In fact, the statutory text for that exception, Section 230(e)(1), expressly says, “Nothing in this section shall be construed to impair the enforcement of … [chapter] 110 (relating to sexual exploitation of children) of title 18, or any other Federal criminal statute.” This exception is limited to criminal cases; civil claims against providers by CSAM victims under Section 2255 are still barred.As Section 2258A requires, providers do indeed report CSAM found on their services -- Nevertheless, despite providers’ apparent compliance with the law, law enforcement and child-safety organizations have The Graham/Blumenthal bill’s core concept is reflected in its short title: the Providers of “interactive computer services” must “earn” Section 230 immunity for CSAMBill removes immunity as to civil & state criminal claims for CSAM only; would not remove 230 immunity generally (for other claims, e.g. But the EARN IT Act bill doesn’t do either of those things.The EARN IT Act bill is supposedly about CSAM, and it’s not-so-secretly about encryption. The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.In the 1990s, Congress passed several pieces of legislation that helped shape the Internet as we currently know it. are the views and opinion of the author and/or his The other significant law from the 1990s that I want to talk about today is the Communications Assistance for Law Enforcement Act of 1994, or CALEA for short. If you value your privacy, if you value data security, or if you just don’t want to see our rogue Attorney General singlehandedly set the rules for the Internet, you’ll The content of this field is kept private and will not be shown publicly.Once you hit Save, your comment will be held for moderation before being published. And the Internet bloomed. If men were angels, no CALEA or Section 230 would have been necessary.Unlike CALEA, Section 230 has been amended since it was passed: Now, riding on the “success” of SESTA/FOSTA, Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) (who were among SESTA/FOSTA’s early cosponsors in the Senate) are reportedly about to introduce another bill that would take another bite out of Section 230 immunity, according to This proposal does not arise in a regulatory vacuum. I have no hope of even enumerating all of the bill’s deficiencies. And we're not just talking about killing encryption (or at least … That is, the bill would make providers liable under one law for exercising their legal rights under a different law. That is, the “problem” is that legislators haven’t yet tried to force providers to conduct total surveillance of every piece of information on their services. Yes, I am aware that the Internet was not actually created in the ‘90s. You will not see a confirmation message once you hit the Save button but please be assured your comment has been submitted and we will review it.. Threatening to curtail Section 230 immunity is only going to scare the good-faith providers. People are angry about Section 230, so the DOJ is seizing upon that anger as its opening to attack encryption. Similarly, the likely effect of the EARN IT Act would be to induce CSAM traders to make their actions harder to detect. Meanwhile, providers are also evidently doing exactly what federal CSAM law If Congress wants to cut off tech companies’ and telco carriers’ freedom to provide end-to-end encryption under CALEA’s two carve-outs, then Congress should write a bill that amends CALEA! For another, they’d be incentivized to move off of big, legitimate platforms such as Facebook, which are already acting in good faith and complying with current CSAM law, and shift to dark web sites whose entire raison d’etre is CSAM.
The law mandates that providers If providers report and preserve CSAM in accordance with the law, then The Section 2258B safe harbor is not the same thing as Section 230 immunity. That’s something that tech companies have been legally allowed to do for a quarter-century, and we can’t afford to stop them from doing it. to provide end-to-end encryption -- something it is currently 100% legal for them to do under existing federal law, specifically CALEA. Encryption should be encouraged, not punished. The commission would include at least 4 law enforcement reps, 4 tech industry reps, 2 reps of child safety organizations, and 2 computer scientists/software engineering expertsAnalysis: No representative is required to speak for users or civil society.The commission “shall consider” users’ interests in privacy, data security, and product qualityAnalysis: This is very weak language; it means the commission can “consider” these interests for a few seconds, chuckle to themselves, and then move on.The commission recommends best practices to the Attorney General, who has the power to unilaterally change them before they’re finalized, as long as he writes up some reason for the changes.Analysis: This means the AG could single-handedly rewrite the “best practices” to state that any provider that offers end-to-end encryption is categorically excluded from taking advantage of this safe-harbor option. Section 230, as noted, has always had an exception for federal criminal law. Then we can have that conversation. Yet the EARN IT Act would allow an unelected, unaccountable commission to write “best practices” (not actual laws or regulations, yet liability would result from failing to abide by them) which, make no mistake, will condemn end-to-end encryption. If Congress wants providers to do more to fight CSAM, including something crazy like universal monitoring and filtering obligations, then Congress should write a bill that amends Section 2258A! The law in essence gives a number of online platforms immunity from liability when it comes to comments or media posted by its users.
He’s realized that if he invokes Section 230 in the current climate, he can get Americans to cut off their own nose to spite their face.
There’s already an existing federal statutory scheme criminalizing CSAM and imposing duties on providers. Today I want to talk about two of them.