An interesting thing happens almost any time lawmakers try to control what you see on the internet: they shred your privacy in the process. This happens in at least two ways. First, when the government tells internet services, “Hey, you have to make sure nobody uses your platform to share XYZ, or you face epic liability,” the service provider has to scan everything that crosses its servers to make sure none of it contains XYZ. Users can’t be allowed to encrypt their files or messages because that would make it impossible for the platform to monitor their communications for XYZ. Second, when internet users encounter censorship online, they go looking for tools to route around it. Some of these tools, like VPNs (virtual private networks), offer a potentially helpful way to protect yourself from online surveillance if used from a credible provider. But bad actors offer scam VPNs that do the opposite—they make all of your internet use visible to the VPN maker, giving them the power to violate your privacy to an unprecedented degree.

The NO FAKES Act, which was introduced in the House this week, has this problem. Because it removes Section 230 protections for internet services when it comes to so-called “digital replicas,” companies will have strong incentives to monitor what users post, to ensure that unauthorized digital replicas don’t make their way onto the service. And if filters lead to a broken internet experience for users, they’ll go looking for ways to unclog their browsing experience. That could lead them right into the waiting arms of scammers. Lawmakers should always remember their constituents’ privacy rights and needs as they make new policy for the internet.