I’ve been floating around in conservative policy circles for 30 years and I have spent much of that time covering media policy and child safety issues. My time in conservative circles began in 1992 with a 9-year stint at the Heritage Foundation, where I launched the organization’s policy efforts on media regulation, the Internet, and digital technology. Meanwhile, my work on child safety has spanned 4 think tanks, multiple blue ribbon child safety commissions, countless essays, dozens of filings and testimonies, and even a multi-edition book.

During this three-decade run, I’ve tried my hardest to find balanced ways of addressing some of the legitimate concerns that many conservatives have about kids, media content, and online safety issues. Raising kids is the hardest job in the world. My daughter and son are now off at college, but the last twenty years of helping them figure out how to navigate the world and all the challenges it poses was filled with difficulties. This was especially true because my daughter and son faced completely different challenges when it came to media content and online interactions. Simply put, there is no one-size-fits-all playbook when it comes to raising kids or addressing concerns about healthy media interactions.

Something Must Be Done!

My personal approach, as I summarized in my book on these issues, was to first and foremost do everything in my power to (a) keep an open mind about new media content and platforms, and (b) ensure an open line of ongoing communication with my kids about the issues they might be facing. Shutting down conversation or calling for others to come in and save the day were the worst two options, in my opinion. As I summarized in my book, “At the end of the day, there is simply no substitute for talking to our children in an open, loving, and understanding fashion about the realities of-this world, including the more distasteful bits.” This was my Parental Prime Directive, if you will. I just always wanted to make sure that my kids felt like they could talk to me about their issues, no matter how varied, horrible, or heart-breaking those problems might be.

When talking with other parents through the years, I’ve heard about their own unique concerns and struggles. Every family faces different challenges because no two kids or situations are alike. Moreover, the challenges can feel overwhelming in our modern world of information abundance, which is flush with ubiquitous communications and media options. Sometimes these parental frustrations can fester and grow into a sort of rage until you finally hear folks utter that famous phrase: Something must be done! And that “something” is often some sort of government regulation “for the children.”

Again, I get it. When all your best efforts to help or protect your kids don’t seem to work according to plan, it’s only natural to call for help. But there are very serious problems associated with calling on government for that help. When legislators and regulators are asked to play the role of National Nanny, it comes with all the same baggage that accompanies many other efforts by the government to intervene in our lives or control what people or organizations can say or do.

Conservative Contradictions

These are particularly sensitive issues for many conservatives, both because conservatives tend to have more heightened concerns about media content and online safety issues, and also because the steps they often recommend to address these issues can quickly come into conflict with their own first principles.

Let me run through six ways that support for media content controls and child safety regulations can sometimes run afoul of conservative principles.

1) It’s a rejection of personal responsibility

Again, I understand all too well how hard parenting can be. But that does not mean we should abdicate our parental responsibilities to the State. Conservatives have spent decades fighting government when it comes to broken schools and the supposed brainwashing many kids get in them. The rallying cry of conservatives has long been: Let us have a greater say in how we raise and educate our children because the State is failing us or betraying our values.

Thus, when conservatives suggest that the State should be making decisions for us as it pertains to anything the government says is a “child safety” issue, there is some serious cognitive dissonance going on there. In his humorous Devil’s Dictionary, Ambrose Bierce jokingly defined responsibility as, “A detachable burden easily shifted to the shoulders of God, Fate, Fortune, Luck or one’s neighbor. In the days of astrology it was customary to unload it upon a star.” For parental responsibility to actually mean something, it has to be more than a “detachable burden” that we unload upon government.

2) It’s an embrace of the administrative state & arbitrary rule by unelected bureaucrats

Beyond the classroom, conservatives have long been concerned about the specter of massive administrative agencies and armies of unelected bureaucrats controlling our lives from the shadows. I’ve spent decades working with conservative organizations and scholars trying to get the administrative state under some control to scale back its enormous power, arbitrary edicts, and costly burdens. Over-criminalization has become such a problem that, according to the Heritage Foundation, “regulatory offenses… have proliferated to the point that, literally, nobody knows how many federal criminal regulations exist today.” We’re all criminals of some sort in the eyes of the modern regulatory state.

