EARN IT Act: Undermining Internet Security
Exploring how the EARN IT Act could erode encryption, fragment online protections, and jeopardize the open Internet for everyone.
The modern Internet thrives on seamless connectivity, robust privacy safeguards, and innovative services that billions rely on daily. At the heart of this ecosystem lies end-to-end encryption—a cornerstone technology that ensures only intended recipients can access sensitive data. However, proposed legislation like the EARN IT Act threatens to disrupt this balance. By targeting intermediary liability protections under Section 230 of the Communications Decency Act, the bill could force platforms to compromise security measures, leading to widespread vulnerabilities. This article delves into the mechanics of the Act, its potential fallout, and why preserving the Internet’s foundational principles is crucial.
Understanding Section 230 and Its Role in the Digital Age
Enacted in 1996 as part of the Communications Decency Act, Section 230 provides a legal shield for online platforms, treating them as distributors rather than publishers of user-generated content. This immunity has enabled the explosion of social media, forums, cloud storage, and messaging apps by allowing companies to moderate content without fear of crippling lawsuits for every post.
Without Section 230, platforms would face an avalanche of litigation for third-party content, stifling free expression and innovation. For instance, forums discussing sensitive topics like health or politics could shut down to avoid liability. The provision has been pivotal in fostering a diverse online environment where users share ideas freely.
- Encourages user-generated content without excessive censorship fears.
- Supports small startups by leveling the playing field against legal overreach.
- Promotes global interoperability by standardizing liability across services.
Yet, critics argue it enables harmful content, prompting bills like EARN IT to carve out exceptions. While noble in intent—combating child sexual abuse material (CSAM)—such changes risk unraveling the fabric that holds the Internet together.
The Core Mechanisms of the EARN IT Act
Introduced in 2020 and evolving through amendments, the EARN IT Act (Eliminating Abusive and Rampant Neglect of Interactive Technologies) seeks to amend Section 230 specifically for CSAM-related liabilities. It establishes a commission to develop “best practices” for detecting and reporting illegal content, with non-compliance potentially stripping platforms of immunity.
A key shift in later versions allows states to enact their own enforcement rules, bypassing uniform federal standards. This devolves authority to 50 different jurisdictions, each with varying definitions of “reasonable” security measures. Platforms might need to scan all uploads against databases like those from the National Center for Missing & Exploited Children (NCMEC), even for encrypted communications.
| Aspect | Original Intent | Potential Impact |
|---|---|---|
| Encryption Handling | Encourage scanning tools | Forces weakening of end-to-end protections |
| Liability Scope | Target CSAM only | Exposes platforms to broad civil suits |
| State Involvement | Federal guidelines | Patchwork of 50+ conflicting laws |
This structure incentivizes over-cautious moderation, where platforms err on the side of removal to retain protections, potentially censoring legitimate speech.
Encryption Under Siege: A Direct Threat to User Safety
End-to-end encryption (E2EE) ensures that data in transit—such as messages in apps like Signal or WhatsApp—remains inaccessible to intermediaries, including the service provider itself. The EARN IT Act pressures companies to implement client-side scanning or backdoors, undermining E2EE’s integrity.
According to the Internet Society’s analysis, such mandates interfere with the Internet’s critical properties: shared infrastructure, open architecture, global identifiers, and technology neutrality. Forcing scans on encrypted traffic could expose users to hackers exploiting the same vulnerabilities created for law enforcement.
Real-world parallels exist in countries like Australia and the UK, where similar laws led to diluted security implementations. Users in vulnerable groups—journalists, activists, and marginalized communities—stand to lose the most, as their communications become interceptable.
The Perils of a Fragmented Legal Landscape
By empowering states to impose stricter rules, EARN IT creates a regulatory mosaic. A platform compliant in California might violate Texas law, compelling geo-fencing or service restrictions by location. This balkanizes the Internet, originally designed as a borderless network.
Internet infrastructure providers, including ISPs and content delivery networks (CDNs), could face liability for merely transmitting data. Cloud services might refuse U.S. users to avoid risks, driving business overseas and harming the domestic economy.
