The Honorable Lindsey Graham
United States Senate
Chairman, Committee on the Judiciary
290 Russell Senate Office Building
Washington, DC 20510

The Honorable Dianne Feinstein
United States Senate
Ranking Member, Committee on the Judiciary
331 Hart Senate Office Building
Washington, D.C. 20510

RE: Opposing the EARN IT Act, S. 3398

Dear Chairman Graham and Ranking Member Feinstein,

I write on behalf of Human Rights Watch to express our opposition to S.3398, the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (the “EARN IT Act”) [1] which is currently under consideration by the Senate Judiciary Committee. We believe that the EARN IT Act not only jeopardizes privacy and threatens the right to free expression, but also fails to effectively protect children from online exploitation.

Instead, we urge you to support a rights-respecting approach to ensure that efforts to tackle online child sexual abuse material are targeted, nuanced, and effective.

Human Rights Watch is an independent, international organization that monitors and reports on human rights in more than 90 countries globally. We regularly investigate the abuse and exploitation of children around the world, including in the United States and online, and advocate for effective measures to curb the sexual abuse of children.[2]

The EARN IT Act seeks to establish a National Commission on Online Child Sexual Exploitation Prevention (the “Commission”) charged with the development of best practices to prevent, reduce, and respond to the online sexual exploitation of children. The EARN IT Act would require companies that provide internet services to comply with these best practices, which would be approved by Congress through special procedures. Companies that do not implement the Commission’s best practices would lose the protections that shield companies from civil and state criminal liability for content posted by website users,[3] codified under Section 230 of the Communications Decency Act (“Section 230”).[4] If Congress failed to approve any of the Commission’s recommendations on best practices, Section 230 protections would be weakened for all internet companies for years after the date of the EARN IT Act’s passage, regardless of any steps the companies took to end the online sexual exploitation of children.

We write to express our concerns with the EARN IT Act and recommend an alternate approach. Human Rights Watch strongly supports action by the United States government to fulfill its international treaty obligations to protect children from sexual exploitation and eradicate the spread of child sexual abuse material (CSAM).[5] We commend the goals of the EARN IT Act, and agree that internet companies need to do more to eliminate rights-abusing images on their platforms, including the sharing of CSAM. However, the approach proposed risks infringing on internet users’ right to free expression and other fundamental rights. We urge government officials, companies, child protection and rights groups, civil society, and children to work together to develop rights-respecting practices that support the safety of individuals online, including children, and protect and promote a free internet.

  1. The EARN IT Act may unjustifiably limit free expression on the internet

Section 230 of the Communications Decency Act provides protection from civil liability and State criminal liability to internet companies for content that the company does not originate. In other words, a person who posts certain illegal content on a website can be held liable for that content, but the website itself cannot. Section 230 protections allow websites to promote the free exchange of information online, subject to each website’s good faith efforts to remove content that is obscene, harassing, or violent. Section 230 specifically does not shield companies from liability for content that violates federal criminal law, such as content that sexually exploits children.

Section 230 facilitates the exercise of human rights on the internet. People can best exercise their right to free expression online when companies moderate content in accordance with human rights principles, without undue or arbitrary restrictions to online content.

The EARN IT Act would tie Section 230 protections to compliance with a set of yet-to-be-defined best practices or, if Congress does not approve recommendations submitted by the Commission, removes Section 230 protections for all internet companies. Companies could be held liable for damages up to $150,000 per civil suit,[6] likely a prohibitive cost for small companies that would incentivize heavy censorship of online content. 

The Commission will likely recommend best practices that include standards for moderating and removing online content. The EARN IT Act approach forces internet companies to make a choice: manage the online expression of users based on best practices developed behind closed doors by an unelected 19-member commission, or face increased liability. Facing the risk of criminal prosecution for submitting a false claim, company officers will be incentivized to moderate content even more rigorously than the Commission recommends in order to minimize their exposure.