Yet, when conservatives advocate the expansion of the administrative state through new “online safety” regulations, they are just making the over-criminalization problem worse, including by treating our own children as guilty parties for simply trying to access the primary media platforms of their generation and interact with their friends there. For example, calls to ban all teens from social media until they’re 18 would result in the most massive “forbidden fruit” nightmare in American history, with every teen suddenly becoming a criminal actor and working together to tunnel around bans using the same sort of VPNs and evasion technologies people in China and other repressive nations use to get around over-bearing speech policies. [See: “Again, We Should Not Ban All Teens from Social Media”]

Needless to say, all this regulation and bureaucratic empowerment would have massive negative externalities for online freedom more generally as the era of “permissionless innovation” is replaced by a new age of permission-slip regulation.

3) It’s a rejection of the First Amendment & free speech rights

Conservatives have spent many decades pushing for greater First Amendment-based freedoms as it pertains to religious liberty and or organizational/corporate speech issues. Thus, when conservatives seek to undermine free speech principles and jurisprudence in the name of child safety, it could undo everything conservatives have been fighting to accomplish in those other contexts.

Conservatives are understandably upset with some social media platforms for being too over-zealous with certain types of speech takedowns or de-platformings. But two wrongs don’t make a right, and they should not be calling on Big Government to be imposing its own editorial judgments in place of private actors. [See: “The Great Deplatforming of 2021“ and “When It Comes to Fighting Social Media Bias, More Regulation Is Not the Answer.“]

4) It’s a rejection of property rights and freedom more generally

Related to the previous two points, conservatives have long upheld the sanctity of property rights in many different contexts. This includes the property rights that private establishments enjoy under the Constitution to generally decide how to structure their operations, who they will do business with, and how they will do so. Private organizations and religious institutions possess not only free speech rights in this regard, but property and contractual rights, too.

But when it comes to “child safety” mandates, some conservatives would toss all this out the window and undermine those rights, replacing them with burdensome regulatory mandates that tell private parties how to conduct their affairs. Again, there’s a lot of cognitive dissonance going on here and it could have serious blowback for conservatives when the property / contractual rights of other people or organizations are undermined on similar grounds.

5) It’s an embrace of frivolous lawsuits & the trial lawyers that bring them

The last time I checked, trial lawyers were not exactly the most conservative-friendly constituency. For many decades, conservatives have looked to advance tort reform, limit junk science and frivolous lawsuits, and make sure that the courts don’t engage in excessive judicial activism.

Unfortunately, many of the child safety regulations being proposed today would empower the regulatory state and trial lawyers at the same time. Many of the bills being floated open the door to open-ended litigation and potentially punishing liability for private platforms — and not just against deep-pocketed “Big Tech” companies. The fact is, once conservatives open the litigation floodgates based on amorphous accusations of potential online safety harms, they will be empowering the tort bar (one of the biggest supporters of the Democratic Party, no less) to launch a legal jihad against any and every media platform out there. Good luck putting that genie back in the bottle once you unleash it.

6) It’s an embrace of the same moral panic arguments your parents leveled against you

How quickly we forget the accusations our own parents and others leveled against us as children. Remember when video games were going to make us a lost generation of murderous youth? Or when rap and rock-and-roll music were going to send us straight to hell? Today, those kids are all grown up and trying to tell us that they are fine but it’s this latest generation that is doomed. It’s just an endless generational cycle of moral panics. [See: “Why Do We Always Sell the Next Generation Short?” and “Confessions of a ‘Vidiot’: 50 Years of Video Games & Moral Panics”] Today’s conservatives need to remember that they, too, were once kids and somehow muddled through to adulthood.

