S-3538-117
Committee on the Judiciary. Ordered to be reported without amendment favorably.
Sponsored by Lindsey Graham (R-SC)
What it does
The EARN IT Act would create a National Commission to develop best practices for tech companies to prevent online child sexual exploitation. It would reduce legal liability protections (currently provided under Section 230 of the Communications Decency Act) for platforms that fail to meet child sexual exploitation laws. The bill would also strengthen reporting requirements for tech companies, including requiring them to provide information sufficient to identify and locate minors and suspects, and to preserve report contents for longer periods.
Who benefits
Children who are victims of online sexual exploitation and their families. Law enforcement agencies that would receive more detailed and better-preserved reports from tech platforms. The National Center for Missing and Exploited Children, which would receive higher-quality tips. Prosecutors pursuing child sexual abuse material (CSAM) cases, who would gain new legal tools against platforms that fail to act. Advocacy organizations focused on child protection.
Who is hurt
Large interactive technology platforms (e.g., social media companies, messaging services) that would face increased legal liability and compliance costs. Smaller tech companies and startups that may lack resources to meet new best-practice standards. Users of end-to-end encrypted messaging services, whose communications could be affected if platforms weaken encryption to comply. Journalists, activists, and others in sensitive professions who rely on encrypted communications for privacy and safety. Digital privacy and civil liberties advocates who argue the bill creates a backdoor to broad surveillance.
Supporters argue
Supporters argue that tech platforms have for too long hidden behind Section 230 liability protections while profiting from services that are used to distribute child sexual abuse material. They contend that the bill does not ban encryption but simply ensures that companies cannot use it as a shield against accountability for hosting illegal content. Supporters say the National Commission's best-practices framework gives industry a clear, structured path to compliance rather than imposing a one-size-fits-all government mandate. They point out that millions of CSAM reports are filed each year, and stronger reporting requirements would give law enforcement the specific details needed to rescue children and prosecute offenders. Supporters also argue that the terminology change from "child pornography" to "child sexual abuse material" more accurately reflects the nature of the crime and the harm to victims.
Opponents argue
Opponents argue that reducing Section 230 liability protections would pressure tech companies to scan all user communications — including private, encrypted messages — to avoid lawsuits, effectively forcing a weakening of end-to-end encryption across the internet. They contend that breaking encryption would expose not just CSAM but all private communications to potential interception by governments, hackers, and bad actors, harming the security of every internet user. Opponents say the National Commission's best-practices process could be used to impose surveillance mandates through the back door without a direct congressional vote. They also argue that existing laws already require platforms to report CSAM and that the bill's liability changes would create legal uncertainty that chills legitimate speech and security research. Critics further note that weakening encryption would disproportionately harm vulnerable populations — including abuse survivors, LGBTQ+ individuals, and dissidents — who depend on private communications for their safety.
Constitutional context
The bill implicates the Fourth Amendment's protection against unreasonable searches, particularly as interpreted in Carpenter v. United States (2018), which held that individuals retain privacy interests in digital data. If the bill's compliance pressures lead platforms to conduct broad content scanning, questions arise about whether that scanning constitutes a government-directed search. The First Amendment is also relevant: courts have recognized that compelled speech and surveillance of communications can chill protected expression. Section 230 modifications touch on Congress's Commerce Clause authority to regulate interstate digital commerce. The Fifth Amendment's due process protections are relevant to the liability framework imposed on platforms. The Fourteenth Amendment's equal protection principles may apply if enforcement is uneven across platform sizes.
Checks and balances
The bill shifts authority in two directions. It grants the executive branch — through the National Commission and the Department of Justice — significant influence over tech industry standards, as the Commission's best practices would effectively set compliance benchmarks that carry legal consequences. Congress retains authority by defining the Commission's mandate and the liability framework. Judicial power is implicated because reduced Section 230 protections would open platforms to civil and criminal litigation, increasing the role of courts in defining platform obligations. State attorneys general would also gain new enforcement tools, shifting some power to the states.
Historical precedent
The Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA-SESTA, 2018) similarly carved out Section 230 liability protections for platforms related to sex trafficking, and is the closest direct precedent. The Children's Online Privacy Protection Act (COPPA, 1998) established earlier federal standards for platform obligations regarding minors.