Berin Szóka 🌐 Profile picture
Feb 10 50 tweets 20 min read
.@SenateJudiciary is marking up #EARNITAct, which claims to crack down on child sexual abuse material but will really jeopardize prosecutions. Forcing tech firms not to use strong encryption & to monitor users makes them state actors who need a warrant 🧵

judiciary.senate.gov/meetings/02/03…
#EARNITAct's sponsors say they've fixed the bill. They haven't. Making the "best practices" "voluntary" doesn't help. The 4th Amd./privacy problem has always been come from exposing tech companies to such vast liability that they *must* monitor what users say & abandon encryption
#EARNITAct was changed in 2020 to "fix" the liability it enables under federal law (by tying it to "actual knowledge", but it then does exactly the same thing through the back door: enabling states to enforce criminal & civil laws that turn on mere recklessness or negligence
That difference is key: if you can be sued or prosecuted without proof that you *knew* about CSAM, you'll have to monitor everything your users say lest you be accused of not doing enough to address the "risk" of CSAM being used on your service
Having to monitor user communications means either:
—abandoning strong encryption (the point is the provider can't read communications)
—compromising encryption by allowing the gov't to view it all as a "ghost user"
—monitoring content by scanning client-side (on the device)
The 2020 Leahy Amendment may shield companies from the first problem but it doesn't clearly fix the other two

We proposed an expansion of the Leahy Amendment drawing on existing language from federal law: §§ 2-4 come from 18 USC 2258A(f)
techfreedom.org/wp-content/upl…
Section 2258A(f) has been critical to courts ruling that tech companies are not state actors who need to get a warrant before they can monitor user communications: It assures that they're not under a legal duty to conduct searches
To avoid triggering the Fourth Amendment here, and thus letting criminals walk free, the Leahy Amendment to #EARNITAct must be expanded include 2258A(f)'s protections for monitoring: so if companies DO do it, it's truly voluntary
We add an additional prong: companies have no legal duty to "facilitate monitoring, or other access to the content of communications, by a government entity." That's crucial to avoid companies being coerced to allow ghost users, etc
So expanding the original Leahy Amendment is critical at today's #EARNITAct markup

But first, we have to restore the original Leahy Amendment. The current language may look similar, but it's actually the opposite of the Leahy amendment: it DOES allow tech companies to be sued
#EARNITAct turns on liability. Just like Texas's abortion law, it uses the fear of liability to coerce a desired result without technically requiring it—there, banning abortion, here banning encryption and coercing monitoring of users
Restoring the Leahy Amendment's protection is critical, but it's hard to craft protections from liability that will work in practice

So it's also critical that @SenateJudiciary tighten the underlying standards for liability. @SenMikeLee proposed just that at the 2020 markup...
Lee's 2020 amendment tied liability under state law to federal law, which requires actual knowledge, and also ensured that states would not expand liability by defining a slew of new terms differently from federal law
.@SenMikeLee withdrew these amendments on the understanding that #EARNITAct's sponsors would work with him to address his concerns on the Senate floor before any final vote. No such changes have been made. The bill still enables vast liability under state law
@SenMikeLee .@SenateJudiciary just spent 20 minutes debating whether the problem was racism or anyone mentioning racism—which is 20 minutes more than they've spent on figuring out whether #EARNITAct will make it easier or harder to stop child porn (answer: harder)
@SenMikeLee @SenateJudiciary Finally, we start markup of the #EarnItAct

Sen. Graham has to be on the floor soon, so... byyyyyye...
Graham: #Section230 laments the spread of child sexual abuse material protects social media platforms... they say they're billboards

230 has NEVER protected websites from criminal prosecution. Which is why Backpage was prosecuted even without #SESTA
Blumenthal is right: the only thing more odious than children being raped is images of that rape being spread online

Which is precisely why @SenateJudiciary needs to make sure #EARNITAct doesn't jeopardize the criminal prosecutions of those who spread child sexual abuse material
@SenateJudiciary Blumenthal: there is free software (PhotoDNA) that allows tech companies to detect when child sexual abuse material appears

Yes, and every company SHOULD use it! But ask yourself: why doesn't #EARNITAct just mandate that? Why does current law say there's no legal duty to scan?
Because if the government requires scanning, or effectively compels it, it's no longer private companies doing the right thing. It's a government actor conducting a search, which requires a warrant under the Fourth Amendment

The whole point of #EARNITAct is to coerce searches...
The bill's sponsors are trying to do an end-run around the Fourth Amendment

That will NOT hold up in court. Courts have heretofore ruled that, when tech companies scan user communications, they're doing so for their own reasons. #EARNITAct will force companies to get warrants
Blumenthal: there's no express duty to scan for CSAM but if they have knowledge of it, they can be accountable

In fact, #EARNITAct authorizes companies to be sued under *state* law merely for recklessness/negligence (i.e., not scanning)

That's how the bill breaks encryption...
End-to-end encryption means a provider can't read user communications

Offering E2EE could easily be considered "reckless"/"negligent" disregard of the risk of spreading CSAM
Blumenthal keeps saying #EARNITAct requires actual knowledge. That's only three of the first of three amendments to #Section230.

