The EARN IT Act, a bill introduced into the Senate on March 5, 2020, to combat child exploitation, is bringing up important issues regarding how the internet of the future can and cannot be regulated. The act seeks to amend one of the older statutes governing online platforms, Section 230 of the Communications Decency Act of 1996.

The act is based on the premise that Section 230, which states, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,”^[1] allows interactive platforms such as Facebook, YouTube and any other website to avoid taking proper steps to combat online child trafficking and sexual exploitation. By tying liability to compliance with a set of guidelines, the drafters propose to force platforms to police themselves more aggressively.

Opponents of the bill argue that existing law is working well, the proposed act will make things much worse and that the bill is a sneaky way of abolishing end-to-end encryption.

Any company that takes cybersecurity seriously should be taking note of the discussions taking place around these topics and watching how regulators lean. Big Tech as an industry has endured an overall reputation hit in the last five years: extravagant wealth, tax havens, data breaches and privacy concerns are weighing on the minds of the public and regulators alike. The GDPR is the most salient example of regulators addressing their concerns with the tech industry. In the United States, there has been discussion of a federal data law like GDPR, but for now the work is being done piecemeal. Regulations meant to curtail the sexual abuse of children may also have unintended effects.