the thrall of Otter, a transcription app powered by artificial intelligence, and which has virtually eliminated the once-painstaking task of writing up interview notes,” writes Kine. “That’s an overlooked vulnerability that puts data and sources at risk, say experts.”
- Markus Dohle, the chief executive of Penguin Random House, will personally donate at least $500,000 to the free-speech organization PEN America in an effort to combat book banning in the United States, according to a report from the New York Times on Wednesday. “Dohle said in an interview that he hoped others would follow suit, donating to the newly created Dohle Book Defense Fund, which will provide support to communities where books are being challenged.” Raised in Germany after World War II, Dohle said he grew up aware of “the dark times and the dark history of the country.”
- Ken Kurson, who was the editor of the New York Observer when it was owned by Jared Kushner, pleaded guilty Wednesday to cyberstalking charges in New York state, according to the Associated Press. “Manhattan prosecutors said they will withdraw Ken Kurson’s misdemeanor counts of attempted computer trespass and attempted eavesdropping in a year if he performs 100 hours of community service and stays out of trouble,” the wire service reported. Kurson was charged in a similar federal case for hacking his wife’s online accounts and sending threatening messages, but was pardoned by Donald Trump.
- According to a report in The Guardian, Rupert Murdoch’s publishing arm, News UK, is considering turning some of the photos, cartoons, and front pages from its newspapers, the Times and the Sun, into NFTs. Under the plan, “tens of thousands of physical images, such as exclusive pictures of the Queen, to front pages such as ‘It’s The Sun Wot Won it!’, to Freddie Starr Ate My Hamster, could be given a lucrative second life as exclusive digital collectibles the public could buy and trade,” the Guardian said.