Senate Panel Guts Tech’s Liability Shield on Child Abuse Content

Bloomberg Government subscribers get the stories like this first. Act now and gain unlimited access to everything you need to know. Learn more.

Tech companies including Facebook Inc. would be vulnerable to state civil and criminal lawsuits for child sexual abuse material on their platforms under a bipartisan bill advanced by the Senate Judiciary Committee Thursday.

The committee adopted a revamped proposal of legislation from Chairman Lindsey Graham (R-S.C.), dubbed the EARN IT Act (S. 3398), that seeks to remove liability protections for tech companies related to child exploitative content.

If the measure is enacted into law, it would be the second time the liability shield under Section 230 of the Communications Decency Act has been changed in recent years. In 2018, SESTA-FOSTA (Public Law 115-164), removed tech’s liability protections for facilitating sex trafficking on their platforms. Section 230 provides tech platforms liability protection for third-party content, except for content that violates federal criminal laws.

“My goal is not to destroy these companies,” Graham said during the markup. “My goal is to make sure they’re having to live in an America where accountability lies with them as well as every other business in the country.”

Graham hopes the bill will be taken up for a floor vote this year, a Judiciary Committee spokesperson said.

“I am hopeful and expect that President Trump will enthusiastically support this measure,” Graham said in a statement.

Revamped Proposal

Some observers said Graham’s manager’s amendment takes the teeth out of the bill by decoupling industry best practices from maintaining liability protections, as the measure originally proposed.

But the amended version expands provisions that would allow for state civil and criminal lawsuits as well as federal civil lawsuits if companies advertise, promote, present, distribute, or solicit child sexual abuse material. This would remove the industry’s liability protections granted under Section 230 in those cases.

Although the original version of the bill did not use the word encryption, tech companies and civil liberties groups argued that, in order to maintain liability protections, the legislation would require companies to help identify content and take other steps that are impossible for end-to-end encrypted platforms, such as Facebook’s WhatsApp. The encoded communications prevent them from looking at and identifying the content of messages.

Photographer: Erin Scott/Bloomberg
Sen. Lindsey Graham at the Capitol on July 1.

Graham’s amendment removed the original language that conditioned the liability protection on companies enacting the best practices. A second amendment that was adopted from Sen. Patrick Leahy (D-Vt.) said a company would not fall afoul of several laws because it “utilizes full end-to-end encrypted messaging services, device encryption, or other encryption services.”

Best-Practices Commission

The bill would establish a 19-member commission that includes representatives from federal agencies, as well as industry and sexual assault survivor groups. The commission would establish voluntary best practices for the tech industry to prevent child sexual exploitation or abuse on their platforms. Those best practices wouldn’t have to undergo congressional review before publication.

Tech groups said the bill would expose them to even broader liability under both state and federal civil and criminal laws. Tech advocates said the bill would lead companies to take down otherwise legal speech, and could prompt states to attack encryption themselves.

“By kicking the issue to the states, Sens. Graham and Blumenthal propose an even stealthier move to mandate backdoors to encryption,” Carl Szabo, vice president and general counsel at NetChoice, a tech industry trade group, said in a statement. “EARN IT enables existing state laws to undermine encryption for every American, from coast to coast.”

Sen. Ron Wyden (D-Ore.), one of the original authors of Section 230 of the Communications Decency Act, said in a statement yesterday that by “allowing any individual state to set laws for internet content, this bill will create massive uncertainty, both for strong encryption and free speech online.”

Not holding companies liable if they don’t follow the best practices “is a big win for the industry and not necessarily a win for the victims of child sexual abuse,” said Hany Farid, a professor at the University of California Berkeley School of Information. He said the changes to the bill weakened its efficacy.

But children and women’s sexual abuse groups support the amended version.

Yiota Souras, the National Center for Missing and Exploited Children’s general counsel, said the amended bill is “incredibly victim-centric.”

She also lauded the bill because it allows “state attorneys general be able to join the fight that the federal government so far has been left on its own to fight in this particular area.”

To contact the reporters on this story: Rebecca Kern in Washington at; Ben Brody in Washington at

To contact the editor responsible for this story: Zachary Sherwood at

Stay informed with more news like this – from the largest team of reporters on Capitol Hill – subscribe to Bloomberg Government today. Learn more.