Skip to content

Illustration by Security Management

U.S. Proposal to Combat Child Pornography Raises Serious Security Concerns

No lawmaker is in favor of child exploitation, which makes the allure of the U.S. Senate bill known as the EARN IT Act strong enough to have garnered 10 bipartisan sponsors. The full name of the bill, authored by Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), is the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act. Its primary aim is the elimination of online child pornography by altering Section 230 of the Communications Decency Act, which holds online users responsible for their actions and not the platforms they use.

The bill seeks to accomplish the aim by establishing a commission that would establish “best practices for providers of interactive computer services regarding the prevention of online child exploitation conduct.” Companies must demonstrate they follow these best practices or lose their Section 230 protections.

Despite its unassailable ambitions, the bill is panned by a wide array of the technology sector; obviously the social media platforms would face a new set of burdensome regulations, so they hate it. People and organizations supporting online free speech despise it. And importantly, online security experts see it as a serious threat to the encryption of online data. The following is a rundown of the issues those opposed to the bill raise.

One of the fundamental flaws under fire from several different directions, from big tech firms to privacy groups to online corporate security experts, is a provision that reportedly allows the U.S. Attorney General to override the work of the commission and essentially set whatever best practices he or she wants to set. This is widely seen as a way to establish a best practice that would require a backdoor for law enforcement into any encryption the online platform has established.

Consider this quote obtained by The Washington Post of the chief technology officer of McAfee: “The EARN IT bill not only will fail at its objectives, but will also destroy the protection encryption provides to everyday citizens’ medical, financial, and personal data.”

And this quote, obtained by Wired from a Facebook spokesperson: “We’re concerned the EARN IT Act may be used to roll back encryption, which protects everyone’s safety from hackers and criminals, and may limit the ability of American companies to provide the private and secure services that people expect.”

Online privacy groups also despise the bill. In its analysis of the bill, the Electronic Freedom Foundation described it as opening the door for “the government to require new measures to screen users’ speech and even backdoors to read your private communications—a stated goal of one of the bill’s authors.” The Free Press, another group with a mission of protecting people’s and media’s online rights, says “the legislation sets up the U.S. government as the arbiter of all communications and conversations that happen on the internet—a terrible idea in any instance.”

At a Senate Judiciary Committee hearing, Blumenthal pushed back on the criticism, saying “encryption can coexist with strong law enforcement.” In the same hearing, a chief advocate of the legislation, the National Center for Missing & Exploited Children, did not address the encryption technology directly , but did say: “There is a crucial need for standardized guidance on how companies can best detect and identify child sexual abuse material online through the use of voluntary initiatives, shared technology and data sets, and also train and support content moderators who have the vital, but immensely difficult, role of reviewing and vetting this content.”