If you’re a fan of tech-related Senate hearings, man this is your week. We’re about to start a hearing on the EARN IT Act, aka the “no really, we promise this isn’t about banning encryption” bill! judiciary.senate.gov/meetings/the-e…
Welcome to the EARN IT Act hearing, featuring: charts. 
Lindsey Graham kicks off the hearing with a warning about how Facebook finds a lot of child abuse material but will “go dark” because of encryption.
“This bill is not about the encryption debate, but the best business practices, I’m dying to find out what they should be.”
Okay!
“This bill is not about the encryption debate, but the best business practices, I’m dying to find out what they should be.”
Okay!
“I am not going to stay on the sidelines any longer. Facebook is doing a damn good job of finding out sexual abuse on their platform and reporting it and prosecutors are acting. The other sites, not so much. We’re not going to go blind as a nation.” - Graham
“Any society that fails to protect its children and do all it’s within reason to do so has lost their way. America is not going to lose its way.”
Blumenthal is here now — he’s the Democratic side of the sponsorship here. This is going to be a frustrating hearing, because we’re pitting the need to stop really awful child abuse against some basic internet freedoms.
“There’s a section of law, Section 230 of the Communications Decency Act, that provides unique near-absolute immunity from legal responsibility for certain companies and activities,” says Blumenthal. We don’t want to strip “deserved and earned” protections, though.
Second encryption mention, take a drink.
Blumenthal is citing the recent NYT reports about child abuse online — he’s dinging Amazon for not reporting more cases. nytimes.com/2020/02/07/us/…
“Apparently the company that can get you packages almost before you order them provides a little more slowly with images of child exploitation.”
The gist of this whole introduction is that not all companies make as many reports of child abuse as Facebook, so we should require companies to do… something… that will make them report more.
Blumenthal’s trying to address concerns that this is a gift to Barr, who (like previous FBI heads) is not a big fan of encryption. Citing the fact that there’s a large committee to make decisions.
“This blanket near-absolute immunity is not an absolute right. It is not a gift. It should be earned and deserved and certainly should not be continuing if these companies fail to observe and follow the basic moral obligation that they have.” - Blumenthal
The frustrating thing here is that Congress doesn’t have to prove there *are* best practices that would meaningfully curb abuse. So we’re basically debating the abstract issue of whether crime should be stopped. Which… yes! But that’s not really the question!
The first witness is Nicole, who has firsthand experience of abuse. As a side note, this bill changes “child pornography” to “child sexual abuse material” in legal discussion, since it's increasingly accepted as a more appropriate term.
We’re starting with a frustrating problem here: nobody’s making clear *where* child abuse imagery is actually being shared. Blumenthal references Wikipedia, for instance — is this a major vector? That’s *extremely pertinent* to this debate!
Now there’s a new panel, focusing more on expert discussion.
This is a good time to read this @ericgoldman analysis of the bill, by the way. blog.ericgoldman.org/archives/2020/…
@ericgoldman John Shehan from the National Center for Missing & Exploited Children, which is pro-EARN IT Act, up first.
Shehan is offering an overview of CSAM tips — increasingly involving video and extortion. Any technology “can and will” be used by abusers.
“Some leading technology companies such as Facebook, Google, Twitter, and Snap engage in proactive efforts … but too many companies are not proactive in solving this problem.” Voluntary efforts are “not sufficient.”
Companies should have to proactively scan for content, be liable for helping victims, and report progress in finding and preventing abuse.
“The EARN IT Act is a child protection bill.” The bill will “create a unified roadmap of consistent up to date best practices developed by an expert commission."
Jared Sine from Match Group is here now. It’s one of the first big tech companies to break out in support for the bill.
“This bill takes on the right central question: how will all of us in the ecosystem keep users safe from bad actors while ensuring privacy?"
Now Sine says smartphones are making kids depressed, which comes kind of out of left field.
“There is one unavoidable reality at the core of the internet today. All platforms can and must do more to protect our children.” - Sine
Match says all companies grapple with “inherent tensions” between privacy and safety. “There are technological solutions that balance safety for our children with privacy.” The commission will solve these issues.
Again: almost *nobody* here is discussing what these solutions would be, because the bill just creates a commission and throws the problem at them.
Mary Leary of the Catholic University of America. Not testifying in favor of or against the EARN IT Act, she’s just offering “historical and practical context” for the problems of CSAM.
A whole lot of “Section 230 wasn’t meant to cover liability for child abuse material” discussion, which isn’t technically false but ignores that one of the very earliest big 230 cases was *exactly* about this issue.
Elizabeth Banker of the Internet Association — which opposes the EARN IT Act.
Banker is listing unintended consequences of the bill, including the possibility of discouraging encryption. Says IA wants to keep working with the committee on a solution for CSAM.
“I don’t buy anything you just said about the tech companies or the internet ecosystem really caring, all they care about is not getting sued.” - Graham. Asks what she’d choose if the options were losing Section 230 or passing the bill.
“Why does Facebook have 15.8 million reports and Amazon has 8?” says Graham. (FWIW, not that it totally makes up for this, but “reports” could include multiple incidents — the Times noted that Dropbox submitted a few reports but a bunch of material.)
If you lived through the era of “if you hate surveillance and war then you love terrorists” in the ‘00s, this panel feels slightly familiar.
