.@SenateJudiciary is marking up #EARNITAct, which claims to crack down on child sexual abuse material but will really jeopardize prosecutions. Forcing tech firms not to use strong encryption & to monitor users makes them state actors who need a warrant 🧵
#EARNITAct's sponsors say they've fixed the bill. They haven't. Making the "best practices" "voluntary" doesn't help. The 4th Amd./privacy problem has always been come from exposing tech companies to such vast liability that they *must* monitor what users say & abandon encryption
#EARNITAct was changed in 2020 to "fix" the liability it enables under federal law (by tying it to "actual knowledge", but it then does exactly the same thing through the back door: enabling states to enforce criminal & civil laws that turn on mere recklessness or negligence
That difference is key: if you can be sued or prosecuted without proof that you *knew* about CSAM, you'll have to monitor everything your users say lest you be accused of not doing enough to address the "risk" of CSAM being used on your service
Having to monitor user communications means either:
—abandoning strong encryption (the point is the provider can't read communications)
—compromising encryption by allowing the gov't to view it all as a "ghost user"
—monitoring content by scanning client-side (on the device)
The 2020 Leahy Amendment may shield companies from the first problem but it doesn't clearly fix the other two
We proposed an expansion of the Leahy Amendment drawing on existing language from federal law: §§ 2-4 come from 18 USC 2258A(f) techfreedom.org/wp-content/upl…
Section 2258A(f) has been critical to courts ruling that tech companies are not state actors who need to get a warrant before they can monitor user communications: It assures that they're not under a legal duty to conduct searches
To avoid triggering the Fourth Amendment here, and thus letting criminals walk free, the Leahy Amendment to #EARNITAct must be expanded include 2258A(f)'s protections for monitoring: so if companies DO do it, it's truly voluntary
We add an additional prong: companies have no legal duty to "facilitate monitoring, or other access to the content of communications, by a government entity." That's crucial to avoid companies being coerced to allow ghost users, etc
So expanding the original Leahy Amendment is critical at today's #EARNITAct markup
But first, we have to restore the original Leahy Amendment. The current language may look similar, but it's actually the opposite of the Leahy amendment: it DOES allow tech companies to be sued
#EARNITAct turns on liability. Just like Texas's abortion law, it uses the fear of liability to coerce a desired result without technically requiring it—there, banning abortion, here banning encryption and coercing monitoring of users
Restoring the Leahy Amendment's protection is critical, but it's hard to craft protections from liability that will work in practice
So it's also critical that @SenateJudiciary tighten the underlying standards for liability. @SenMikeLee proposed just that at the 2020 markup...
Lee's 2020 amendment tied liability under state law to federal law, which requires actual knowledge, and also ensured that states would not expand liability by defining a slew of new terms differently from federal law
.@SenMikeLee withdrew these amendments on the understanding that #EARNITAct's sponsors would work with him to address his concerns on the Senate floor before any final vote. No such changes have been made. The bill still enables vast liability under state law
@SenMikeLee .@SenateJudiciary just spent 20 minutes debating whether the problem was racism or anyone mentioning racism—which is 20 minutes more than they've spent on figuring out whether #EARNITAct will make it easier or harder to stop child porn (answer: harder)
Sen. Graham has to be on the floor soon, so... byyyyyye...
Graham: #Section230 laments the spread of child sexual abuse material protects social media platforms... they say they're billboards
230 has NEVER protected websites from criminal prosecution. Which is why Backpage was prosecuted even without #SESTA
Blumenthal is right: the only thing more odious than children being raped is images of that rape being spread online
Which is precisely why @SenateJudiciary needs to make sure #EARNITAct doesn't jeopardize the criminal prosecutions of those who spread child sexual abuse material
@SenateJudiciary Blumenthal: there is free software (PhotoDNA) that allows tech companies to detect when child sexual abuse material appears
Yes, and every company SHOULD use it! But ask yourself: why doesn't #EARNITAct just mandate that? Why does current law say there's no legal duty to scan?