The “3-E” Approach Is the Better Answer

At this point, some of the people who’ve read this far are screaming at the screen: “So, are you saying we should just do nothing!?”

Absolutely not. But it is important that we consider less onerous and more practical ways to address these challenging issues without falling prey to Big Government gimmicks that would undermine other important principles. We should start by acknowledging that there are no easy fixes or silver-bullet solutions. The plain truth of the matter is that the best solutions here can seem messy and unsatisfying to many because they require enormous ongoing efforts to mentor and assist our kids at a far deeper level than some folks are comfortable with.

For example, it is just insanely uncomfortable to have to speak with your kids about online bullying or harassment, pornography, violence in movies and games, hate speech, and so on. And I haven’t even mentioned the hardest things to talk to kids about: The daily news of the real world: wars, violence, tragic accidents, famines, etc. Honestly, the hardest conversations I’ve had to have with my kids were those about school shootings. By comparison, many other discussions about online content and interactions were much easier. To the extent that we’re attempting to measure and address negative media affects, I firmly believe that there a few things in this world more horrifying to kids — or harder to talk with them about — than the first 10 minutes of what’s on cable news each hour of the day.

Regardless, whether we’re talking about the potential “harms” or mass media or online content, we cannot pretend there exists a simple solution to any of it. Here’s the better approach.

I recently authored a study for the American Enterprise Institute on, “Governing Emerging Technology in an Age of Policy Fragmentation and Disequilibrium.” It was my attempt to sketch out a flexible, pragmatic, bottom-up set of governance principles for modern technology platforms and issues. In that report, I noted how “[t]he First Amendment constitutes a particularly high barrier to the use of hard law in the United States,” and that court challenges were likely to continue to block many of the regulatory efforts being floated today, just as been the case countless times before in recent decades. Thus, we need to have backup approaches to online safety beyond one-size-fits-all regulatory Hail Mary passes.

I have described that backup plan as the “3-E” approach or “layered approach” to online safety:

• Empowerment of parents: Parental controls cannot solve all the world’s problems. It’s better to view them as helpful speed bumps or emergency alerts for when things are going badly for your child. In the old days, we placed a lot of faith in filtering, and that still has a role along with other tools that help place some reasonable limits not only on content but also overall consumption. But the best types of parental empowerment are those that force conversations between parents and kids by allowing reasonable monitoring to happen that is scaled by age (as in more limits for younger kids until they are gradually relaxed over time). And other carrot-and-stick tools and approaches are incredibly useful in helping parents place smart limits on youth activity and overall consumption.
• Education of youth: Education is the strategy with the most lasting impact for online safety. Education and digital literacy provide skills and wisdom that can last a lifetime. Specifically, education can help teach both kids (and adults!) how to behave in — or respond to — a wide variety of situations. Building resiliency and encouraging healthy interactions is the goal.
• Enforcement of existing laws: There are many sensible and straightforward laws already in place that address more concrete types of harm and harassment. And we have lots of laws pertaining to fraud and unfair and deceptive practices. Sometimes these rules can be challenging (and time-consuming) to enforce, but they constitute an existing backstop that can handle most worst-case scenarios when other less-restrictive steps fall short. And we should certainly tap these existing remedies before advancing unworkable new regulatory regimes.

I noted in my AEI study that, between 2000 and 2010, six major online-safety task forces or blue-ribbon commissions were formed to study online-safety issues and consider what should be done to address them. Each of them recommended some variant of the “3-E” approach as they encouraged a variety of best practices, educational approaches, and technological-empowerment solutions to address various safety concerns. Self-regulatory codes, private content-rating systems, and a wide variety of different parental-control technologies all proliferated during this period. Many multi-stakeholder initiatives and other organizations were also formed to address governance issues collaboratively. There are countless groups doing important work on this front today, including my old friends at the Family Online Safety Institute (FOSI) among many others.