Small businesses and startups, lacking resources for multi-state compliance, would be hit hardest. Innovation stagnates as developers prioritize legal hurdles over user features, consolidating power among tech giants who can afford compliance teams.
Broader Ramifications for Innovation and Free Speech
Over-moderation is a predictable outcome. Platforms, fearing lawsuits, could deploy aggressive filters that flag innocuous content—like medical discussions or artistic expressions—as suspicious. This chills speech, echoing effects seen post-FOSTA-SESTA, where sex worker resources vanished online.
Economically, the digital sector—contributing trillions to GDP—relies on frictionless data flows. Increased latency from mandatory scans burdens networks, raising costs for users, especially in rural areas with poor connectivity.
- Higher data usage from scanning processes.
- Slower load times impacting e-commerce and streaming.
- Reduced trust, leading to user exodus from U.S. services.
Globally, the precedent weakens U.S. leadership in secure tech standards, inviting authoritarian regimes to justify their own surveillance laws.
Performance and Accessibility Challenges
Mandatory monitoring demands vast computational resources. CDNs might throttle speeds to accommodate scans, delaying website loads by seconds—critical for time-sensitive applications like video calls or financial transactions.
Underserved communities bear disproportionate burdens: higher latency exacerbates digital divides, limiting access to education and telehealth. The Internet Society warns this undermines resilience, as decentralized networks lose agility.
Alternatives to EARN IT: Smarter Paths Forward
Rather than dismantling protections, targeted investments yield better results. Enhancing NCMEC’s database, funding AI for proactive detection on public platforms, and international cooperation on CSAM takedowns preserve encryption.
Legislation like the REPORT Act focuses reporting without liability overhauls. Public-private partnerships can innovate voluntary tools, maintaining incentives for safety without coercion.
FAQ: Key Questions on the EARN IT Act
What exactly does EARN IT change about Section 230?
It removes immunity for CSAM-related claims unless platforms follow commission guidelines, opening doors to state lawsuits.
Does it ban encryption outright?
No, but it creates liability risks that pressure companies to weaken or abandon it.
Who is most affected?
Users relying on secure messaging, small platforms, and low-income communities facing higher costs.
Has similar legislation worked elsewhere?
Laws like Australia’s assistance rules have compromised security without proportional crime reductions.
What can individuals do?
Contact legislators, support orgs like Internet Society, and advocate for encryption-preserving reforms.
Conclusion: Safeguarding the Internet’s Future
The EARN IT Act, while addressing a vital issue, employs a sledgehammer where a scalpel is needed. By jeopardizing encryption, fostering legal fragmentation, and curbing innovation, it endangers the very freedoms and securities that define the Internet. Policymakers must prioritize solutions that enhance safety without sacrificing core principles. The Internet “just works” because of its open, secure design—let’s keep it that way for generations to come.
References
- 47 U.S. Code § 230 – Protection for private blocking and screening of offensive material — U.S. Government Publishing Office. 1996 (last amended 2020). https://www.law.cornell.edu/uscode/text/47/230
- Internet Impact Brief: How the US EARN IT Act Threatens Security, Confidentiality, and Safety Online — Internet Society. 2022-05-12. https://www.internetsociety.org/resources/2022/internet-impact-brief-how-the-us-earn-it-act-threatens-security-confidentiality-and-safety-online/
- EARN IT Act of 2020 (S.3398) — 116th Congress (2019-2020), U.S. Senate. 2020-03-05. https://www.congress.gov/bill/116th-congress/senate-bill/3398/text
- The EARN IT Act Is a Threat to Privacy, Free Speech, and the Internet Economy — Information Technology and Innovation Foundation (ITIF). 2020-07-10. https://itif.org/publications/2020/07/10/earn-it-act-threat-privacy-free-speech-and-internet-economy/
- EARN IT Act Threatens Our Online Freedoms — Stanford Law School Center for Internet and Society. 2020-07-02. https://cyberlaw.stanford.edu/blog/2020/07/earn-it-act-threatens-our-online-freedoms-new-amendments-dont-fix-it/
Similar Articles
Read full bio of medha deb
