Donate
The Internet “Just Works”: The EARN IT Act Threatens That and More Thumbnail
‹ Back
Encryption 3 July 2020

The Internet “Just Works”: The EARN IT Act Threatens That and More

Katie Jordan
By Katie JordanSenior Policy Advisor
Ryan Polk
Ryan PolkSenior Policy Advisor

When the EARN IT Act was introduced in March 2020, technologists, civil society organizations, academics, and even a former FBI General Counsel blasted the bill as a thinly veiled attempt to prevent platforms from keeping users safe with strong encryption. The bill had implications for intermediary liability, of course, but it was clearly a play to take down the strongest digital security tool we have online.

The EARN IT Act is now a monstrous version of its previous self. It would not only weaken the ability of platforms to protect users through encryption, but fundamentally alter how platforms operate, leading to dangerous consequences for users and the global Internet.

While the new version of the bill would prevent the federal government from forcing platforms to weaken encryption to maintain their intermediary liability protection (a foundational aspect of most companies’ business plans), it would essentially allow states to pass their own version of the original EARN IT Act. This would create a chaotic patchwork of state-level laws, threatening user security across the country and creating borders for a networking system that was never meant to recognize them. This bill would not only weaken the ability of platforms to protect users through encryption, but fundamentally alter how platforms operate, leading to dangerous consequences for users and the global Internet.

EARN IT: Don’t Solve a Problem by Creating 1,000 More

Most of us use the Internet for just about every part of daily life: banking, work, entertainment, education – and we use it to communicate with friends and family about some of the most important issues our country faces.

We often take for granted that it “just works.” But that is not a certain future.

The EARN IT Act – and many other bills that have been introduced in weeks, months, and years past in an attempt to regulate content and security measures – threatens to undermine the way the Internet fundamentally operates and our ability to continue using it with the freedoms we now enjoy.

To be fair, these platforms don’t always get it right when it comes to figuring out what kinds of content  should or should not be permitted to spread online. But the benefit of keeping the onus on platforms to do their best is that we can leave if things aren’t working the way we want or expect. For example, just in the past week dozens of major advertisers have pulled their ads off of Facebook because the platform was not upholding the community’s expectations of what speech should be permitted.

And that’s the way it should be. Governments shouldn’t dictate what kind of content gets to exist online. The Internet is borderless, meaning conflicting legal obligations from different countries would force platforms to choose whose regulations to follow or to create a different Internet experience in every country. The EARN IT Act would shift the responsibility of ownership for content that should not be permitted online from individuals to platforms and make all user communications less secure in the process.

How Does the New EARN IT Act Threaten the Internet?

The new amendments to EARN IT get some things right – most importantly, its Commission of experts on online child sexual exploitation prevention would create a set of voluntary best practices that Congress would no longer have to approve. This means experts can work together to create a set of norms that companies can adapt to their own platforms.

This is a big improvement from the previous version of the bill, as it takes into consideration that large platforms have large staffs to handle complex requirements that may arise. Small platforms, new innovators, and mom-and-pop shops are lucky if they have one or two staff members handling all their tech related issues.

Unfortunately, the problems with the EARN IT Act overshadow its good intentions. Insufficient protections for encryption threaten to make all users more vulnerable to the crime it is trying to address. It also puts the digital economy at risk by taking away a key feature that has been essential for the Internet’s success: liability protection.

Although an amendment was added to the bill to provide protections for encryption, they are far from powerful enough. The protections from the amendment would be tested in state courts across the country, leaving strong encryption on unstable ground. Companies will face a choice, risk their future by implementing end-to-end encryption when it is unclear what the future holds for the legality of the technology in any of the states they operate in, or not take the risk and use less secure encryption. In an uncertain legal environment, companies will refrain from implementing end-to-end encryption, leaving all of us less safe.

On the intermediary liability protection side, this bill would lead to an incredible amount of uncertainty, especially because it does not create a solid floor for its reference to “knowledge” standards. Will platforms be held liable for content that passed over their site through secure channels that weren’t visible to the platform? Will they be held accountable only when the content is reported? Or will “knowledge” fall somewhere in the middle? These are pretty big gray areas for legislation and should be answered before a bill is passed, not after.

By our read, it seems like the bill allows a broad array of claims against platforms that fail to prevent child sexual abuse material from being distributed even if the platform had no knowledge that the content existed or was shared. This will likely ultimately lead platforms to be much more strict about any uploads to their site, which will stifle innovation, communication, and users’ ability to share important messages online.

As we’ve seen in recent weeks, these kinds of proactive filters often get it wrong – like when social media sites took down haunting photos of slaves from the 1800s because of “nudity,” not recognizing the wider context and important message those pictures presented.

This could also lock in the limited competitive marketplace we now enjoy online, as searching and filtering through all the content posted on a platform each day would be much too expensive and time consuming for new or small enterprises. The Internet is still relatively young as far as technologies go. Let’s not knee-cap it before we know what we could really create.

Too Complicated to Pass

The EARN IT Act is an attempt by policymakers to mandate an outcome, but they are doing it in a way that could seriously harm everyday users along the way. Child sexual exploitation is a horrible, heart-wrenching crime. But breaking key security and legal protections that are fundamental to how the Internet works doesn’t fix that problem. It just makes everyone more vulnerable to the crime and hate we’re trying to prevent online.

We need tech-neutral and tech-aware solutions to fix today’s problems in a way the doesn’t compromise our strongest tools to keep people – including children – safe online. We need policymakers to be thoughtful and considerate of the implications of their actions. This rushed-through markup of the EARN IT Act is neither.


Image by JJ Ying via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Making Intermediaries Liable for Encrypted Content Breaks Trust and Security
Making Intermediaries Liable for Encrypted Content Breaks Trust and Security
Encryption4 June 2020

Making Intermediaries Liable for Encrypted Content Breaks Trust and Security

In December 2018, the Indian Ministry of Electronics & Information Technology (MeitY) proposed a significant change to its intermediary rules....

Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk
Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk
Encryption9 January 2020

Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk

Security and encryption experts from around the world are calling on the Indian Ministry of Electronics and Information Technology (MeiTy) to reconsider...

In India, Days Left to Comment on Rules That Could Impact Your Privacy
In India, Days Left to Comment on Rules That Could Impact Your Privacy
Encryption28 January 2019

In India, Days Left to Comment on Rules That Could Impact Your Privacy

The public has until 31 January to comment on a draft set of rules in India that could result in...

Join the conversation with Internet Society members around the world