The online proliferation of child sexual abuse material (CSAM), commonly referred to as child pornography, is a problem of massive scale. The National Center for Missing and Exploited Children (NCMEC), a private nonprofit specially authorized by Congress to serve as the nation’s clearinghouse for reports of CSAM imagery, works with law enforcement to locate perpetrators and victims of child sexual abuse. In 2019, NCMEC received over sixty-nine million reports of CSAM, many of them from tech platforms like Google and Facebook.

The proliferation of CSAM online can, in part, be attributed to the under-regulation of tech platforms. While Silicon Valley giants like Facebook have devoted some resources to the problem, these efforts are limited and flawed. Considering both their resources and their direct role in spreading CSAM, tech companies—even large ones—do very little to proactively combat child sexual abuse. That is because the current legal framework requires very little of them. For example, tech companies do not actually have to look for CSAM; they are only required to report CSAM to NCMEC if they become aware of it. Even then, the contents of these reports are optional. Moreover, section 230 of the Communications Decency Act shields tech companies from most legal liability even when people use their services to distribute and store CSAM. This legal protection further disincentivizes companies from looking for CSAM or investing in technology that could improve existing efforts. It is this problem that the proposed EARN IT Act—the subject of this Note—aims to address.

The EARN IT Act would induce tech companies to actively help detect CSAM and enforce CSAM laws. The Act creates a Commission—appointed by Congress and chaired by the Attorney General—tasked with developing best practices for reducing the volume of CSAM hosted on tech company servers. The Commission’s best practices would cover everything from content moderator training and tip line reporting to the use of government-approved photomatching software and the contents of companies’ own terms of service. While the Commission’s recommendations would technically be voluntary, the Act strongly incentivizes compliance by stripping tech platforms of their section 230 protections, thereby exposing them to a flood of costly CSAM-related litigation. To avoid being sued, companies would effectively have no choice but to comply with the Commission’s recommendations, endorsed by the Department of Justice, and work proactively to detect CSAM and prevent its spread online.

In this Note, I argue that the EARN IT Act (or similar legislation), despite its worthy goals, would implicate the Fourth Amendment in potentially troubling ways, raising important questions about the Fourth Amendment’s applicability in the age of social media. While the Constitution normally does not apply to private entities, I argue that the Act would convert tech companies into government agents— active participants in law enforcement. Their searches of user photos and videos would therefore count as government action subject to the Fourth Amendment. I support this conclusion with Supreme Court precedent and recent case law, including a pathmarking opinion by then-Judge Neil Gorsuch. For context, I also include a detailed look at Facebook’s current approach to CSAM, relying on original interviews with three Facebook content moderators and the leading computer scientist in the field. After concluding that the EARN IT Act would implicate the Fourth Amendment by coercing tech companies into conducting searches for CSAM on behalf of the government, I consider whether such searches would actually violate the Fourth Amendment. I identify two ways courts could approve of such searches: the “third-party doctrine,” and by analogy to drug sniffing dogs. While I conclude that the EARN IT Act is likely constitutional, its scheme raises important constitutional questions and represents a major shift in our relationships with both tech companies and the federal government. I therefore suggest that Congress legislate on digital privacy more broadly.

The EARN IT Act has strong bipartisan support; if for some reason it does not pass, it is very likely that a similar bill will. President Joe Biden has repeatedly expressed his desire to strip tech companies of section 230 protections, and prominent Republicans and Democrats have echoed these sentiments. Indeed, President Trump signed a bill into law that targets section 230 in much the same way the EARN IT Act does, albeit with a focus on sex trafficking. Thus, this Note’s analysis is relevant not just to the EARN IT Act, but to future bills aimed at CSAM and section 230.