Because if the government requires scanning, or effectively compels it, it's no longer private companies doing the right thing. It's a government actor conducting a search, which requires a warrant under the Fourth Amendment
The whole point of #EARNITAct is to coerce searches...
The bill's sponsors are trying to do an end-run around the Fourth Amendment
That will NOT hold up in court. Courts have heretofore ruled that, when tech companies scan user communications, they're doing so for their own reasons. #EARNITAct will force companies to get warrants
Blumenthal: there's no express duty to scan for CSAM but if they have knowledge of it, they can be accountable
In fact, #EARNITAct authorizes companies to be sued under *state* law merely for recklessness/negligence (i.e., not scanning)
That's how the bill breaks encryption...
End-to-end encryption means a provider can't read user communications
Offering E2EE could easily be considered "reckless"/"negligent" disregard of the risk of spreading CSAM
Blumenthal keeps saying #EARNITAct requires actual knowledge. That's only three of the first of three amendments to #Section230.
If he means that, he has to accept Lee's amendments to require actual knowledge under state claims
Kennedy: So you're saying that companies can be held liable if they seem CSAM and do nothing?"
Blumenthal: Yes
OK, so here's the problem with actual knowledge: it creates a perverse incentive NOT to monitor and to make it hard for anyone to notify you of unlawful material
Feinstein: I did not know there was a blanket immunity in this area of the law
THERE ISN'T! #Section230 does NOT affect enforcement of federal criminal law!
Lee: Many concerns were addressed in 2020. I voted for #EARNITAct understanding that sponsors would work with me to address concerns
They haven't. Presumably, Lee is going to reintroduce his excellent 2020 amendment. The real question is: will he support the bill when it fails?
Lee: it's at markup when we improve bills
Yes, and also it's supposed to be at hearings that the Committee members understand (a) what a bill does and (b) why there are concerns about it. The Committee is very far from understanding either, so today's markup is wildly premature
Lee's first amendment: restore the Leahy language approved at the July 2020 markup (protecting encryption), but then replaced with language from the House bill that does the opposite (punishing encryption) without discussion
Lee's 2nd amendment is minor (still unclear)
Lee's 3rd amendment focuses on services complicit in distribution of CSAM. Claims Big Tech companies can and do thoroughly monitor problematic posts. If they aren't just as vigilant about CSAM as about "stifling views," sue them
Lee: Big Tech has demonstrated the ability to thorough monitor their sites to [censor conservatives]
He's talking about removing *public content* that tech companies can monitor
But the problem with #EARNITAct is that it coerces tech companies not to encrypt *private* messaging
If #EARNITAct passes, Signal has already said they will have to leave the US for fear of being sued
The entire point of end-to-end-encryption is that it can't be content-moderated
Lee is mixing up apples and oranges
It's hard to believe Lee doesn't understand the difference between content moderation of *unencrypted* PUBLIC posts and forcing companies NOT to encrypt private user-to-user communications so they can be content-moderated
But, hey, at least he got to complain about "censorship"
Really sad that the only Senator (Lee) willing to stand up and try to fix clear problems with #EARNITAct also fundamentally misunderstands how content moderation and encryption works
But his example is exactly right: without his amendment (contra Blumenthal), #EARNITAct would allow a church to be held strictly liable if someone posts CSAM on its messaging board
Again, his amendment merely ties state claims to federal law, which requires actual knowledge
Lee: if you want to adopt a different [knowledge] standard (from "actual knowledge"), let's have that conversation. But let's not leave it up to states to adopt whatever standards they want
Amen
Blumenthal: the treatment of encryption in #EARNITAct is the result of many hours of discussion with Sen Leahy. The bill doesn't prohibit liability for encryption, only misuse of encryption to further illegal activity
He's talking about the new "independent basis" language...
Blumenthal means that using encryption can't be an "independent basis" for liability, but it *can* be used as evidence of a company not doing enough to stop CSAM
Leahy: we negotiated some language about encryption, which is included in #EARNITAct. I think the language does that [protecting encryption]
No! The current language does the opposite from Leahy's 2020 amendment! It says websites CAN be sued for encryption!