As written, the EARN IT Act’s approach will likely result in the overbroad censorship of protected speech alongside the removal of CSAM, without distinction. As companies shift towards increased reliance on automated content moderation, over-broad removal practices are even more likely. This has already occurred in the context of the Stop Enabling Sex Traffickers Act (SESTA) and Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) legislative package, which reduced Section 230 immunity for online speech that could be construed as enabling sex work or supporting sex workers. SESTA-FOSTA’s passage prompted some websites to remove all sex- and relationship-related content to reduce the risk of liability,[7] chilling the online free expression of sex workers and advocates, creating more dangerous work conditions for many workers, and limiting the ability of sex workers to access critical health services and information.[8]

Children are entitled to specific protections for their safety, privacy, development, identity, and freedom of expression online, among other rights. A nuanced, targeted approach is critical to both protect children from online harm and protect their rights to use online spaces and access information. For instance, Human Rights Watch documented how a law in Russia justified as being “aimed at protecting children” denied lesbian, gay, bisexual and transgender (LGBT) children life-saving support services, information, and community, and curtailed their freedom of expression. [9]

Under international human rights law, for any interference in an individual’s right to free expression to be legitimate, it must be specified in law, necessary to protect a specific legitimate interest in the safeguarding of peoples’ rights or to ensure national security, public health, or public order, and be a proportionate means of attaining the expected benefit.[10]

The broad expansion of intermediary liability weighed against a set of yet-to-be-defined recommendations, in the absence of an impact assessment or public debate about the necessity and proportionality of such restrictions, threatens the exercise of the right to free expression on the internet. The provisions of the EARN IT Act that limit Section 230 protections would thus violate US obligations under the International Covenant on Civil and Political Rights.[11]

  1. The EARN IT Act threatens access to encryption, which enables internet users to express themselves safely and securely

Provisions of the EARN IT Act threaten access to encryption, which is secure technology that keeps people safe and protects rights in the digital age. As people’s lives shift online, encryption protects the most important digital information—such as details about health, finances, personal relationships, family, and political views—from exploitation and surveillance. Encryption enables everyone, from children attending school online to journalists and whistleblowers, to exercise their rights without fear of retribution.[12]

In recent years, the Department of Justice has repeatedly indicated that it believes access to encryption facilitates the online spread of CSAM. Attorney General William Barr and other officials have called on technology companies to provide special access to law enforcement to monitor and investigate the spread of CSAM online.[13] Proposals to undermine encryption for any purpose endanger all people who rely on encryption for safety and security—once one government enjoys special access, so too will rights-abusing governments and criminal hackers.

Several provisions of the EARN IT Act appear likely to prohibit, weaken, or undermine access to encryption. The issues the EARN IT Act empowers the Commission to address include “retaining child sexual exploitation content and related user identification and location data.”[14] End-to-end encryption impedes the collection of content. Under the EARN IT Act, companies that lose Section 230 protections could be subject to a civil right of action for “recklessly” enabling the distribution of CSAM.[15] (Current law permits such civil action only for the “knowing” distribution of CSAM.[16]) Civil society organizations and privacy advocates have expressed concern that the provision of encrypted communications could be construed as “recklessly” enabling the spread of CSAM.[17]

Human Rights Watch appreciates recent statements made by Senators Richard Blumenthal and Josh Hawley that the EARN IT Act would not be used to attack widespread encryption.[18]However, unless the bill is amended, the risk remains that the Commission could interpret its mandate to include recommendations to prohibit, weaken, or undermine access to encryption.

  1. Congress should affirm a rights-respecting approach to prevent, reduce, and respond to the online sexual exploitation of children

Human Rights Watch urges Congress to reject approaches like the EARN IT Act that frame the problem of combating CSAM online as a binary choice between children’s rights and other fundamental rights. All human rights are universal and inalienable, indivisible and interdependent.[19] Human Rights Watch recommends that any legislative, technological or other proposed solutions or ‘best practices’ include careful consideration of any human rights implications, and give due attention to unforeseen and unexpected consequences–for children and for all vulnerable groups.

  1. Congress should update and implement a comprehensive, holistic national framework to prevent and respond to the online sexual exploitation of children

Efforts to combat child exploitation online generally involve the following components: prevention; identification, reporting, processing, and removal of content; enforcement; and assistance, support, and protection measures for child victims. Each of these components present different complexities, involve different mitigation strategies, and may have different technological, public policy, and rights implications.

The EARN IT Act does not make these distinctions. Instead, it adopts a one-size-fits-all approach by presenting a list of best practices for the proposed Commission to prioritize, without an explanation of why and how these measures are the most effective tools to address the various components of anti-CSAM work. The bill does not refer to an evidence-based theory of change or an evaluation of the effectiveness of measures taken to date, or propose a gap analysis of critical areas that may have received chronic underinvestment.

