This is the latest entry in my lengthy archive of writing, talks, and interviews about the EARN IT Act:
- Blog posts here at the CIS blog: part 1, part 2, part 3, part 4, part 5, part 6, part 7, part 8, part 9, part 10
- Articles for Brookings TechStream: part 1, part 2
- Talks at the DEFCON Crypto & Privacy Village and the University of Waterloo
- Interviews on the Techdirt podcast (July 2020, February 2022), Decipher Security Podcast, and ExpressVPN blog
For the last three years, I’ve written at length about the EARN IT Act. Now it’s back yet again. It has all the same problems as before. So I’m making sure Congress can’t ignore them.
Previously introduced in 2020 and 2022, EARN IT was recently reintroduced for the third time in the Senate and the House. The 2023 bill language is virtually unchanged from the 2022 version. (The two small changes to the bill are interesting ones, though, and I discussed them on a recent episode of the Moderated Content podcast hosted by two of my Stanford colleagues.)
I’ve repeatedly highlighted the threats EARN IT poses to encryption, privacy, and online speech, all without guaranteeing it would actually make children safer online. In particular, I’ve written about the Fourth Amendment problems with both the 2020 and 2022 versions of the bill. Because the 2023 version is just like last year’s, that problem hasn’t gone away.
EARN IT risks upsetting the delicate state of affairs under current federal law that presently enables online service providers to legally scan their users’ accounts for child sex abuse material (CSAM, aka child pornography), then report what they find so that those users can be investigated by law enforcement. Numerous online service providers currently scan for CSAM, and their reports play a vital role in rescuing child victims and bringing offenders to justice.
If passed, EARN IT might tip that fragile edifice over. The bill’s sponsors have stated that the goal of their bill is to induce providers to further increase their CSAM scanning efforts, on pain of ruinous civil and criminal liability. That’s a major problem, because providers’ searches of users’ accounts must be voluntary in order to be constitutional. If providers scan for CSAM due to government pressure rather than their own initiative, then what was once a voluntary private search becomes a warrantless government search that violates the Fourth Amendment.
The remedy for that violation is exclusion of the fruits of the search from the evidence presented in court. That means the CSAM turned up by a provider’s scan would not be admitted in a resulting criminal prosecution. If prosecutors can’t introduce the CSAM a defendant possessed as evidence against them, that would make it far harder to convict them of possessing CSAM.
That is: Rather than helping to protect children, the EARN IT Act might backfire and make it easier for accused CSAM offenders to walk free.
It is imperative for Congress to understand what’s at stake in this bill. That’s why I and a group of my fellow academic colleagues are sending this open letter to Congressional leadership on Wednesday (the day before the bill is scheduled to be marked up in the Senate Judiciary Committee). Signed in our personal capacities, the letter explains the Fourth Amendment problems with the EARN IT Act and warns Congress of the consequences if they pass it.
I’m grateful to Professor Eric Goldman for championing this letter, and to all our colleagues who put their names on it. To learn more about the EARN IT Act, check out my archive listed above or visit NoEARNITAct.org.