Senator Lindsey Graham has introduced the EARN IT Act of 2019, which would eliminate online service providers’ immunity for the actions of their users under Section 230 of the Communications Decency Act.
The Act essentially establishes a National Commission on Online Child Exploitation Prevention, tasks this commission with drafting online best practices for preventing child exploitation by users (which would presumably mean no end-to-end encryption), and eliminates Section 230 immunity unless service providers follow those best practices.
SAFE HARBOR.—Subparagraph (A) [removing immunity] shall not apply to a claim in a civil action or charge in a criminal prosecution brought against a provider of an interactive computer service if – (i) the provider has implemented reasonable measures relating to the matters described in section 4(a)(2) [referring to creation of the best practices] of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 to prevent the use of the interactive computer service for the exploitation of minors . . . .Page 17 of the EARN IT Act of 2019
Other sections create liability for “reckless” violations (instead of “knowing” violations), require online service providers to certify that they are complying with the created best practices, and set forth the requirements for membership in the newly created commission.
This bill comes after a hearing in December 2019 over the issue of legal access to encrypted devices. During that hearing Senator Graham warned representatives of Facebook and Apple that, “You’re gonna find a way to do this or we’re going to do it for you.”
3/15/20 Update – A revised version of the EARN IT Act, introduced on March 5, alters how so-called “best practices” are created. First, a 19-member commission comprising the Attorney General, the Secretary of Homeland Security, the Chairman of the FTC, and (to be chosen by the heads of each party in the House and Senate) four representatives from law enforcement, four from the community of child-exploitation victims, two legal experts, two technology experts, and four representatives from technology companies. The support of 14 members would be required to approve any best practices, the recommendations must be approved by the AG, Secretary of Homeland Security, and the FTC Chair, and then Congress itself must enact them.