Lindsey Graham Proposal Could Expose Apple, Facebook to Lawsuits

Senator Lindsey Graham, a top Trump ally, is targeting giant internet platforms with a child protection measure that could threaten tech companies’ use of encryption and a liability exemption they prize.

The draft bill from Graham, the South Carolina Republican who chairs the Senate Judiciary Committee, mounts a double attack against encrypted services such as Apple Inc.’s iCloud and Facebook Inc.’s WhatsApp chat. It jeopardizes technology companies’ immunity to lawsuits by victims for violating child exploitation and abuse statutes and it lowers the standard to bring such cases.

The bipartisan measure, which was obtained by Bloomberg and hasn’t yet been formally introduced, would affect a wide range of social media companies, cloud service providers, email and text platforms and other technology services. It could put Facebook in the government’s crosshairs for its plans to encrypt all of its messaging apps and undercut Apple’s refusal to create back doors into its devices and services.

Graham’s bill, which Democratic Senator Richard Blumenthal of Connecticut is also working on, calls for Congress and the administration to establish a commission to determine best practices for tech companies to prevent online exploitation of children and allows the attorney general to modify the recommendations.

“The absolute worst-case scenario could easily become reality,” said Berin Szoka, president of TechFreedom, a libertarian think tank aligned with technology companies. “DOJ could effectively ban end-to-end encryption.”

Attorney General William Barr is taking aim at both encryption and the liability shield as he increases scrutiny of technology companies. The Justice Department has tentatively scheduled a Feb. 19 meeting on the future of the immunity known as Section 230 of the Communications Decency Act, according to a person familiar with the plans. The provision protects platforms from responsibility for content posted by third parties.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

If technology companies don’t certify that they are following the best practices set by the 15-member commission, they would lose the legal immunity they currently enjoy under Section 230 relating to child exploitation and abuse laws. That would open the door to lawsuits for “reckless” violations of those laws, a lower standard than contained in current statutes.

The timing of the bill’s introduction remains unclear with senators serving as jurors in the impeachment trial of President Donald Trump.

Facebook and other companies have extensive systems to find, remove and report child-abuse images, as well as other prohibited content such as terrorist propaganda. Their monitoring ability, however, doesn’t extend to systems that are encrypted end-to-end. Online safety experts have said Facebook’s efforts to root out this content will suffer as the company pivots to closed communications modeled on its WhatsApp chat service.

That move “will make it harder to detect — and stop — child abuse and similar crimes,” Manhattan District Attorney Cy Vance said in prepared testimony before Graham’s committee in December. In addition, Apple’s encryption had stymied a sex trafficking investigation that authorities wanted to pursue after hearing a prison telephone call by a suspect, he said.

A spokeswoman for Graham’s committee emphasized that the document is a draft and isn’t final. The Justice Department declined to comment.

Barr has pressured Apple to provide back-door access to encrypted data for law enforcement investigations, urging the company to unlock iPhones used by the gunman behind a Dec. 6 terrorist attack on a Florida Navy base.

Facebook Chief Executive Officer Mark Zuckerberg has conceded the company’s moves may make it harder to find offensive content, but he nonetheless pledged on a Wednesday earnings call to uphold his most controversial positions, including “standing up for encryption, against those who say that privacy mostly helps bad people.”

The Information, a technology news website, earlier reported some details of Graham’s bill, known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or EARN IT Act.

The draft bill represents the latest effort to weaken liability protections for technology platforms after a 2018 measure that pared the exemption for content related to online sex trafficking.

Passage of that law indicated that the rules are changing for an industry that had been the darling of Washington but is now facing a broad, bipartisan backlash.

On Tuesday, a top House Democrat, Representative Jan Schakowsky of Illinois, said she’s reviewing whether the provision should be further revised to stem election misinformation.

Lawmakers have also raised concerns about whether the shield fosters online drug sales and other issues. There have also been complaints from conservatives of political bias. Senator Josh Hawley, a Missouri Republican, has introduced his own bill to withdraw the legal immunity if companies can’t prove to the U.S. that they moderate content in a politically neutral way.

While there are signs there’s bipartisan support to tackle the issues raised by encryption and the liability shield, Congress doesn’t appear to have a unified approach and passage of the measure could be difficult in an election year.

–With assistance from Rebecca Kern, Kurt Wagner and Sarah Frier.