Absent these, the EARN IT Act risks diverting precious resources down less strategic pathways. This may occur when the proposed solution or initiative addresses the wrong problem—such as the misapplication of technology tools to solve social, policy, or enforcement problems. It carries hidden risks of infringing not only on the rights of children in different contexts, but also on the rights of marginalized groups and of society as a whole.

A comprehensive, holistic national framework to protect children and affirm human rights would mitigate such potential harms. A useful starting place may be the National Strategy for Child Exploitation Prevention and Interdiction of 2016.[20] Created by the Providing Resources, Officers, and Technology to Eradicate Cyber Threats (PROTECT) Our Children Act of 2008, the National Strategy sets out measurable goals and objectives to prevent and protect children from sexual abuse and exploitation, and establishes the imperative to employ a strategic, coordinated campaign across all components of the fight against online CSAM.

Human Rights Watch recommends that Congress re-examine and update this National Strategy to ensure that human rights considerations and assessments are integrated throughout. We urge Congress to invite meaningful participation and engagement with children, whose voices and opinions are central to these policies. We further suggest that Congress reflect new technological advances and emerging windows of opportunity for policy, legislative and funding commitments, particularly with regard to the importance of encryption for a safe and secure internet. Any proposed anti-CSAM initiatives should be created in line with the updated National Strategy.

By doing so, Congress can better ensure that efforts to tackle each aspect of online CSAM are targeted, nuanced, effective, and rights-respecting.

  1. Congress should invest in enforcement mechanisms that will hold perpetrators accountable, and in assistance, support, and protection measures for child victims

To date, each of the components of anti-CSAM work have received different investments of resources, attention, and scrutiny. A New York Times investigation into child sex exploitation enforcement last year found that law enforcement agencies were left severely understaffed and underfunded, even as they were asked to handle an exponential surge in caseloads. Congress regularly appropriates only half of the yearly funding for enforcement authorized by the PROTECT Our Children Act; and the Department of Justice diverts a significant percentage of that allocation. [21] Many of the strongest provisions of the PROTECT Our Children Act (2008) and the Child Protection Act (2012) have gone unfulfilled, unfixed, or ignored.[22]

We urge Congress to request that the Government Accountability Office conduct a review of the federal government’s response to these problems, including the failure to fulfill major aspects of the PROTECT Our Children Act of 2008 and the Child Protection Act of 2012, as requested earlier this year by Senators Margaret Wood Hassan and Marsha Blackburn and Representatives Ann McLane Kuster and Anthony Gonzalez.[23] We also urge Congress to invest in assistance, support, and protection measures for child victims[24], and to ensure that all children can receive help, regardless of if they come from settings or communities that have been traditionally marginalized, excluded, or disproportionately affected.

  1. Congress should explicitly legislate any new standards applicable to internet providers to combat CSAM

Last year’s New York Times investigation found that technology companies do not uniformly deploy technical tools that would detect existing abuse imagery on their platforms, and that their efforts to police abusive imagery are inconsistent, largely unilateral, and insufficient.

The EARN IT Act focuses on punitive measures without articulating new requirements and expectations for internet providers. Nor does it provide an evidence-based explanation for how the yet-to-be defined requirements will reduce the online sexual exploitation of children.

In considering new legislation, we urge Congress to explicitly define expectations for internet providers. This may involve providing oversight of efforts by internet providers to combat CSAM through evidence-based testing, ongoing evaluation of effectiveness and possible rights infringements, and monitoring for consistency and standardization across the industry. Such efforts should acknowledge and address the differing capacity of internet companies to comply with oversight provisions depending on revenue and user base. This may also involve defining and deciding on approaches that would require providers to meet a higher standard in fulfilling current duties as outlined by federal law.[25] Or it could involve imposing additional duties to those outlined in existing federal law.

We urge Congress to ensure that such standards-setting legislation is based on available evidence and research, and to consider the prevalence, nature, and consequences of anti-CSAM efforts on all children.

***

Human Rights Watch strongly supports action by the United States government to fulfill its international treaty obligations to protect children from sexual abuse and eradicate the spread of CSAM. We oppose the EARN IT Act as written for its threats to users’ right to free expression and other fundamental rights. We urge Congress to affirm the importance of a rights-respecting approach, as noted above, to stop the spread of child sexual exploitation online.

