Digital rights groups are urging Senate leaders not to move forward with a bill that would impose new regulations on companies around child sexual abuse material, arguing that the legislation could be a privacy nightmare for Americans.
In a letter addressed to Senate Judiciary Committee leaders Sens. Chuck Grassley, R-Iowa, and Dick Durbin, D-Ill., the groups – which include the American Civil Liberties Union, Freedom of the Press Foundation, Defending Rights and Dissent and RootsAction – say the STOP CSAM Act, reintroduced in May, “walks back a number of important privacy protections that had been included in a previous version of the bill.”
“The current bill creates enormous incentives for platforms to stop offering encrypted services that are critical for enabling all of us to have private conversations and securely store files from our most personal moments, like photos from a child’s birthday,” the letter reads.. “While all of our groups want to stop the harmful transmission of child sexual abuse material (CSAM), its transmission is already illegal, and these modifications to the bill do nothing more than undermine privacy and security.”
The Stop CSAM Act would impose new requirements on companies to prevent the hosting and distribution of child sexual abuse material on their platforms.
It expands companies’ legal obligations by requiring them to report instances of such material on their sites to the National Center for Missing and Exploited Children. It also introduces stricter privacy protections for children who testify in court. Additionally, and would require businesses with more than 1 million unique monthly visitors or users or $50 million in annual revenue to submit annual reports to the Federal Trade Commission and Department of Justice.
It would also seek to alter immunity under Section 230 of the Communications Decency Act for “interactive computer services,” allowing victims to file civil lawsuits against companies that fail to remove CSAM content from their platforms in a timely fashion.
The bill includes language specifying that “any person who is a victim of the intentional, knowing, or reckless hosting or storing of child pornography or making child pornography available to any person by a provider of an interactive computer service, and who suffers personal injury as a result of such hosting, storing, or making available, regardless of when the injury occurred, may bring a civil action.”
Digital rights groups say that the new version of the legislation includes “recklessness” as a legal standard for liability and by applying it to any “interactive computer service,” the legislation would capture virtually all applications that rely on end-to-end encryption.
That in turn could open up providers of these services to civil lawsuits for hosting material that they can’t view without breaking the encryption of their users.
“[The bill] goes much further than current law and threatens to punish any service that works to keep its users secure, including those that do their best to eliminate and report CSAM,” wrote India McKinney of the Electronic Frontier Foundation. “The bill applies to ‘interactive computer services,’ which broadly includes private messaging and email apps, social media platforms, cloud storage providers, and many other internet intermediaries and online service providers.”
It’s not clear whether the groups’ warnings on data privacy will have much influence in this Congress. Politically, forcing private companies do more to counter child sexual abuse material on their platforms and websites has been broadly popular with the public, and online child safety is a top issue for congressional Republicans, who control both houses of Congress. Grassley is not known as a strong advocate of unrestricted encryption. He previously led a bipartisan congressional effort in 2018 to develop legislation that would would have compelled companies to grant law enforcement access to encrypted communications in investigations.
Another bill introduced this Congress, the Take It Down Act, carried similar take down requirements for companies around AI-generated nonconsensual deepfake pornography. Though many of the same groups loudly opposed the measure on similar privacy grounds, it ultimately passed 402-2 in the House and unanimously in the Senate before being swiftly signed into law by President Donald Trump.
The letter to Grassley and Durbin emphasizes that private communications – underpinned by strong digital encryption – are critical to healthy, functioning democratic societies and have many benefits to marginalized or targeted populations.
“That is why encrypted services are popular amongst journalists who use encrypted messages to contact their sources, protesters seeking to organize to raise their voices against unjust government action, doctors who use it to speak with patients, domestic violence victims who rely on completely private communications to escape dangerous situations at home, and businesses discussing finances with clients,” the letter reads. “But there would also be severe consequences for groups that are being targeted by governments domestically and globally.”
The post Digital rights groups sound alarm on Stop CSAM Act appeared first on CyberScoop.
–
Read More – CyberScoop