These organizations push for a layered approach to online safety and work closely with educators, child development experts, and other academics and activists to find workable solutions to new online safety challenges as they arise. Their work is never done, and at times it can feel overwhelming. But, again, it’s the nature of the task at hand. We all must work together to continuously devise new and better approaches to addressing these challenges, because they will be endless. But let’s please not expect that we can unload these responsibilities on government and expect regulators to somehow handle it for us.

Do the Ends Justify the Means When it Comes to Media & Content Control?

I could be wasting my breath here because I’ve been attempting to appeal to conservative principles that may be rapidly disappearing from the modern conservative movement. Donald Trump radically disrupted everything in American politics, but especially the Republican Party. Many so-called national conservatives now live by Trump’s central operating principle: The ends justify the means. The ends are “owning the libs” in any way possible. And “the libs” include not only anyone on the Left of the political spectrum, but even those individuals and institutions that Trumpian conservatives believe are “the enemy” and controlled by “liberal interests.” By their definition, this now includes virtually all large media and technology companies and platforms. Thus, when we turn to the means, it’s increasingly the case that just about anything goes — including many traditional conservative principles.

To see how far we’ve come, recall what President Ronald Reagan said 35 years ago when vetoing an effort to reinstate the Fairness Doctrine. “History has shown that the dangers of an overly timid or biased press cannot be averted through bureaucratic regulation, but only through the freedom and compe­tition that the First Amendment sought to guarantee,” he said. At the time, President Reagan was confronted with some of the same arguments we hear today about media being too biased or conservatives not getting a fair shake. But he called upon his fellow conservatives to reject the idea that Big Government was the solution to such problems.

Unfortunately, Mr. Trump and some of his most loyal followers and even some major conservative groups today have largely given up on this logic and instead embraced regulation. While Trumpian conservatives love to decry everyone they oppose as “communists,” ironically it is this same group that is embracing a sort of communications collectivism as it pertains to modern media control. In the Trumpian worldview, media and tech platforms are useful only to the extent they carry out the will of the party — or at least the man on top of it.

These national conservatives have made a horrible miscalculation. Feeling aggrieved by Big Tech “bias,” or just feeling overwhelmed by things they don’t like about online platforms, they’ve decided that two wrongs make a right. In reality, two political wrongs never make a right, but they almost always combine to make government a lot bigger and more powerful.

It’s an incredibly naïve gamble almost certainly destined to fail, but they should ask themselves what it means if it works. This endless ratcheting effect will result in comprehensive state control of most channels of communications and information dissemination. Is this a game that you really think you can play better than the Lefties?

I’ll close by returning to one of Reagan’s favorite jokes. He always used to say that, “The nine most terrifying words in the English language are: I’m from the government and I’m here to help.” I would suggest that an even scarier version of that line would be, “We’re from the government and we’re here to help you parent your kids.”

Don’t let it be you uttering that line.

______________

Additional Reading

· Adam Thierer, “Again, We Should Not Ban All Teens from Social Media”

· Adam Thierer, “Why Do We Always Sell the Next Generation Short?”

· Adam Thierer, “The Classical Liberal Approach to Digital Media Free Speech Issues”

· Adam Thierer, “Confessions of a ‘Vidiot’: 50 Years of Video Games & Moral Panics”

· Adam Thierer, “Left and right take aim at Big Tech — and the First Amendment“

· Adam Thierer, “When It Comes to Fighting Social Media Bias, More Regulation Is Not the Answer“

· Adam Thierer, “Ongoing Series: Moral Panics / Techno-Panics”

· Adam Thierer, “No Goldilocks Formula for Content Moderation in Social Media or the Metaverse, But Algorithms Still Help”

· Adam Thierer, “FCC’s O’Rielly on First Amendment & Fairness Doctrine Dangers“

· Adam Thierer, “Conservatives & Common Carriage: Contradictions & Challenges“

· Adam Thierer, “The Great Deplatforming of 2021“

· Adam Thierer, “A Good Time to Re-Read Reagan’s Fairness Doctrine Veto“

· Adam Thierer, “Sen. Hawley’s Radical, Paternalistic Plan to Remake the Internet“