Please do not hesitate to contact us if we can provide further information. We appreciate your attention to this important matter.

Sincerely,
Hye Jung Han
Researcher and Advocate, Children’s Rights and Technology
Human Rights Watch

[1] Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020, S. 3398, available at https://www.congress.gov/bill/116th-congress/senate-bill/3398/text (accessed March 14, 2020).

[2] For some recent examples, see: Human Rights Watch, “South Korea Online Sexual Abuse Case Illustrates Gaps in Government Response,” March 26, 2020, available at https://www.hrw.org/news/2020/03/26/south-korea-online-sexual-abuse-case-illustrates-gaps-government-response (accessed May 8, 2020); Human Rights Watch, “Internet Bringing New Forms of Violence Against Women,” October 29, 2019, available at https://www.hrw.org/news/2019/10/28/internet-bringing-new-forms-violence-against-women (accessed May 8, 2020); Human Rights Watch, Breaking the Silence: Child Sexual Abuse in India, February 7, 2013, available at https://www.hrw.org/report/2013/02/07/breaking-silence/child-sexual-abuse-india (accessed March 14, 2020); Human Rights Watch, “It’s Not Normal”: Sexual Exploitation, Harassment and Abuse in Secondary Schools in Senegal, October 18, 2018, available at https://www.hrw.org/report/2018/10/18/its-not-normal/sexual-exploitation-harassment-and-abuse-secondary-schools-senegal (accessed March. 14, 2020); and Human Rights Watch, “End Child Marriage in Massachusetts,” https://www.hrw.org/EndChildMarriage (accessed March 14, 2020).

[3] Specifically, the EARN IT Act would create a certification system based on these best practices for companies that provide internet services. The best practices would have to first be approved by the Attorney General and by Congress through special procedures. Once Congress approved the best practices, companies would be asked to submit yearly certifications to the Attorney General indicating that their operations were in compliance with the approved best practices. The Attorney General could investigate companies suspected of having submitted false certifications, and could pursue criminal charges against company officers involved in making false claims. Companies that did not participate in the certification program would lose the protections that now shield them under Section 230.

[4] 47 U.S.C. § 230.

[5] Optional Protocol to the Convention on the Rights of the Child on the sale of children, child prostitution and child pornography, adopted May 25, 2000, 2171 U.N.T.S. 227, entered into force January 18, 2002, ratified by the United States December 23, 2002, available at https://www.ohchr.org/EN/ProfessionalInterest/Pages/OPSCCRC.aspx (accessed March 14, 2020); see also Convention on the Rights of the Child (CRC), adopted November 20, 1989, 1577 U.N.T.S. 3, entered into force September 2, 1990, signed by the United States February 16, 1995, art. 19, available at https://www.ohchr.org/en/professionalinterest/pages/crc.aspx (accessed March 14, 2020).

[6] 18 U.S.C. § 2255.

[7] Aja Romano, “A new law intended to curb sex trafficking threatens the future of the internet as we know it,” Vox, July 2, 2018, available at https://www.vox.com/culture/2018/4/13/17172762/fosta-sesta-backpage-230-internet-freedom (accessed May 14, 2020).

[8] Human Rights Watch, “US: Block Law Endangering Sex Workers,” September 19, 2019, available at https://www.hrw.org/news/2019/09/19/us-block-law-endangering-sex-workers (accessed March 14, 2020); Woodhull Freedom Found. v. United States, 948 F.3d 363; Human Rights Watch, Joint Letter to the Council of the District of Columbia Regarding Supporting B23-0318, the “Community Safety and Health Amendment Act of 2019,” available at https://www.hrw.org/news/2019/07/02/joint-letter-council-district-columbia-regarding-supporting-b23-0318-community (accessed May 12, 2020). Human Rights Watch supports the SESTA and FOSTA Examination of Secondary Effects for Sex Workers Study Act, HR. 5448/S. 3165, available at https://www.congress.gov/bill/116th-congress/house-bill/5448 (accessed May 13, 2020), to mandate a study to understand the impact on the health, safety and wellbeing of people in transactional sex when losing access to websites containing information related to commercial sex.

[9] Human Rights Watch, “No Support: Russia’s “Gay Propaganda” Law Imperils LGBT Youth,” available at https://www.hrw.org/report/2018/12/11/no-support/russias-gay-propaganda-law-imperils-lgbt-youth (accessed May 5, 2020).