Graham, rhetorically: “Is Section 230 a constitutional right? Or is it something Congress gave and can take away if it chooses?”
...
...
A better version of this hearing would answer things like:
- What measures could the EARN IT Act committee feasibly require?
- How would they affect small companies that don’t have Facebook-level resources?
- *Is* most CSAM being shared through scannable big platforms?
- What measures could the EARN IT Act committee feasibly require?
- How would they affect small companies that don’t have Facebook-level resources?
- *Is* most CSAM being shared through scannable big platforms?
“What’s amazing to me is that anyone would have resistance to this.” - Dianne Feinstein, who was incidentally one of the biggest proponents of NSA surveillance after Snowden
John Kennedy wants to talk about potential solutions. “We understand the problem, I want to talk meat-on-the-bone about specificity.” Asks Banker what can be done to solve the problem.
Banker: we need more resources for law enforcement, and we need to be able to build better detection tech by analyzing illegal material.
Shehan: we need greater widespread adoption of the tools that exist, and we need more transparency.
Kennedy drilling down: “I know the problem. I’m not trying to be rude. I want to know specifically what we should do in the next 30 days to fix this."
Kennedy drilling down: “I know the problem. I’m not trying to be rude. I want to know specifically what we should do in the next 30 days to fix this."
Sine: “we can pass a law like this!”
Kennedy: “other than that.”
Sine: require companies to use AI-assisted review.
Kennedy suggests going to... broadband companies? Saying we’ll pull Section 230 protection if they don’t stop CSAM? I’m… not totally sure I have that right.
Kennedy: “other than that.”
Sine: require companies to use AI-assisted review.
Kennedy suggests going to... broadband companies? Saying we’ll pull Section 230 protection if they don’t stop CSAM? I’m… not totally sure I have that right.
Leary asks whether 230 should “exist at all in the modern age."
Leary’s saying Section 230 shouldn’t protect companies from state legal liability.
Seriously, the *massive* problem here: even people who hate “Big Tech” seem to *only* want to give Big Tech a seat at the table here. We need to talk about how these changes affect companies that don’t run their own AI services!
Sen. Leahy is up here, says we need to hear from law enforcement. Shehan notes that it’s true there isn’t enough funding to actually investigate CSAM tips.
Cornyn is another “we should just repeal 230” take. AAAAHHHHHHHHH “Facebook … they no longer consider themself to be a neutral platform … I just don’t know why they shouldn’t be treated like a publisher.”
That’s not how the law works at all!
That’s not how the law works at all!
Look, I totally understand why senators might not get the nitty-gritty of some tech platform they’ve never had a reason to use. But if you want to repeal a law *the least you can do* is actually know what that law says. Knowing laws is literally your job!
Back to Blumenthal now. This is not going well.
“Companies that see something ought to say something.”
But again, the issue here is passing a super-vague law with a potentially massive scope.
But again, the issue here is passing a super-vague law with a potentially massive scope.
Blumenthal is asking Banker “can end-to-end encryption coexist with strong safeguards against child exploitation” — the implication is that the committee won’t have any reason to ban encryption. “This bill says nothing about encryption.”
This is really a bad-faith take.
This is really a bad-faith take.
Nobody is saying you literally cannot police child abuse without banning encryption. They’re saying this is potentially a *pretext* to ban encryption because the DOJ *has openly wanted to do this for years.*
“The truth is, encryption can coexist with strong law enforcement,” says Blumenthal — and says Facebook agrees. Okay, cool! Does Barr believe that too, though? Because he’s asked Facebook to not use encryption!
Mike Lee is asking Banker about encryption now. She’s noting that if the committee requires proactive screening of content — something that seems on the table — that might effectively rule out using end-to-end encryption.
The Judiciary Committee is pretty much completely in support of the bill, by the way. Sen. Ron Wyden has issued a statement against it.
Blackburn is (maybe sort of unintentionally) noting that big tech companies are talking a big game about wanting privacy but are often big privacy violators themselves. This is a good strike against them, although it doesn’t answer my questions about smaller sites.
Hawley is up now. “This legislation is really simple. It says that if these tech companies want the broad blanket protections of Section 230 … they’re gonna have to actually do something for it."
Hawley is deriding arguments that SESTA-FOSTA hurt the internet and saying everything is fine, which is to put it mildly not an uncontroversial claim.
“The days of this Congress giving out free stuff to Big Tech without expecting anything in return are coming to an end.” - Hawley.
Hawley is saying that Congress will still have to approve recommendations and can put a check on something like the DOJ.
Okay Hawley is making the “tech companies are violating privacy but say they want to protect privacy” claim explicit. Again, this is a totally good burn but does not address that “Big Tech” is not synonymous with the internet.
We’re debating an argument from Banker about whether the bill will hurt prosecutors under a Fourth Amendment defense. I haven’t heard it commonly raised and I’m not sure I can summarize it accurately, though.
Again I wish the one panelist they invited to critique the bill was not largely a proxy for the biggest companies on the internet, instead of, say, someone from one of the civil liberties groups who oppose it.
They’re back to Amazon not providing satisfactory answers about why it’s not reporting to NCMEC — I’ve been trying to find Amazon’s responses here but no dice.
All right! The hearing has been adjourned.
