The Senate’s Wayward Approach to Protecting Children Online

This week, the Senate continues to push legislation with the intention of protecting children online. Unfortunately for America’s youth, these bills all share one foundational error: blaming tech providers for the heinous actions of child predators. A theme within these pieces of legislation is mandated age verification, which the Supreme Court has repeatedly found constitutionally dubious and unenforceable. For background on the issue, see the Congressional Research Service’s Online Age Verification (Part II): Constitutional Background.

Below is a summary of the bills’ major provisions, and why they will make the problem worse.

S.1207 – EARN IT Act of 2023

Sponsors: Sens. Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.)

Committee: Senate Judiciary

• The EARN IT Act places severe conditions on technology companies’ Section 230 liability protections, requiring platforms to undergo significant operational changes, including instituting age verification, to avoid being targeted with litigation. Moreover, in its liability provisions, EARN IT would suspend a regulatory sword of Damocles over any platforms that offer end-to-end encryption, a technology that is essential to user privacy.
• EARN IT would create a regulatory entity at the Federal Trade Commission (FTC) to determine what kinds of content age-gating would meet compliance thresholds. As with many provisions in these youth-safety bills, this would provide unaccountable bureaucrats with broad latitude to write far-reaching regulation.
• EARN IT is duplicative of existing statutory exemptions from Section 230 for online platforms. Production and distribution of child sexual abuse material (CSAM) has been illegal since 1978 through the Protection of Children Against Sexual Exploitations Act (P.L. 95-225). Companies have a clearly defined obligation through 18 U.S. Code § 2252 (c)(2)(B) to destroy and/or report CSAM to law enforcement to avoid liability. Thus, it is already federal law that if an online platform fails to report, remove, or engages in the promotion, advertising, or distribution of CSAM, Section 230 does not protect that platform from criminal liability.
• EARN IT will not make it easier for platforms and law enforcement to bring victims of CSAM justice – it will make it more difficult. Supreme Court precedent derived from Skinner v. Railway Labor Executives’ Association holds that when a private company takes an action that is compelled by the government against an individual, it constitutes a search subject to the Fourth Amendment. The EARN IT Act effectively turns all digital platforms into government agencies subject to warrant requirements in their search for CSAM. Without a warrant, evidence brought in a criminal trial pertaining to CSAM could be ruled inadmissible, and more perpetrators could walk free.

S.1199 – STOP CSAM Act of 2023

Sponsor: Sen. Dick Durbin (D-Ill.) and Josh Hawley (R-Mo.)

Committee: Senate Judiciary

• 18 U.S. Code §2258A already requires online platforms to report and remove CSAM posted by users on their site. However, the STOP CSAM Act would increase CSAM reporting requirements on companies and provide incentives for providers to remove content. The language employed by Sens. Durbin and Hawley will inevitably lead to over-reporting, stemming from companies’ fear of non-compliance, which would result in many reports that do not contain legitimate cases of CSAM. This glut could further overwhelm the already struggling National Centers for Missing and Exploited Children (NCMEC).
• The Act would create an Online Child Protection Board within the Federal Trade Commission (FTC) and would task it with receiving victim complaints of platforms failing to remove CSAM or non-CSAM content. Requiring platforms to scan for content would effectively disallow the use of end-to-end encryption, despite it being the leading technique in cybersecurity.
• Doubling down on attacking encryption services, Section 2260B of STOP SCAM would make it illegal to “knowingly promote or facilitate a violation” of 18 U.S. Code § 2251, 2251A, 2252, 2252A, or 2422(b). This wide-ranging set of child exploitation statutes, not limited to CSAM, would lead to companies removing encryption services and preventing anonymous communication.

S.1409 – Kids Online Safety Act (KOSA)

Sponsors: Sen. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.)

Committee: Senate Commerce, Science, and Transportation

• KOSA would impose on platforms a broad duty of care, requiring them to protect underage users from many broad categories of harms, including anxiety, suicide, and addiction-like behaviors, predatory, unfair, or deceptive marketing practices, and more.
• KOSA’s duty of care would all but compel platforms to verify the age of all their users to ensure minors do not access harmful content.
• Recent updates to KOSA do not meaningfully change its fundamental flaws. Although the updated version would weaken enforcement powers possessed by state attorneys general, it would still allow them to embark on ideologically driven censorship campaigns against American citizens.
• KOSA would authorize no resources to law enforcement to investigate or prosecute criminals, which would not bring justice to a single victim.

S.1418 – Children and Teens’ Online Privacy Protection Act (COPPA 2.0)

Sponsors: Sens. Ed Markey (D-Mass.) and Bill Cassidy (R-La.)

Committee: Senate Commerce, Science, and Transportation

• COPPA 2.0 encourages age verification and goes further than the original Children’s Online Privacy Protection Act of 1998 (P.L. 105-277) – see Ashcroft v. American Civil Liberties Union – by removing the “actual knowledge” standard. This would unreasonably expand the number of websites subject to burdensome regulation.
• COPPA 2.0 would increase the age of consent for data collection from 13 to 16 and ban targeted advertising to children. By proposing a revision of parental consent standards, this legislation wrongly assumes that every child has a positive relationship with their parents and their ability to access information through the internet is predicated upon this. Children with estranged parents, foster youth or LGBTQ children seeking to access websites that their parents may disagree with could all see their ability to seek information barred.

This collection of constitutionally dubious bills would have irreversibly harmful effects on online privacy, commerce, and cybersecurity – all while failing to protect a single child or prosecute a single offender. NCMEC received nearly 32 million CSAM reports in 2022, 99 percent of which came from tech companies. However, only 1,435 child pornography offenders were sentenced in the federal system. Clearly, this is an issue of law enforcement failures and a lack of resources.

Instead, Congress should consider legislation that legitimately will help investigate and prosecute these heinous crimes and support victims, such as S. 3689/H.R. 7134, the Invest in Child Safety Act, sponsored by Sens. Ron Wyden (D-Ore.), Peter Welch (D-Vt.), Alex Padilla (D-Calif.), Laphonza Butler (D-Calif.) and Kirsten Gillibrand (D-N.Y.), alongside Reps. Don Bacon (R-Ne.), Brian Fitzpatrick (R-Pa.), Anna Eshoo (D-Calif.), and Sheila Jackson Lee (D-Texas). This bill, which balances the protection of victims, prosecution of offenders and preservation of Americans’ civil liberties, would authorize $5 billion in mandatory funding to support the law enforcement infrastructure surrounding child sexual abuse. It would quadruple the number of agents and prosecutors in the DOJ’s Child Exploitation and Obscenity Unit, allow for 190 new investigators at the DOJ and FBI, 65 new NCMEC analysts, provide for systems upgrades, and double funding for state Internet Crimes Against Children (ICAC) task forces. Importantly, it would shift coordination responsibility for child exploitation efforts to a new White House Office to Enforce and Protection Against Child Sexual Exploitation.

If Congress wants to get serious about the growing threats facing the most vulnerable in our society, it should reject EARN IT, STOP CSAM, KOSA, and COPPA 2.0 – and support the Invest in Child Safety Act.