Also, the issue here is not actually primarily about encryption (using strong encryption means you can't monitor) but about whether tech companies are coerced into monitoring for CSAM
That *sounds* great, but the government can't do that without subjecting companies to the 4Amd!
Neither the original version of the Leahy Amendment nor the current version protects companies from being sued for not doing enough to monitor for CSAM
There is a reason why current law (2258A(f) says they have no such duty: it would trigger the Fourth Amendment!
Concerns about encryption have always been secondary, so merely saying you can't be held liable for using encryption obviously don't solve the problem
If Whatsapp stops using E2EE and starts monitoring private messaging, it will be conducting searches under legal compulsion
The Supreme Court has been VERY clear: the government doesn't need to explicitly require something to trigger the Fourth Amendment.
Blumenthal: this approach is very narrowly targeted, we're carving out an exception, but I hope we'll review #Section230 as a whole
Allowing tech services to be sued for recklessness in using encryption is ANYTHING but "narrowly targeted"
Lee's amendment would at least fix that problem
But as with the 2020 markup, he correctly identified that problem today, but didn't bother to even put his amendment up for a vote
The sponsors didn't fix the problem last time and clearly won't this time. They don't even get it
#EARNITAct sent to the floor with no objections, no amendments, no vote on amendments, and no one other than @SenMikeLee even remotely understanding how the bill works (and even he is deeply confused about how content moderation and encryption works)
1/ Democrats want to stop websites from spreading hate speech, misinformation, etc
But this bill would do the opposite; it would do exactly what the Trump administration wanted—because @EnergyCommerce Dems still don't understand how #Section230 works
2/ The bill would expose many websites to liability, both civil and criminal, for making recommendations. States will enforce existing laws & write new ones, and we'll spend years litigating them under the First Amendment
But that's not all the bill does...
3/ The bill turns off (c)(1) protections "with respect to information" subject to a "personalized recommendation"
Thus, a website could be sued both for recommending content and also for trying to stop its spread once it's been "recommended" by automated, algorithmic processes
2/ The First Amendment doesn't give you a right to speak on someone else's property. It actually guarantees *their* right to tell you to take a hike, no matter now "unfair" that might be
Because the 1A is a shield against government meddling in media, not a sword
3/ No, we cant just extend "net neutrality" to social media, because social media have always offered an inherently edited service
Klobuchar emphasizes that Apple won't allow sideloading of apps onto iOS photos (as Google does)
But Apple has, since 2018, allowed progressive web apps (PWAs) to run in the Safari mobile browser
And PWAs are increasingly able to duplicate the functionality of "native" apps
PWAs have some significant advantages over native apps (found in app stores): notably, you can build the same app to run on all major web browsers (except Firefox), so you don't have to build separate Android and iOS versions
Just tuned in to @LinaMKhan's confirmation hearing. Of course, Wicker focuses on whether social media can be treated as common carriers, citing Justice Thomas
Apples & oranges: Lina's paper was about *economic* regulation of Amazon, not content moderation, protected by the 1A
Unfortunately, she didn't make that distinction clear, just saying that we need to be "a bit market specific"
And I explain the line between regulating economic conduct (what Dems are focused on) and regulating editorial judgments (what Republicans are focused on here: gaidigitalreport.com/2020/10/04/sec…
Republicans have relentlessly attacked "Big Tech" companies for "censoring" conservatives
Under pressure, Apple has caved, reinstating the #Parler app even though, for example, openly Nazi content is still readily available on the site. And that's just the tip of the iceberg...
It's hard to know what's really on Parler because the site doesn't allow full text search: unlike on Facebook or Twitter, you can only search for user names and hashtags
Even before the January 6 insurrection, Parler censored certain hashtags, like the N-Word
This was the bare minimum of what it took to create the veneer of respectability required to pretend that the site wasn't the cesspool of hate speech that it actually is
Parler seems to have expanded the list of banned hashtags to include other code words (eg "skittles"=Muslims)