· Adam Thierer, “How Conservatives Came to Favor the Fairness Doctrine & Net Neutrality“

· Adam Thierer, “Sen. Hawley’s Moral Panic Over Social Media“

· Adam Thierer, “The White House Social Media Summit and the Return of ‘Regulation by Raised Eyebrow’“

· Adam Thierer, “The Surprising Ideological Origins of Trump’s Communications Collectivism“

· Adam Thierer, Parental Controls & Online Child Protection: A Survey of Tools and Methods (2009).

Last week, it was my great pleasure to be invited on NPR’s “On Point with Tom Ashbrook,” to debate Jeffrey Rosen, a leading privacy scholar and the president and chief executive of the National Constitution Center. In an editorial in the previous Sunday’s New York Times (“Madison’s Privacy Blind Spot”), Rosen proposed “constitutional amendment to prohibit unreasonable searches and seizures of our persons and electronic effects, whether by the government or by private corporations like Google and AT&T.” He said his proposed amendment would limit “outrageous and unreasonable” collection practices and would even disallow consumers from sharing their personal information with private actors even if they saw an advantage in doing so.

I responded to Rosen’s proposal in an essay posted on the IAPP  Privacy Perspectives blog, “Do We Need A Constitutional Amendment Restricting Private-Sector Data Collection?” In my essay, I argued that there are several legal, economic, and practical problems with Rosen’s proposal. You can head over to the IAPP blog to read my entire response but the gist of it is that “a constitutional amendment [governing private data collection] would be too sweeping in effect and that better alternatives exist to deal with the privacy concerns he identifies.” There are very good reasons we treat public and private actors differently under the law and there “are all far more practical and less-restrictive steps that can be taken without resorting to the sort of constitutional sledgehammer that Jeff Rosen favors. We can protect privacy without rewriting the Constitution or upending the information economy,” I concluded.

But I wanted to elaborate on one particular thing I found particularly interesting about Rosen’s comments when we were on NPR together. During the show, Rosen kept stressing how we needed to adopt a more European construction of privacy as “dignity rights” and he even said his proposed privacy amendment would even disallow individuals from surrendering their private data or their privacy because he viewed these rights as “unalienable.” In other words, from Rosen’s perspective, privacy pretty much trumps  everything, even if you want to trade it off against other values. 

Privacy Paternalism?

I’ve been seeing more and more privacy advocates and scholars adopt this attitude, including Anita Allen, Julie Cohen, Siva Vaidhyanathan, and others. Allen, for example, says that privacy is such a “foundational” human right that it some cases the law should override individual choice when consumers act against their own privacy interests. Cohen and Vaidhyanathan make similar arguments in their recent books. Vaidhyanathan claims that consumers are being tricked by the “smokescreen” of “free” online services and “freedom of choice.” Although he admits that no one is forced to use online services and that consumers are also able to opt-out of most of services or data collection practices, he argues that “such choices mean very little” because “the design of the system rigs it in favor of the interests of the company and against the interests of users.” “Celebrating freedom and user autonomy is one of the great rhetorical ploys of the global information economy,” he says.“We are conditioned to believe that having more choices–empty though they may be–is the very essence of human freedom. But meaningful freedom implies real control over the conditions of one’s life.” These are the sort of arguments I increasingly hear made by privacy scholars when claiming that consumers simply can’t be left free to make choices for themselves in this regard.  In an interesting recent article in the Harvard Law Review , privacy scholar  Daniel Solove notes that what binds these thinkers and their work together is, in essence, a sort of privacy paternalism. The point of most modern privacy advocacy has been to better empower consumers to make privacy decisions for themselves. But, Solove notes, “t he implication [of these privacy scholar’s work] is that the law must override individual consent in certain instances.” Yet, if that choice is taken away from us by law, Solove notes, then privacy regulation, “risks becoming too paternalistic. Regulation that sidesteps consent denies people the freedom to make choices,” Solove argues.

