Omdia view

Summary

The proposed EARN IT Act is aimed at tackling the challenges of online child predation, but may place tech companies in a precarious situation, forcing them to either weaken the data security technologies of their platforms, or be held liable for user-submitted content.

U.S. Government seeks “Lawful Access” to user data

During this time of crisis amid the global coronavirus pandemic, legislation referred to as the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) has been making its way through the United States Congress.  This bill is framed by its sponsors as a way to hold technology companies liable for user-submitted content by revoking protections under Section 230 of the Communications Decency Act (CDA).

Historically, Section 230 has perhaps been best known for its "common-sense principle," which specifies that the responsibility for online content lies with its creator, not the platform hosting it. Section 230 effectively offers legal protections for organizations within the technology sector from being held legally responsible for the unlawful conduct and illicit content submitted by the users of their respective platforms.

This sort of legal protection makes logical sense; while platform providers can put some controls in place, they ultimately cannot dictate how their respective users will choose to behave on these platforms. For example, if a Facebook user threatens someone’s physical safety, the individual making the threat is the one liable for the content, not Facebook.

However, there has been substantial pushback against these protections in recent years. One prominent example took place during a press conference earlier this month, wherein U.S. Attorney General William Barr stated that encryption technologies are being used by child sexual predators to distribute and share illegal content.  Furthermore, Barr argued that technology companies had a duty to prevent this content from spreading on their platforms, and alluded to the EARN IT Act as a way to enforce this responsibility.

Written by senators Lindsay Graham and Richard Blumenthal, the EARN IT Act seeks to tackle the challenges of online child predation by denying content providers the traditional protections offered through the CDA’s Section 230.  This bill would establish a National Commission on Online Child Sexual Exploitation Prevention, responsible for developing a set of “best practices” requiring observance from technology firms.  These practices would have to be accepted by 14 members of a proposed 19-member committee, before ultimately receiving final approval from the Attorney General and heads of the Department of Homeland Security and the Federal Trade Commission, respectively.

In keeping with the name of the bill, this legislation would force technology firms to literally earn Section 230’s protections, only after they prove their compliance with these practices.  While these practices do not currently mention encryption specifically, this does not remove encryption as a potential target.  During the same press conference, Barr stated that the government is working on retaining “lawful access,” which could ultimately require that firms weaken end-to-end encryption, including with "backdoor" access, in order to remain compliant with any future best practices. 

This bill would place tech companies in a precarious situation, forcing them to either weaken the security of their platforms, or be held liable for content submitted by their users. While the desire for new ways to combat online crime is understandable, Omdia asserts that this bill introduces substantial risk for questionable gain.  The practical effect of the law, if enacted, may include a requirement that tech firms create backdoor access to their technologies, which would fundamentally weaken the very solutions that protect law-abiding citizens from unlawful surveillance by hackers, criminals, and governments alike. 

To date, tech firms have been successful in fending off efforts to weaken encryption and related data privacy solutions but EARN IT may prove to be their greatest challenge yet. However, to quote Benjamin Franklin, “Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.”