If he means that, he has to accept Lee's amendments to require actual knowledge under state claims
Kennedy: So you're saying that companies can be held liable if they seem CSAM and do nothing?"

Blumenthal: Yes

OK, so here's the problem with actual knowledge: it creates a perverse incentive NOT to monitor and to make it hard for anyone to notify you of unlawful material
Feinstein: I did not know there was a blanket immunity in this area of the law

THERE ISN'T! #Section230 does NOT affect enforcement of federal criminal law!
Lee: Many concerns were addressed in 2020. I voted for #EARNITAct understanding that sponsors would work with me to address concerns

They haven't. Presumably, Lee is going to reintroduce his excellent 2020 amendment. The real question is: will he support the bill when it fails?
Lee: it's at markup when we improve bills

Yes, and also it's supposed to be at hearings that the Committee members understand (a) what a bill does and (b) why there are concerns about it. The Committee is very far from understanding either, so today's markup is wildly premature
Lee's first amendment: restore the Leahy language approved at the July 2020 markup (protecting encryption), but then replaced with language from the House bill that does the opposite (punishing encryption) without discussion
Lee's 2nd amendment is minor (still unclear)

Lee's 3rd amendment focuses on services complicit in distribution of CSAM. Claims Big Tech companies can and do thoroughly monitor problematic posts. If they aren't just as vigilant about CSAM as about "stifling views," sue them
Lee: Big Tech has demonstrated the ability to thorough monitor their sites to [censor conservatives]

He's talking about removing *public content* that tech companies can monitor

But the problem with #EARNITAct is that it coerces tech companies not to encrypt *private* messaging
If #EARNITAct passes, Signal has already said they will have to leave the US for fear of being sued

The entire point of end-to-end-encryption is that it can't be content-moderated

Lee is mixing up apples and oranges
It's hard to believe Lee doesn't understand the difference between content moderation of *unencrypted* PUBLIC posts and forcing companies NOT to encrypt private user-to-user communications so they can be content-moderated

But, hey, at least he got to complain about "censorship"
Really sad that the only Senator (Lee) willing to stand up and try to fix clear problems with #EARNITAct also fundamentally misunderstands how content moderation and encryption works
But his example is exactly right: without his amendment (contra Blumenthal), #EARNITAct would allow a church to be held strictly liable if someone posts CSAM on its messaging board

Again, his amendment merely ties state claims to federal law, which requires actual knowledge
Lee: if you want to adopt a different [knowledge] standard (from "actual knowledge"), let's have that conversation. But let's not leave it up to states to adopt whatever standards they want

Amen
Blumenthal: the treatment of encryption in #EARNITAct is the result of many hours of discussion with Sen Leahy. The bill doesn't prohibit liability for encryption, only misuse of encryption to further illegal activity

He's talking about the new "independent basis" language...
Blumenthal means that using encryption can't be an "independent basis" for liability, but it *can* be used as evidence of a company not doing enough to stop CSAM

@Riana_Crypto addressed this two years ago

tl;dr: if you can sue for "recklessness," the protection is meangingless
Sen @Ossoff takes the floor, enters into the record a massive coalition letter warning about the perverse consequences of #EARNITAct
Leahy: we negotiated some language about encryption, which is included in #EARNITAct. I think the language does that [protecting encryption]

No! The current language does the opposite from Leahy's 2020 amendment! It says websites CAN be sued for encryption!
Also, the issue here is not actually primarily about encryption (using strong encryption means you can't monitor) but about whether tech companies are coerced into monitoring for CSAM

That *sounds* great, but the government can't do that without subjecting companies to the 4Amd!
Neither the original version of the Leahy Amendment nor the current version protects companies from being sued for not doing enough to monitor for CSAM

There is a reason why current law (2258A(f) says they have no such duty: it would trigger the Fourth Amendment!
Concerns about encryption have always been secondary, so merely saying you can't be held liable for using encryption obviously don't solve the problem

If Whatsapp stops using E2EE and starts monitoring private messaging, it will be conducting searches under legal compulsion
The Supreme Court has been VERY clear: the government doesn't need to explicitly require something to trigger the Fourth Amendment.