[10] International Covenant on Civil and Political Rights (ICCPR), adopted December 16, 1966, 999 U.N.T.S. 171, entered into force March 23, 1976, ratified by the United States on June 8, 1992, art. 19(3), available at https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx (accessed March 14, 2020); UN Human Rights Committee, General Comment 34, CCPR/C/GC/34 (September 12, 2011) paras. 22, 33-34. 

[11] ICCPR, art. 19.

[12] Human Rights Watch, “Protecting Your Security and Rights Online,” December 11, 2018, available at https://www.hrw.org/news/2018/12/11/protecting-your-security-and-rights-online (accessed May 6, 2020); Human Rights Watch, “Encryption is for ‘Real People’,” August 2, 2017, available at https://www.hrw.org/news/2017/08/02/encryption-real-people (accessed May 6, 2020).

[13] United States Department of Justice, “Attorney General William P. Barr Delivers Keynote Address at the International Conference on Cyber Security,” July 23, 2019, available at https://www.justice.gov/opa/speech/attorney-general-william-p-barr-delivers-keynote-address-international-conference-cyber (accessed March 14, 2020); Five Country Ministerial, “Communiqué,” July 29, 2019, available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/822816/2019-07-24_Communique_FINAL_3.pdf (accessed March 14, 2020); Human Rights Watch, “Governments to Facebook: Stop Making Encryption Easy,” October 4, 2019, available at https://www.hrw.org/news/2019/10/04/governments-facebook-stop-making-encryption-easy (accessed March 14, 2020).

[14] EARN IT Act, S. 3398, Sec. 4(a)(3)(C).

[15] Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020, S. 3398, Sec. 6(b), available at https://www.congress.gov/bill/116th-congress/senate-bill/3398/text (accessed March 14, 2020).

[16] 18 U.S.C. 2252, 2252A.

[17] Coalition letter to Senators Lindsey Graham and Richard Blumenthal, March 6, 2020, available at https://newamericadotorg.s3.amazonaws.com/documents/Coalition_letter_opposing_EARN_IT_3-6-20.pdf (accessed May 7, 2020).

[18] Lauren Feiner, “Senators dispute industry claims that a bill targeting tech’s legal shield would prohibit encryption,” CNBC, March 11, 2020, available at https://www.cnbc.com/2020/03/11/senators-dispute-claim-that-section-230-revision-would-limit-encryption.html (accessed March 14, 2020).

[19] UN General Assembly, Universal Declaration of Human Rights, 10 December 1948, 217 A (III), available at https://undocs.org/A/RES/217(III) (accessed May 4, 2020).

[20] US Department of Justice, “The National Strategy for Child Exploitation Prevention and Interdiction: A Report to Congress,” April 2016, available at https://www.justice.gov/psc/file/842411/download (accessed May 6, 2020).

[21] Michael H. Keller and Gabriel J.X. Dance, “The Internet Is Overrun With Images of Child Sexual Abuse. What Went Wrong?,” New York Times, September 29, 2019, available at https://www.nytimes.com/interactive/2019/09/28/us/child-sex-abuse.html (accessed May 6, 2020).

[22] Rep. Debbie Wasserman-Schultz, Letter to the Hon. William Barr and the Hon. Jeffrey Rosen, August 15, 2019, available at https://int.nyt.com/data/documenthelper/1859-wasserman-schultz-letter-doj/7e13eb1633a8a721fa7e/optimized/full.pdf#page=1 (accessed May 6, 2020).

[23] Sen. Margaret Wood Hassan et al., Letter to the Hon. Gene Dodaro, March 3, 2020, available at https://anthonygonzalez.house.gov/uploadedfiles/gao_online_child_exploitation_letter.pdf (accessed May 6, 2020).

[24] See, for instance, the Invest in Child Safety Act, S. ___, available at https://www.wyden.senate.gov/imo/media/doc/Invest%20in%20Child%20Safety%20Act%20of%202020%20Bill%20Text.pdf (accessed May 7, 2020), to direct mandatory funding for law enforcement and community prevention and create a new oversight position in the Executive Office of the President.

[25] See, for instance, the Eliminate Network Distribution of Child Exploitation Act, S. 3007/H.R. 5376, available at https://www.congress.gov/bill/116th-congress/senate-bill/3007/text (accessed May 13, 2020), to require more stringent reporting process for technology companies