Lawmakers introduce bill aimed at targeting CSAM


The latest version of the EARN IT Act would add more protect against child abuse material across the internet. (photo courtesy of Google Images)

In April, Marsha Blackburn (R-Tennessee), Lindsey Graham (R-South Carolina), and Richard Blumenthal (D-Connecticut) introduced S.1207 or “EARN IT Act of 2023”

The bill has been reintroduced two times before, once in 2020 and 2022. This year is just the newest version of the bill being introduced again. The bill also goes as “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act” when expanding the acronym. 

The bill was introduced as people have concerns about the fact that people can record and post CSAM on any website. CSAM stands for Child Sexual Abuse Material. Many websites already have some sort of detection for well-known materials by storing hashes from videos and when a string of hashes are detected by the system, the post can be usually taken down and be reported to the police. 

The main goal of the bill is to create a new commission that will be called the National Commission on Online Child Sexual Exploitation Prevention, which will appoint the heads of the Department of Justice (DOJ), the Department of Homeland Security (DHS) and the Federal Trade Commission (FTC). With that, it will also appoint an additional 16 other people by Congress, who may range from law enforcement, victims, experts, and industry workers. The bill would remove blanket immunity from federal and state laws when it pertains to CSAM being posted on their websites from Section 230. 

Section 230 gives companies who allow third parties to post on their websites immunities from what the third parties post. The section also allows companies to take down anything they feel without being sued.  

Note that websites that knowingly allow CSAM on their websites can already be prosecuted. Rather, the section protects large scale companies from isolated incidents of CSAM  ending up on their website as so many people can post on these websites at one time. The bill rather aims to make it so when third parties publish CSAM and the company doesn’t detect it, for the company to be put in trouble as well. 

The bill doesn’t limit the penalties a company could suffer from civil lawsuits, meaning smaller companies could easily be bankrupt by this bill if CSAM is posted on their website and it’s not caught. Since the committee responsible for setting new standards will be stacked by members of Congress, it is easy enough for the committee to set up protection standards but then make a backdoor so the government can still spy. This is a moral dilemma for those who want child material to be wiped from the internet but still prioritize the privacy of everyday users, as well. 

The bill pushes not only for the scanning of user posts, but it also could cause the scanning of messages sent from one person to another, which can undermine end-to-end encryption used by messaging services to keep messages to be read only by the person sending and receiving. 

Section 5(7)(A) states that the following reasons can’t serve as an excuse to hold companies liable which all relate to end-to-end encryption. ”The provider utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services,” stated Section 5(7)(A). The next part 5(7)(B) then comes back to say that it can still be used as evidence for punishing a company for having CSAM sent by private messaging.

On May 4, the Senate Judiciary Committee unanimously approved the EARN IT Act.