Read our letter: techfreedom.org/wp-content/upl…
Blumenthal: this approach is very narrowly targeted, we're carving out an exception, but I hope we'll review #Section230 as a whole

Allowing tech services to be sued for recklessness in using encryption is ANYTHING but "narrowly targeted"
Lee's amendment would at least fix that problem

But as with the 2020 markup, he correctly identified that problem today, but didn't bother to even put his amendment up for a vote

The sponsors didn't fix the problem last time and clearly won't this time. They don't even get it
#EARNITAct sent to the floor with no objections, no amendments, no vote on amendments, and no one other than @SenMikeLee even remotely understanding how the bill works (and even he is deeply confused about how content moderation and encryption works)

#YourTaxDollarsAtWork
Don't miss my colleague @AriCohn's thread on the hearing:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Berin Szóka 🌐

Berin Szóka 🌐 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BerinSzoka

Feb 10
Before #EARNITAct markup, a @SenateJudiciary Culture Wars kerfuffle

January: @MarshaBlackburn asked a black appellate nominee (Andre Mathis) about his "rap sheet" (actually 3 decade-old traffic tickets)

Today, @SenAlexPadilla complained about this... 🧵ballsandstrikes.org/nominations/an…
Blackburn was pissed that Biden nominated Mathis to an appeals court in Tennessee over the "blue slip" objections of both TN Republican Senators

Trump bypassed 17 Dem blue slips

So Blackburn focused on Mathis's "rap sheet," implying that getting 3 tickets made him a criminal
"RAP" means "Record of Arrests and Prosecutions"

a "RAP sheet" is a list of criminal charges

It's NOT getting three traffic tickets a decade ago
Read 10 tweets
Oct 14, 2021
1/ Democrats want to stop websites from spreading hate speech, misinformation, etc

But this bill would do the opposite; it would do exactly what the Trump administration wanted—because @EnergyCommerce Dems still don't understand how #Section230 works
2/ The bill would expose many websites to liability, both civil and criminal, for making recommendations. States will enforce existing laws & write new ones, and we'll spend years litigating them under the First Amendment

But that's not all the bill does...
3/ The bill turns off (c)(1) protections "with respect to information" subject to a "personalized recommendation"

Thus, a website could be sued both for recommending content and also for trying to stop its spread once it's been "recommended" by automated, algorithmic processes
Read 12 tweets
May 14, 2021
1/ There's nothing "conservative" (or constitutional) about the MAGA Fairness Doctrine for the Internet

They're recycling 1960s left's “media access theory”

Me in the WSJ: wsj.com/articles/sen-j…
2/ The First Amendment doesn't give you a right to speak on someone else's property. It actually guarantees *their* right to tell you to take a hike, no matter now "unfair" that might be

Because the 1A is a shield against government meddling in media, not a sword
3/ No, we cant just extend "net neutrality" to social media, because social media have always offered an inherently edited service
Read 8 tweets
Apr 21, 2021
Livetweeting this hearing on app store competition

The central premise, that app stores have "gatekeeper" control, is greatly exaggerated, if not wrong
Klobuchar emphasizes that Apple won't allow sideloading of apps onto iOS photos (as Google does)

But Apple has, since 2018, allowed progressive web apps (PWAs) to run in the Safari mobile browser

And PWAs are increasingly able to duplicate the functionality of "native" apps
PWAs have some significant advantages over native apps (found in app stores): notably, you can build the same app to run on all major web browsers (except Firefox), so you don't have to build separate Android and iOS versions
Read 32 tweets
Apr 21, 2021
Just tuned in to @LinaMKhan's confirmation hearing. Of course, Wicker focuses on whether social media can be treated as common carriers, citing Justice Thomas

Apples & oranges: Lina's paper was about *economic* regulation of Amazon, not content moderation, protected by the 1A
Unfortunately, she didn't make that distinction clear, just saying that we need to be "a bit market specific"

I debunk Thomas's opinion here (with @corbinkbarthold) lawfareblog.com/justice-thomas…
And I explain the line between regulating economic conduct (what Dems are focused on) and regulating editorial judgments (what Republicans are focused on here:
gaidigitalreport.com/2020/10/04/sec…
Read 9 tweets
Apr 19, 2021
Republicans have relentlessly attacked "Big Tech" companies for "censoring" conservatives

Under pressure, Apple has caved, reinstating the #Parler app even though, for example, openly Nazi content is still readily available on the site. And that's just the tip of the iceberg...
It's hard to know what's really on Parler because the site doesn't allow full text search: unlike on Facebook or Twitter, you can only search for user names and hashtags

Even before the January 6 insurrection, Parler censored certain hashtags, like the N-Word
This was the bare minimum of what it took to create the veneer of respectability required to pretend that the site wasn't the cesspool of hate speech that it actually is

Parler seems to have expanded the list of banned hashtags to include other code words (eg "skittles"=Muslims)
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(