Uncategorized

An education-based approach to curbing CSAM production

Originally published in Brookings TechStream.

March 17, 2022 Savannah Sly and Tarah Wheeler

A bird flies past the U.S. Capitol in Washington, D.C., U.S., on Thursday, March 17, 2022. Photo by Al Drago/Pool/ABACAPRESS.COM
A bird flies past the U.S. Capitol in Washington, D.C., on Thursday, March 17, 2022. (Pool/ABACA via Reuters Connect)

In recent weeks, a misguided legislative initiative to provide children with better protection online has gained momentum on Capitol Hill. In its current form, the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2022—better known as the EARN IT Act—would strip technology companies of protection from liability for child sexual abuse material (CSAM) uploaded onto their platforms by users. The bill is premised on the idea that technology companies aren’t doing enough to combat the presence of such material and need to face the prospect of greater legal penalties to do so.

The bill is deeply flawed, and a chorus of technologists and researchers argue that the bill not only won’t achieve what it aims to do (protecting children) but will also harm a much larger group of internet users in trying and failing to protect kids from being exploited online. One of EARN IT’s key provisions potentially exposes technology companies to liability if their encryption features are found to enable the spread of CSAM—a move that may lead many companies to conclude that offering encryption to users simply isn’t worth it and doing away with secure messaging tools entirely. Such a move would be disastrous for privacy, human rights, free speech, and communities at risk for surveillance. 

EARN IT’s backers are motivated by a desire to help children, but in their attempt to do so, they’ve misdirected their efforts at computer security systems that enable the spread of CSAM as part of enabling all communications of any kind. Rather than focusing on preventing the production of CSAM in the first place, they are attempting to make changes to the security features of modern computing that allow it to be spread once created. The digitally enabled sexual abuse of children is a serious, horrific problem, but addressing it requires a different, more proactive approach. Instead of attacking security systems, policymakers could direct their efforts in a more useful direction: educating children how to be safe online. Investing in childhood education, primary care, adolescent education in consent, community support for ombuds and social work, and appropriate financial incentives for primary caregivers is difficult and expensive—and it works to prevent child sexual abuse. The EARN-IT Act, flatly, will not.

The EARN-IT Act takes aim at CSAM by altering the liability protections of Section 230 of the Communications Decency Act, and it isn’t the first time Congress has sought to regulate the presence of sexually explicit content online. In 2018, Congress sought to address commercial sexual exploitation by passing SESTA and FOSTA, two bills that increased liability for content hosts under Section 230. The result of SESTA and FOSTA was the immediate voluntary shutdown of dozens of websites that sex workers used to advertise and vet potential clients, the ripple effects of which inadvertently increased vulnerabilities to exploitation and violence in the sex trade. When sex trade websites close or get shut down, it is more difficult for law enforcement to identify and combat sex trafficking. Given how badly SESTA and FOSTA backfired, it’s alarming that lawmakers would entertain the EARN IT Act before passing legislation that would evaluate the full effects of these online censorship laws. 

One of the most discouraging aspects of the EARN IT Act is that it does nothing to prevent child abuse from happening in the first place. EARN IT does not bolster preventative tools that can protect young people from harm, such as age appropriate comprehensive sexuality education. Predators lurking on chat sites would have a harder time grooming and exploiting youth if young people were equipped with knowledge about boundaries, consent, and healthy/unhealthy relationships. Ironically, anti-abuse organizations such as the National Survivor Network have suggested that the EARN IT Act may prevent young people from accessing online information about sexual health, gender, and consent that could help keep them safe. Queer youth are particularly vulnerable to the unintended consequences of a bill like EARN IT, especially in light of the many anti-LGBTQ bills cropping up around the country. Given that an estimated 9-10%  of youth in the US identify as LGBTQ, it would be difficult to overstate the potential harms of this bill.

It Is well-established that victims of child abuse are usually harmed at the hands of someone in or connected to their family, and preventing abuse at home starts with adults taking responsibility, being active in the lives of young people, and learning how to identify signs of abuse. Decreasing stress and offering pathways to treatment by ensuring families have access to stable housing and healthcare may do more to curb abuse at home than a bill like EARN IT ever could. EARN IT plays whack-a-mole with CSAM instead of actively stopping it from occurring. 

