Skip to main content

What is the EARN IT Act? The bill that has privacy advocates worried, explained

A proposed piece of legislation called the EARN IT Act is currently making its way through the Senate, and despite its innocuous name, the bill has drawn criticism from a variety of activist groups who warn that it could have dire consequences for the future of the internet.

To help understand what the act says and how it would affect the web if passed, here’s a quick rundown of the most important parts.

Related Videos

What exactly is EARN IT?

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (shortened to EARN IT) is a bill sponsored by Sen. Lindsey Graham (R-South Carolina) and Sen. Richard Blumenthal (D-Connecticut) designed to fight child sexual exploitation online.

The bill’s first step is to establish a National Commission on Online Child Sexual Exploitation Prevention. The commission would consist of three agency heads — the attorney general, secretary of Homeland Security, and chairman of the Federal Trade Commission — along with 16 other members chosen by the leaders of the Senate and the House of Representatives.

capitol hill twitter censorship section 230
Getty Images/Digital Trends Graphic

The commission’s role is to come up with “best practices” that internet companies should follow in regard to child sexual abuse material online. These best practices could be broad, and that’s a problem for free speech and cybersecurity activists, who worry the commission will use its broad scope to target encryption, given that Attorney General William Barr has argued in favor of government backdoors into encrypted files. Graham has criticized encryption as well.

Originally, the bill required internet companies to follow the commission’s best practices in order to “earn” the protections granted by Section 230 of the Federal Communications Act. Section 230 is a crucial law in the development of the internet as we know it, shielding internet companies from liability for content users post on their platforms.

The recently amended bill removes the “earn it” idea entirely, however. The commission’s best practices would now be voluntary, however, states would be able to bring criminal or civil charges against companies that violate them.

Why are people worried?

Despite the bill’s stated intent to crack down on child sexual abuse material, activist groups including Human Rights Watch have spoken out against the EARN IT Act. What exactly is the problem?

Critics of the bill focus on a couple issues: That the bill curbs free speech by threatening platforms’ protection under Section 230, that it won’t actually do much to protect children, and that the bill is a stealth attempt at ending end-to-end encryption.

Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, writes that the EARN IT Act is a “bait and switch” that uses widespread resentment about Section 230 to stage an attack on encryption. Pfefferkorn argues that “ encryption, particularly end-to-end encryption, is likely to be targeted as being contrary to ‘best practices’ for preventing [child sexual abuse material], because if a provider cannot “see” the contents of files on its service due to encryption, it is harder to detect [child sexual abuse material] files.”

Sen. Patrick Leahy (D-Vermont) introduced an amendment to the bill specifically to protect encryption, but according to critics, it doesn’t go far enough. Pfefferkorn says that Leahy’s amendment “essentially gives providers a defense against liability, which is less strong than the a priori immunity from liability in the first place that Section 230 currently provides.”

Encrypted Cloud

In a statement for the Electronic Frontier Foundation (EFF), Joe Mullin said: “Sen. Leahy’s amendment prohibits holding companies liable because they use end-to-end encryption, device encryption, or other encryption services. But the bill still encourages state lawmakers to look for loopholes to undermine end-to-end encryption, such as demanding that messages be scanned on a local device, before they get encrypted and sent along to their recipient.”

According to the EFF, all 50 states would be able to craft their own laws, any of them capable of pressuring companies to weaken privacy protections like encryption. In that legal landscape, tech companies could err on the side of caution, gutting privacy protections to avoid running foul of state child sexual abuse material laws.

The American Civil Liberties Union also took a stand against the bill in an open letter to the committee, saying “these legal standards could force platforms to undermine or weaken their own encryption and privacy practices in order to avoid legal liability because plaintiffs could argue that end-to-end encryption, itself, is reckless or negligent conduct. Such liability claims could be bolstered if the advisory committee’s best practices recommend that platforms create encryption backdoors or otherwise take steps to weaken the encryption of their services.”

Sen. Ron Wyden (D-Oregon), who has advocated for digital privacy before, criticized the new version of the EARN IT Act, saying that “by allowing any individual state to set laws for internet content, this bill will create massive uncertainty, both for strong encryption and free speech online.”

What comes next?

After unanimous approval by the Senate Judiciary Committee, the next step for the bill is a debate on the floor of the Senate. Blumenthal told Politico that he and Graham want to see the Senate take up the bill this year, and that the House would be developing its own version of the bill soon.

If you have opinions or concerns about the bill, consider reaching out to your senator or representative.

Internet guerrillas: Inside the DIY broadband revolution with NYC Mesh
nyc mesh guerrilla internet network screen shot 2022 02 20 at 5 53 39 am

Toby Bloch doesn’t look like your average internet installation technician. Instead of a uniform with a corporate logo embroidered on it, he wears worn-in jeans and a thick canvas jacket. Instead of a van, he drives a Subaru -- the back of which is stuffed to the gills with a disorganized pile of hand tools, cables, and odd electronic devices with antennas sticking out of them. And unlike most technicians, he isn’t going to earn a dime for the appointment he’s headed to in Brooklyn.

But oddly enough, that’s precisely the point. Bloch doesn’t operate like a normal internet install tech because he isn’t one. He doesn’t work for Comcast or Spectrum or Verizon or any other large internet service provider (ISP). He’s a volunteer at NYC Mesh: A guerrilla internet provider that helps residents get online without paying a monthly fee to the aforementioned telecom companies.

Read more
How Big Jet TV won the internet
A plane landing during Storm Eunice in the UK in February 2022.

As millions of people hunkered down at home on Friday during the U.K.'s worst storm in 32 years, aviation enthusiast Jerry Dyer jumped in his van and drove to London’s Heathrow Airport to livestream passenger jets coming in to land in the challenging conditions.

Within a few hours of Dyer launching his Big Jet TV livestream from the top of his vehicle at the end of Heathrow’s runway 27L, social media started to take notice, with shares and retweets pushing his audience to as high as 200,000 people during the eight-hour livestream.

Read more
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more