A bill recently reintroduced in the Senate, known as the STOP CSAM Act of 2025 (S. 1829), has ignited a debate over its potential consequences for online security and free speech.Critics argue that the bill, intended to curb the spread of child sexual abuse material (CSAM), could inadvertently undermine end-to-end encryption and lead to the censorship of lawful user content.

The proposed legislation seeks to expand the scope of current laws addressing CSAM, which is already illegal. Existing regulations mandate that online service providers with actual knowledge of apparent CSAM on their platforms report it to the National Center for Missing and Exploited Children (NCMEC). NCMEC then relays actionable reports to law enforcement for investigation.

Though, S. 1829 goes further, potentially penalizing services that prioritize user security, including those actively working to eliminate and report CSAM. the bill applies to a wide range of “interactive computer services,” encompassing messaging apps,social media platforms,cloud storage providers,and other online intermediaries.

Concerns Over end-to-End Encryption

The bill targets those who intentionally “host or store child pornography” or knowingly “promote or facilitate” the sexual exploitation of children. It also opens the door for civil lawsuits against providers for the intentional, knowing or even reckless “promotion or facilitation” of conduct relating to child exploitation, the “hosting or storing of child pornography,” or for “making child pornography available to any person.”

The broad terms and low standard for civil liability raise concerns that apps or websites could be held liable for hosting CSAM even without knowledge, potentially impacting services employing end-to-end encryption.

Creating new criminal and civil claims against providers based on broad terms and low standards will undermine digital security for all internet users.

Critics fear that the bill’s broad language could be interpreted to encompass passive conduct, such as merely providing an encrypted app, even though the distribution of CSAM is already prohibited. Encrypted communications providers receiving a CSAM notice might be deemed to have “knowledge” even if they cannot verify it. There are concerns that lawyers might argue that providing an encrypted service recklessly facilitates the sharing of illegal content.

Affirmative Defense Concerns

While the bill includes an affirmative defense for providers where it is “technologically impossible” to remove CSAM without “compromising encryption,” some argue that this protection is insufficient. They contend that online services offering encryption should not have to prove a negative to avoid lawsuits over content they cannot see or control.

The affirmative defense requires providers to defend against litigation, incurring notable costs. Smaller platforms may lack the resources to fight these threats in court. Concerns also exist that plaintiffs might argue that providers not using client-side scanning techniques are acting recklessly, potentially leading to widespread scanning and removal of content.

Free Speech Implications

The bill also creates a new exception to Section 230, allowing lawsuits against internet platforms for “facilitating” child sexual exploitation based on user speech. Section 230 provides immunity to internet intermediaries from liability based on user-generated content. Critics fear that this exception will lead to increased censorship and limit free communication online.

The new exception exposes providers to more lawsuits, which will cause them to limit that legal exposure.Online services will censor more and more user content and accounts, with minimal regard as to whether that content is actually legal. Some platforms may even be forced to shut down or may not even get off the ground in the first place, for fear of being swept up in a flood of litigation and claims around alleged CSAM. On balance, this harms all internet users who rely on intermediaries to connect with their communities and the world at large.