However, the bill was significantly amended by the Senate Judiciary Committee before being sent to the Senate floor on July 2 for an upcoming vote. Now, should the EARN IT Act pass as amended, it will create three carve-outs to Section 230 immunity for civil and criminal actions representing a shift in the act from an incentive-based system to a post hoc enforcement and regulatory regime. The recent amendments are carve-outs to the broad immunity currently afforded by Section 230 and would allow the following types of actions to be brought against interactive computer service companies:
- Private civil action under 18 U.S.C. §2255. This amendment would provide a civil remedy counterpart to existing federal statues criminalizing child sexual abuse materials. Section 2255, as amended, gives a plaintiff standing in federal court to bring a suit against an interactive computer service company and sets forth the types of damages available for a successful claim (actual or liquidated, punitive, attorney’s fees, and other costs).
- State criminal prosecution. This amendment specifically enables state attorneys general and prosecutors to bring criminal charges against an interactive computer service company under state laws regarding the “advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse materials, as defined in 18 U.S.C. 225(8).”
- Private civil action under state laws. Similar to the first amendment, this amendment enables any injured person to bring a claim under state laws against an interactive computer service company if it involves the “advertisement, promotion, presentation, distribution, or solicitation of child sexual abuse materials, as defined in 18 U.S.C. §225(8).”
Carving out these sorts of civil and criminal actions from the protections of Section 230 will likely create significant new risks for social media and tech companies. Currently, many social media companies set age requirements to use their platform, ban user accounts and IP addresses associated with illicit behavior, have internal systems for reporting abuse, and perform automated queries for monitoring suspicious behavior. Under the DOJ compliance standard initially set forth in the EARN IT Act, these safeguards would have been a complete bar to any claim. Now, under the proposed amendments, even if a company were to utilize all of these tools to prevent the sharing of child sexual abuse materials, it may not be enough to prevent the company from being sued or criminally prosecuted should the safeguards fail to catch the presentation of child sexual abuse materials. Additionally, the amended act has the potential to result in uneven application or rules and regulations by switching to a largely state law-based enforcement regime. State laws involving child sexual abuse materials can vary drastically by jurisdiction, so companies will need to be aware of the risks presented in each state in which they may be sued or criminally prosecuted.
Will this shift to a post hoc enforcement regime yield beneficial results? That is the issue that the Senate will hopefully take up as the EARN IT Act moves to the Senate floor. Critics have raised several key concerns, including potential negative impacts on free speech, privacy, encryption measures, and compliance efforts. As to the issue of increased liability for interactive computer service companies, Gaurav Laroia, Free Press Action senior policy counsel, recently argued that, “[t]he drafters of this bill obviously want to address real harm from abusive materials, but the amended bill creates an enormous opening for state-level liability. Even as amended today, it invites states to begin passing all sorts of laws under the guise of protecting against abuse, but replicating the problems with the original EARN IT Act’s text.”