EFF: Congress Must Stop the Graham-Blumenthal Anti-Security Bill
There’s a new and serious threat to both free speech and security online. Under a draft bill that Bloomberg recently leaked, the Attorney General could unilaterally dictate how online platforms and services must operate. If those companies don’t follow the Attorney General’s rules, they could be on the hook for millions of dollars in civil damages and even state criminal penalties.
The bill, known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, grants sweeping powers to the Executive Branch. It opens the door for the government to require new measures to screen users’ speech and even backdoors to read your private communications—a stated goal of one of the bill’s authors.
Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT) have been quietly circulating a draft version of EARN IT. Congress must forcefully reject this dangerous bill before it is introduced.
EARN IT Is an Attack on Speech
EARN IT undermines Section 230, the most important law protecting free speech online. Section 230 enforces the common-sense principle that if you say something illegal online, you should be the one held responsible, not the website or platform where you said it (with some important exceptions).
We know how Barr is going to use his power on the “best practices” panel: to break encryption.
Section 230 has played a crucial role in creating the modern Internet. Without it, social media as we know it today wouldn’t exist, and neither would the Internet Archive, Wikimedia, and many other essential educational and community resources. And it doesn’t just protect tech platforms either: if you’ve ever forwarded an email, thank Section 230 that you could do that without inviting legal risk on yourself.
EARN IT would establish a “National Commission on Online Child Exploitation Prevention.” This Commission would include the Chairman of the Federal Trade Commission, the Attorney General, the Secretary of Homeland Security, and 12 other members handpicked by leaders in Congress. The Commission would be tasked with recommending “best practices for providers of interactive computer services regarding the prevention of online child exploitation conduct.” But far from mere recommendations, those “best practices” would bring the force of law. Platforms that failed to adhere to them would be stripped of their Section 230 protections if they were accused (either in civil or criminal court) of carrying unlawful material relating to child exploitation.
Laws relating to restrictions on speech must reflect a careful balance of competing policy goals and protections for civil liberties. Lawmakers can only strike that balance through an open, transparent lawmaking process. It would be deeply irresponsible for Congress to offload that duty to an unelected and unaccountable commission.
It gets worse. If the Attorney General disagrees with the Commission’s recommendations, he can override them and write his own instead. This bill simply gives too much power to the Department of Justice, which, as a law enforcement agency, is a particularly bad choice to dictate Internet policy.
EARN IT is a direct threat to constitutional protections for free speech and expression. To pass constitutional muster, a law that regulates the content of speech must be as narrowly tailored as possible so as not to chill legitimate, lawful speech. Rather than being narrowly tailored, EARN IT is absurdly broad: under EARN IT, the Commission would effectively have the power to change and broaden the law however it saw fit, as long as it could claim that its recommendations somehow aided in the prevention of child exploitation. Those laws could change and expand unpredictably, especially after changes in the presidential administration.
If you’d like a preview of what types of measures the Attorney General might demand platforms adhere to, it’s worth examining what the current AG has already said platforms should be forced to do.
EARN IT Is an Attack on Security
Throughout his term as Attorney General, William Barr has frequently and vocally demanded “lawful access” to encrypted communications, ignoring the bedrock technical consensus that it is impossible to build a backdoor that is only available to law enforcement. Barr is far from the first administration official to make impossible demands of encryption providers: he joins a long history of government officials from both parties demanding that encryption providers compromise their users’ security.
We know how Barr is going to use his power on the “best practices” panel: to break encryption. He’s said, over and over, that he thinks the “best practice” is to always give law enforcement extraordinary access. So it’s easy to predict that Barr would use EARN IT to demand that providers of end-to-end encrypted communication give law enforcement officers a way to access users’ encrypted messages. This could take the form of straight-up mandated backdoors, or subtler but no less dangerous “solutions” such as client-side scanning. These demands would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their own users’ security, making all of us more vulnerable to criminals.
If you need more evidence that EARN IT is a thinly veiled attack on your right to secure and private communications, take note of one more subtle change it would bring to the law. Under EARN IT, a plaintiff would no longer be required to prove that a defendant actually knew about sexual exploitation in order to win a lawsuit against them. The plaintiff would only be required to prove the defendant acted “recklessly.” Lowering this standard opens the door wide to lawsuits based simply on providing secure, end-to-end-encrypted communications channels—a practice the Attorney General has characterized as “irresponsible”—which could be used to argue that encryption providers are acting “recklessly.”
EARN IT Is an Attack on Innovation
Weakening Section 230 makes it much more difficult for a startup to compete with the likes of Facebook or Google. Giving platforms a legal requirement to screen or filter users’ posts makes it extremely difficult for a platform without the resources of the big five tech companies to grow its user base (and of course, if a startup can’t grow its user base, it can’t get the investment necessary to compete).
While we don’t know exactly what speech moderation requirements a Commission would come up with, it’s worth considering how EARN IT stacks the deck, with a paltry two members representing “small” (under 30 million users!) platforms and no one with expertise in free speech and civil liberties. Such a stacked Commission is likely to make recommendations that favor large tech companies.
Imagine the scrappy, would-be inventor of a new alternative to Facebook having to first convince the United States government to change its rules before she can even launch a beta app.
But even if the Commission were staffed more evenly, its rules would likely still confound new innovation in the Internet space. That’s because when it comes to online platforms and services, it’s very difficult to craft regulation that can adapt to new business models. Part of the beauty of Section 230 is that it’s enabled business models and types of services that didn’t exist yet when it passed in 1996. When Congress passed Section 230, no one had imagined Wikipedia. If Congress had implemented a detailed list of requirements for how platforms must be run in order to enjoy Section 230 protections, then Wikipedia would likely be illegal.
Sure, the Commission (or more accurately, the Attorney General) would be able to update the best practices, but how could they update them to allow a product that doesn’t exist yet? Imagine the scrappy, would-be inventor of a new alternative to Facebook having to first convince the United States government to change its rules before she can even launch a beta app.
There’s a common misconception that Section 230 is a handout to big Internet companies. In truth, undermining Section 230 does far more to hurt new startups than to hurt Facebook and Google. 2018’s poorly-named Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA)—the only major change to Section 230 since it passed in 1996—was endorsed by nearly every major Internet company. One consequence of FOSTA was the closure of a number of online dating services, a niche that Facebook set about filling just weeks after the law passed.
EARN IT Is Unnecessary
EARN IT would simply have no effect—positive or negative—on the DOJ’s ability to prosecute online platforms that criminally aid and abet child abuse.
Remember, Section 230 does not exempt online intermediaries from violations of federal criminal law. If the Department of Justice believes that an online platform is breaking the law by knowingly distributing child exploitation imagery, then it can and must enforce the law. What’s more, if an Internet company discovers that people are using its platforms to distribute child sexual abuse material, current federal law requires it to provide that information to the National Center for Missing and Exploited Children and to cooperate with law enforcement investigations.
EARN IT is anti-speech, anti-security, and anti-innovation. Congress must reject it.
Comments
Post a Comment