Senate Judiciary Passes Earn It Act -- With Encryption Amendment

The Graham-Blumenthal amendment would remove the tech industry’s blanket immunity under Section 230 of the Communications Decency Act from federal civil, state criminal and state civil child sexual abuse material (CSAM) laws. It would establish a commission led by the attorney general to develop voluntary best practices for social media companies.

Leahy’s amendment would clarify liability for cybersecurity and encryption services. A website won’t be liable simply because it offers encryption or is unable to take action because of it, Leahy said: “The bill is not intended to end encryption as we know it.”

Blumenthal in an interview noted Graham planned to have spoken with Senate Majority Leader Mitch McConnell, R-Ky., about the bill Thursday. “I will soon,” Graham told us. “I don’t know about today, but I’ll talk to him soon.”

There are a number of potential co-sponsors in the House who will advance the bill when the Senate is closer to a final vote, Blumenthal said. He credited the committee for “resolving misconceptions and misinformation” about the bill Thursday. “I’m very hopeful about when and how it will move forward. [Unanimous passage] is a pretty strong vote of confidence,” he said in an interview.

Sens. Mike Lee, R-Utah, and Chris Coons, D-Del., filed and withdrew amendments. Lee raised concerns about the Earn It Act allowing state law to set national liability standards. Coons’ amendment would increase federal resources for investigation and prosecution of child abuse cases, altering the Victims of Child Abuse Act, which provides resources for victims. The Coons amendment would increase certain line items from $24 million to $37 million.

At the markup, Graham said the section gives absolute liability protection, and there aren’t other instances in the private sector with such immunity. The goal isn’t to “outlaw” encryption, a practice the committee will debate another day, he said. If there’s a lawful warrant, police need a way to access encrypted information, he argued.

Section 230 was appropriate at a certain point, but it’s no longer, said Blumenthal. He lauded the Leahy amendment, saying it clarifies that encryption is compatible with getting platforms to police content. Platforms can no longer knowingly facilitate this “filth,” he said. Industry has said cybersecurity and encryption are compatible with eliminating CSAM, he continued, citing removals of WhatsApp accounts without degrading privacy.

Companies haven’t done enough to address this pervasive problem, said ranking member Dianne Feinstein, D-Calif. She cited an estimated 70 million child abuse photos online. Section 230 is “ripe for reform,” said Sen. Marsha Blackburn, R-Tenn.

Lee favored having an advisory commission for industry best practices. He said anti-sex trafficking legislation in 2018 (see 2006190064) exemplified clearly defined standards of liability without the threat of a patchwork of state law. His amendment would mirror the Stop Enabling Sex Traffickers-Allow States and Victims to Fight Online Sex Trafficking acts on CSAM, he said.

This bill ought to be a warning sign to Big Tech that there’s bipartisan concern about 230 being an unbreakable shield for all time, said Sen. Ted Cruz, R-Texas. John Kennedy, R-La., noted his desire to target the statute with legislation when companies use certain algorithms to maximize engagement and encourage hateful content. A country is judged by its ability to protect kids, Graham said: “More will be coming.”

Stakeholders wrote in opposition, asking Graham to postpone the markup. R Street Institute, Access Now, ACT|The App Association, the Center for Democracy & Technology, New America’s Open Technology Institute and Internet Society signed. A large segment of civil society hasn’t examined the changes, “and those who have had little, if any, opportunity to work with the Committee in any capacity to address the new language and the concerns it raises,” they wrote. The bill might allow states to implement strict liability measures that make it impossible to host content and allow states enforcers to target encryption standards, they said.

“With more of our business and personal lives online than ever before, companies need to be able to secure devices and services,” said Computer & Communications Industry Association President Matt Schruers. “This bill threatens to undermine those security efforts.” The bill would “make it harder to stop the spread of CSAM, while also limiting the First Amendment rights of adults to access lawful content and use secure services for private communications,” said TechFreedom Senior Fellow Berin Szoka. Removing 230 protections “undermines the legal certainty that is central to both enabling innovation and free speech on the Internet and preserving the ability for companies to take down exploitative material,” emailed Information Technology Industry Council CEO Jason Oxman.

Sex workers would be censored and could lose “critical access to online platforms necessary for their safety,” said American Civil Liberties Union Senior Legislative Counsel Kate Ruane. “There is no need to endanger the voices of LGBTQ people and sex workers online to achieve our shared goals of protecting children from harm.” She cited the ACLU’s letter opposing the bill. Public Knowledge Policy Counsel Bertram Lee raised concerns with new liability disproportionately affecting “smaller platforms, or users who have valid reasons to want to keep their communications free from monitoring.