February 22, 2022

EARN IT Act moves forward 

The Senate Judiciary Committee has approved a new version of the highly controversial Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act).  First introduced in March 2020, EARN IT Act pares back the immunity protections under Section 230 of the Communications Act of 1934, making them contingent on the ability of online service providers to tackle the online proliferation of child sexual abuse material (CSAM). To be clear, Section 230 does not protect online service providers from being held liable for the possession or transmission of CSAM. Intermediaries are already required to report any CSAM on their servers and can be criminally prosecuted for knowingly facilitating the spread of CSAM. The EARN IT Act goes beyond these measures and creates obligations for tech platforms to proactively look for CSAM. Encouraging platforms to scan all user-transmitted or stored messages, photos, and files raises serious privacy concerns

The monitoring obligations would require companies that have built encryption into their products to build special backdoor access – a move that is likely to discourage the use of encryption and weaken the security of online communications. During hearings about the bill, Sen. Blumenthal tried his best to downplay the impact on encryption, going so far as to say that “Big Tech is using encryption as a subterfuge to oppose this bill..” The 2022 version of the bill was amended to add a provision to prohibit encryption from being used as the sole justification for lawsuits. However as Sen Blumenthal has clarified, while the Act “does not prohibit use of encryption or create liability for using encryption”, evidence of use of encryption to further illegal activity can potentially expose providers to liability for offering it. 

By requiring providers to scan their services and turn that material over to law enforcement, EARN IT Act pushes providers into acting as government agents. However, the evidence obtained from providers conducting unconstitutional warrantless searches is inadmissible in courts and paradoxically will lead to fewer convictions of child predators. The EARN IT Act exposes intermediaries to a patchwork of different state laws. If the current version passes, tech platforms can be sued for images that are posted by users on their platforms. It allows for both civil and criminal lawsuits against service providers “regarding the advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse material” and leaves it up to states to set the relevant legal standard for prosecution.  Human rights groups have also raised concerns about the unintended consequences of the bill, drawing comparisons to SESTA/FOSTA — the 2018 bill that was meant to limit sex trafficking on the internet. Though intended to prevent sex trafficking, FOSTA-SESTA has been criticized for its impact on deplatforming of  sex workers, disproportionately affecting LGBTQ communities and driving illegal actors undergound and beyond the reach of law. 

Given its impact on free speech and online security  it is not surprising to see civil liberties, digital rights, and big tech groups come together to oppose the EARN IT Act. More than 60 organizations have signed a letter urging the Judiciary Committee to oppose the legislation. Regardless of what happens with the EARN IT Act, balancing protecting users’ online privacy and security, and providers’ liability is a tough act and these tensions are here to stay. 

The Slow, Slow Process of ICANN Reform

Accountability reforms were the quid pro quo for ICANN’s release from the supervision of the U.S. government in October 2016. One of those reforms required the corporation to revise and improve its Independent Review Process. The Independent Review Process (IRP) is the Supreme Court of ICANN’s non-governmental system of governance. It is supposed to be an accountability mechanism that provides for independent third-party review of Board or staff actions alleged to be inconsistent with ICANN’s Articles of Incorporation or Bylaws. One of its key functions is to ensure that ICANN does not stray from its limited mission. The new Bylaws required ICANN to create a Standing Panel of prospective judges, from which members shall be selected to preside over specific IRP disputes. 

ICANN has slow-walked the reform. Five and a half years after the transition, and four years after creating a “process roadmap” for appointing the Standing Panel, ICANN on Feb 17 announced the creation of (wait for it) a committee to “support the SOs and ACs in proposing a slate of nominees” for the Standing Panel. Seven individuals were named to an “Independent Review Process (IRP) Community Representatives Group.” The group, whose members are listed here, is responsible for “supporting the SOs and ACs in proposing a slate of nominees.” ICANN’s announcement says “The IRP is an essential mechanism for holding the ICANN Board and the organization accountable, and the seating of an omnibus standing panel to hear these claims is an important component of achieving a consistent, binding outcome.” 

The ball is now in the court of ICANN’s Supporting Organizations and Advisory Committees – or is it in the hands of the Community Representatives Group? – and ICANN’s announcement invites us to visit this website, which has not been updated since November of 2020, to “Follow the progress.”