EARN IT will never be able to eradicate the increasing practice of young people taking and sharing intimate photos and videos of themselves, and preventing such material from circulating online would be better done through education. This material, referred to as self-generated child sexual exploitation materials (SG-CSAM) is the result of youth having increased access to media and communications technology. While EARN IT may attempt to stop SG-CSAM from being circulated, it’s more important to have realistic conversations with youth about the enduring nature of digital media and the risks of sharing intimate media of themselves. In our increasingly digital world, arming youth (and adults) with education about risks to privacy is critical. Additionally, we must collectively stop victim blaming people who have their nude photos non-consensually or illegally shared with the public, regardless of their age or occupation. 

Just as SESTA and FOSTA did not stop sex trafficking (and in fact may have made things worse), EARN IT will not stop child abuse materials from coming into existence. EARN IT may in fact make it harder for law enforcement to locate CSAM files being circulated. Once it becomes known that encrypted services are no longer useful for transmitting CSAM, abusers will pivot to other tools, such as snail mail or niche platforms, to circulate offensive materials. A move toward such platforms or an embrace of ordinary mail would make CSAM investigations even more difficult than they already are. 

A lingering question yet to be addressed is exactly how CSAM materials will be identified, should EARN IT pass. EARN IT will stifle sexual expression and hinder consenting adult sex workers from making a living online but not actually solve the problem of CSAM. How would an abuse video of a 16 year old be differentiated from a legal video created by an 18 year old? Given the complexity of of this task, it’s likely that many formerly encrypted services would bar the transmission of any erotic or explicitely sexual content. EARN IT could mark the death of sexting as we know it. Not only does this violate sexual expression freedoms, but it prevents adult sex workers from supporting themselves financially through the relative safety of online work. Sex workers who produce pornography already maintain records proving that everyone in the film is of age and consents to being filmed. Law abiding webites that host pornographic content already require proof of age documentation, reducing the odds that CSAM will end up on their platforms. 

For decades, cryptographers have made the case that the compromises politicians seek in encrypted computer systems—to crack down on CSAM or to listen in on the contents of terrorist communications—can’t be made without consequences for the broader computer security ecosystem crucial to businesses and citizens. This conflict—between the demands of politicians on the one hand and encryption on the other—has become a fact of modern life, and the EARN IT Act is merely its latest iteration. There are no technologists who can tell you how to safely and securely enforce this new EARN IT Act—because it’s not possible. As a recent Washington Post piece noted, the EARN IT Act  has made strange bedfellows of Big Tech, free speech activists, industry groups, sex workers rights activists, the infosec community, and civil society groups, all of whom are united in their belief that this legislation is infeasible and a net negative. On the other side of the debate are law enforcement groups, moral crusaders (primarily the National Center on Sexual Exploitation, which before it rebranded was known as Morality in Media), and some well-meaning abuse victims organizations looking to crack down on CSAM. But even for the latter group, EARN IT will not do what they hope and will instead make CSAM prosecutions substantially more difficult. 

If lawmakers want to curb rates of CSAM production, we must create policies that prevent CSAM upstream, rather than increase the attention and resources to downstream mitigation that can never catch everything. Washington state recently passed a measure mandating age appropriate comprehensive sex education in schools which will help students understand consent, safety, and “choose healthy behaviors and relationships that are based on mutual respect and affection, and are free from violence, coercion, and intimidation”. Educational policies in schools such as age appropriate sex ed will do far more to prevent the creation of CSAM than reactive like EARN IT ever would.

Politics, it’s often said, is the art of compromise. A life in politics teaches the art of the partial achievement. When politics bumps up against a universal constant, or a truth of math and physics, politicians often simply cannot grok that there are things they can’t change, can’t bargain against, can’t shift, can’t manipulate. Encryption is one of these things, but in this latest iteration of the three-decade long fight between technologists and politicians seeking to limit the availability of encryption technology, political leaders with a genuine interest in curbing the spread of CSAM would benefit from seeking solutions that actually address the problem. Educating children how to be safe online is the first step to reduce the prevalence of abusive material online. 

Savannah Sly is an advisor to the Woodhull Freedom Foundation and a sex worker rights advocate who resides in Seattle, WA. @SavannahSly
Tarah Wheeler is a contributing editor to TechStream, a Cyber Project Fellow at the Belfer Center for Science and International Affairs at Harvard University‘s Kennedy School of Government, an International Security Fellow at New America leading a new international cybersecurity capacity building project with the Hewlett Foundation’s Cyber Initiative and a US/UK Fulbright Scholar in Cyber Security for the 2020/2021 year.

Leave a Reply