Yesterday up on Capitol Hill, I hosted a very interesting discussion about “Next-Generation Parental Controls & Child Safety Efforts.” I thought I’d provide a quick recap here for those who couldn’t attend. [Note: audio of the event will be up shortly at the link above and transcript is in the works.] The event featured Steve Crown, Vice President and Deputy General Counsel of Microsoft Corporation’s Entertainment & Devices Division; Dane Snowden, Vice President of External & State Affairs of CTIA – The Wireless Association; and Stephen Balkam, Chief Executive Officer of Family Online Safety Institute.
Steve Crown of Microsoft kicked the show off with a terrific overview of some the current and next-generation parental control tools and awareness efforts that Microsoft is deploying to help empower parents and keep kids safer both online and in gaming environments. Crown outlined Microsoft’s 5-prong strategy regarding how they have approached these issues on the gaming front, and I think it represents an excellent model of how sensible industry self-regulation and “best practices” can go a long way toward addressing concerns that many parents and policymakers have. The five strategies Crown outlined were: (1) Respect both the freedom of game creators and freedom of choice for game consumers; (2) empower parents with ratings, tools, and information; (3) use independent ratings (like the ESRB) to label content; (4) require all games be rated before they can be used on a platform so that parents can implement blocking controls; and (5) respect regional laws and rating systems in different parts of the globe.
In my book on
Parental Controls & Online Child Safety: A Survey of Tools & Methods, I’ve documented many of the empowerment tools that Microsoft has deployed in recent years to make this empowerment vision a reality. One of the most important things MS does on its XBox 360 console is to provide an immediate “out-of-the-box” prompt for parents to set up parental controls and establish other limitations on online chat, spending, or Internet access. Microsoft announced another cool new feature in November 2007, the “Family Timer.” It lets parents limit how and when children play games on the console. This is similar to the time management tools Microsoft offers in its Vista operating system for PCs. Incidentally, my wife has asked me to start using the Family Timer on our XBox — not for our kids, but for me! This particular 40-year-old man is still a big kid at heart.
Continue reading →
The new Maine law I blogged about on Sunday is much worse than I thought based on my initial reading. If allowed to stand, it would constitute a sweeping age verification mandate introduced through the back door of “child protection.”
The law, which goes into effect in September, would extend the approach of the Children’s Online Privacy Protection Act (COPPA) of 1998 by requiring “verifiable parental consent” before the collection of kids “personal information” about kids, not just those under 13, but also adolescents age 13-17. Unlike other state-level proposals in New Jersey, Illinois, Georgia and North Carolina, Maine’s “COPPA 2.0” law would also cover health information, but would only govern the collection and use of data for marketing purposes (while the FTC has interpreted COPPA to cover to essentially any capability for communicating personal information among users).
But the Maine law would go much further than these proposals or COPPA itself by banning transfer or use of such data in anything other than de-identified, aggregate form. Still I took some comfort in the fact that the Maine law, unlike COPPA or these other proposals, lacked the second of COPPA’s two prongs: (i) collection from kids and (ii) collection on sites that are directed at kids. It’s because of the second prong that COPPA applies not only when a site operator knows that it’s collecting information from kids (or merely allowing them to share information with other users), but also when the operator’s site is (like, say, Club Penguin) targeted to kids in terms of its subject matter, branding, interface,
etc. Because I initially concluded that the Maine law would apply only to knowing collection, I supposed that it would be less likely to require age verification of all users, as other COPPA 2.0 proposals would—something that would be unlikely to survive a First Amendment challenge based on the harm to online anonymity.
But I was quite wrong. During the PFF Capitol Hill briefing Adam and I held on Monday, Jim Halpert, one of our panelists, noted that the bill imposed “strict liability.” Continue reading →
In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.
By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]
In a new PFF white paper, ”
Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.
Continue reading →
It appears that the long legal saga of the Child Online Protection Act of 1998 (COPA) has finally come to a close. This morning, according to AP, the U.S. Supreme Court rejected the government’s latest request to revive the law, which was stuck down as an unconstitutional violation of the First Amendment by lower courts and never went into effect.
COPA was an effort by Congress to modify the Communications Decency Act of 1996 (CDA) in response to the Supreme Court’s decision in Reno v. ACLU finding that the CDA was unconstitutionally over-broad. COPA sought to narrow the scope of regulation and protect minors from sexual material on the Internet by making it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. Although narrower than the CDA, COPA was immediately challenged and also blocked by lower courts because it was still too sweeping in effect. Moreover, the courts found there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.
Following the initial challenge, COPA then became the subject of an epic, decade-long legal battle that finally concluded today when the U.S. Supreme Court refused to revisit the law. COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004. Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal today, lower court rulings stand and COPA will remain unconstitutional and unenforceable.
The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.
While COPA is now dead and buried, it would be foolish to think this is the end of efforts to legislate on this front. Although it remains unclear what the legislative response will look like during a time of Democratic rule, I am certain that legislation will be floated in short order (i.e., “Son of COPA”) to try to get around the constitutional issues and regulate objectionable online content. If legislators were smart, they’d avoid legally risky solutions like more centralized filtering mandates or age verification requirements. They’d be on safer ground to consider going the subsidy route and finding a way to get parental control tools in the hands of more families and institutions. I’m not saying that I favor such subsidies, merely that such an approach would almostly certainly pass legal muster and probably wouldn’t even be challenged in court. They might also consider more public education / PSA-driven approached to online safety. Those approaches may end up finding more support in a Democratic Congress and administration anyway.
[More coverage at NYT, Reuters, CNet and Ars.]
This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year. ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.
Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are
most interested in having the ISTTF evaluate age verification / online verification technologies. In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.” [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]
On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification. Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this. I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]
In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front. I will argue:
- There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
- First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
- Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined. But how do we establish a clear link between parents and kids? And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
- It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
- It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.
Continue reading if you are interested in the details.
Continue reading →
Another chapter in the seemingly never-ending saga of the Child Online Protection Act (COPA) of 1998 was written this week when the Third Circuit Court of Appeals upheld a lower court ruling striking down COPA, which would require Web operators to restrict access to large amounts of online speech and expression. [The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here].
The DOJ will likely appeal the decision, yet again, to the Supreme Court. I can’t be certain, but I know of no other free speech-related law that has made THREE trips to the Supreme Court for review. (If readers know of any laws that can match that record, please let me know). It really is quite amazing, and even a little outrageous, when you think about it. After all, just think of all the time, energy and money that has gone into this 10-year legal fiasco. I know it is the DOJ’s job to defend congressional enactments before the courts, but how might we have spent that time and money if all this litigating wasn’t going on?? Regulation always has opportunity costs and in this case those costs have been 10 years of wrangling among lawyers. Those resources could have been used to educate parents and kids about online safety; to create and disseminate more and better private screening tools; and so on. Alas, we instead have mounds of paper piling up in the courts and millions being spent with nothing to show for it.
Continue reading →
The USA Today editorial board published a nasty piece today belittling MySpace.com’s recent efforts to implement more safeguards for its users. Despite the fact that MySpace made over 70 promises to the Attorneys General as part of the agreement–the entire agreement is summarized here–that’s still not good enough for the USA Today’s editorial board, which wants full-blown identity verification before anyone is allowed on a social networking site:
“Even in the absence of a perfect software solution, interim steps are possible. How about using databases of drivers’ licenses to cross-check ages? In more than 20 states, they are public records. The point is, more effective safeguards are needed now, …. MySpace [should be] moving faster to set up age and ID verifications, not just study them.”
Well, where do I begin? I get so frustrated when I see comments like this because it is abundantly clear to me that people don’t think things through when it comes to age verification. As I pointed out in my lengthy PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” age verification is extremely complicated, and it would be even more complicated in this case because public officials are demanding the age verification of minors as well as adults, which presents a wide array of special challenges and concerns.
What Age Verification Really Is: The Death of Online Anonymity
We need to begin by understanding what age verification really is. By definition, mandatory age verification represents an effort to make online anonymity a crime. In simple terms, citizens would be forced to “show their papers” at the door of every website or else run the risk of being denied access–simply because they do not want to surrender their name or age.
Think about what that means. It’s easy to take the benefits of online anonymity for granted. There are millions of people who comment anonymously on blogs like this one every day, or write anonymous book or product reviews on Amazon.com or eBay, or who just chat with others about various topics under the cloak of anonymity. It is a wonderful thing.
Continue reading →
This morning in New York City, social networking website operator MySpace.com announced a major joint effort with 49 state Attorneys General aimed at better protecting children online. (Coverage at CNet, NYT and Forbes). At a joint press conference, MySpace and the AGs unveiled a “Joint Statement on Key Principles of Social Networking Safety” involving expanded online safety tools, improved education efforts, and law enforcement cooperation. They also agreed to create an industry-wide Internet Safety Technical Task Force to study online safety tools, including a review of online identity authentication technology.
Generally speaking, the agreement is step forward for online safety. Indeed, many of the principles in the agreement could form a potential model “code of conduct” that other social networking sites could adopt. In a report I authored for the Progress & Freedom Foundation in August 2006, I argued that it was vital for companies and trade associations to take steps such as this to avoid the specter of government regulation or censorship:
All companies doing business online… must show policymakers and the general public that they are serious about addressing [online safety] concerns. If companies and trade associations do not step up to the plate and meet this challenge soon—and in a collective fashion—calls will only grow louder for increased government regulation of online speech and activities. What is needed is a voluntary code of conduct for companies doing business online. This code of conduct, or set of industry “best practices,” would be based on a straight-forward set of principles and policies that could be universally adopted by [a] wide variety of operators…
In particular, this code of conduct proposal called for companies to make specific pledges regarding improved online safety tools, expanded education / media literacy efforts, and ongoing assistance to law enforcement regarding investigations of online crimes.
Continue reading →
As Braden mentioned, we were both down in Raleigh, North Carolina this week testifying at a big hearing on mandatory age verification for social networking sites.
It was quite a heated battle. The legislation, SB 132, was supported at the hearing by North Carolina attorney general Roy Cooper, several of his staff attorneys, a couple of NC senate lawmakers, and some folks from Aristotle, a company that claims it has devised a workable age verification solution for social networking purposes. A vote on the proposal was delayed and we’re still awaiting the final outcome.
Down below, I have attached the outline of my remarks in which I argued that age verification mandates would actually make kids
less safe online. Here’s why:
Continue reading →
In late March, I hosted a congressional seminar entitled “Age Verification for Social Networking Sites: Is It Possible? And Desirable?” I brought together 5 experts in the field to debate the issue, including:
- John Cardillo, President & CEO, Sentinel
- Jay Chaudhuri, Special Counsel to North Carolina Attorney General Roy Cooper
- Raye Croghan, Vice President, IDology, Inc.
- Tim Lordan, Executive Director, Internet Education Foundation
- Jeff Schmidt, CEO, Authis
It was an outstanding discussion and I’m happy to report that the transcript is now available online here. Also, you can listen to the audio from the event here. Also, you can find the big study of mine that we discussed that day here.
http://documents.scribd.com/ScribdViewer.swf?document_id=2887394&access_key=key-18jii1mp0o9wovvaijjs&page=&version=1&auto_size=true
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.