Skip to Content

Free Expression

Illinois Filtering Bill Would Break the ‘Net

/ Emma Llansó

CDT today submitted testimony to the Illinois General Assembly concerning a proposed piece of Internet filtering legislation.  House Bill 3280, the Internet Service Provider Anti-Child Pornography Law, while certainly well-intentioned, would create a laundry list of problems for civil liberties and the technical function of the Internet.  In short, the bill would require ISPs to intercept, reassemble, and compute a hash value for every file Illinois residents transmit or receive over the Internet, compare this hash value to a registry of known child pornography, and block any file that has a matching hash.  We discuss the numerous issues this process raises in-depth in our testimony, but to highlight just a few:

  • The process envisioned in this bill would place a substantial burden on constitutionally protected speech.  Internet communications occurring within or routed through Illinois would slow to a crawl, dramatically diminishing users' opportunities to speak and to access information. The privacy and cybersecurity concerns the process would introduce would further chill users speech.
  • Many types of Internet-based communication simply would not work.  ISPs could not comply with the law if their users employed encrypted connections – indeed, preventing third parties from analyzing your communications is the whole point of encryption.
  • ISPs would have to re-architect their networks to shift away from decentralized packet transmission to a system that routes an entire communication (good luck defining that) through a single point of control.  Streaming video, voice-over-IP, and virtual private networks would all succumb to the new data transmission process required by "the Act."
  • The "global file registry" of known child pornography described in the bill simply does not exist.  If one were created, listing only images that had been determined to be child pornography through a full judicial proceeding, that list would be relatively short.  And, since the bill directs ISPs to implement hash-based filtering, the process would be easily circumventable, as the hash value of an image file changes if a single pixel is altered.
  • If Illinois required ISPs to use a list that included images not previously adjudicated to be child pornography, the Act would effectively institute a government blacklist of content, whether the list was generated by law enforcement itself or co-opted from a private organization such as the National Center for Missing and Exploited Children.

Suffice it to say, HB 3280 is a problematic bill that creates more issues than it solves.  We urge the Illinois General Assembly to consider other more effective, constitutional, and technically sound approaches to combatting child exploitation crimes.

Related Reading

The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

Context Before Code: Meta’s Oversight Board Policy Advisory Opinion on the Word “Shaheed” Calls for Language and Cultural Nuance in Content Moderation
Graphic for CDT's European office. Pale blue / green pixelated background, with a portion of the EU flag's circle of stars emblazoned in white on top.

EU Tech Policy Brief: March 2024
Testimony for the Colorado Senate Business, Labor, and Technology Committee by Aliya Bhatia, Policy Analyst at the Center for Democracy & Technology’s Free Expression Project. White document on black background.

CDT’s Aliya Bhatia Testifies Before Colorado Senate Committee Raising Equity, Free Speech and Privacy Concerns with Mandating Use of Age Verification Tech