Jeff Rosen now appears to be adopting the sort of approach Solove identifies by claiming that privacy is an “unalienable right” such that it cannot be traded away for other things. By making that choice for us, Rosen’s proposed amendment would, therefore, suffer from that same sort of privacy paternalism Solove identifies. In a forthcoming law review aritcle that will appear in the  Maine Law Review, I identify some of the problems associated with privacy paternalism. Most obviously, these scholars should keep in mind that not everyone shares the same privacy values as they do and that many of us will voluntarily trade some of our data for the innovative information services and devices that we desire. If imposed in the form of legal sanctions, privacy paternalism would open the door to almost boundless controls on the activities of both producers and consumers of digital services, potentially limiting future innovations in this space.

For example, when we were on  NPR together, Rosen mentioned wireless geolocation technology as a potential source of serious privacy harm, although he did not make it clear whether he wanted it stopped entirely or what. If used improperly, wireless geolocation technology certainly can raise serious privacy concerns. But wireless geolocation technology is also what powers the mapping and traffic services that most of us now take for granted. Many of us expect — no, we demand — that our digital devices be able to give us real-time mapping and traffic notification capabilities. And most of us are willing to make the minor privacy trade-off associated with sharing our location constantly in exchange for the right to receive these services, which are also provided to us free of charge.

So, what would Rosen’s proposed amendment have to say about this trade-off? Would these wireless geolocation technologies be banned altogether, even if consumers desire them? It isn’t really clear at this point because he hasn’t offered us many details about his proposal. But, to the extent it would preempt these technological capabilities on the grounds that our locational privacy is somehow in unalienable right, then that seems like a fairly paternalistic approach to policy and it it would seem to confirm Thomas Lenard and Paul Rubin’s claim that “many of the privacy advocates and writers on the subject do not trust the consumers for whom they purport to advocate.”

Such paternalism is particularly problematic in this case since privacy is such a highly subjective value and one that evolves over time. As Solove notes, “the correct choices regarding privacy and data use are not always clear. For example, although extensive self-exposure can have disastrous consequences, many people use social media successfully and productively.” Privacy norms and ethics are changing faster than ever today. One day’s “creepy” tool or service is often the next day’s “killer app.”

Balancing Values; Considering Costs

As I will discuss in my forthcoming  Maine Law Review article and I also discussed in my recent George Mason University Law Review  article, at least here in the United States, consumer protection standards have traditionally depended on a clear showing of actual, not prospective or hypothetical, harm. In some cases, when the potential harm associated with a particular practice or technology is extreme in character and poses a direct threat to physical well-being, law has preempted the general presumption that ongoing experimentation and innovation should be allowed by default. But these are extremely rare scenarios, at least as it pertains to privacy concerns under American law, and they mostly involved health and safety measures aimed at preemptively avoiding catastrophic harm to individual or environmental well-being. In the vast majority of other cases, our culture has not accepted that paternalistic idea that law must “save us from ourselves” (i.e., our own irrationality or mistakes). As Solove notes in his recent essay, “People make decisions all the time that are not in their best interests. People relinquish rights and take bad risks, and the law often does not stop them.” Sometimes privacy advocates also ignore the costs of preemptive policy action and don’t bother conducting a serious review of the potential costs of their regulatory proposals. As a result, preemptive policy action is almost always the preferred remedy to any alleged harm. “By limiting or conditioning the collection of information, regulators can limit market manipulation at the activity level,” Ryan Calo argues in a recent paper. “We could imagine the government fashioning a rule — perhaps inadvisable for other reasons―that limits the collection of information about consumers in order to reduce asymmetries of information.” [*Clarification: In a comment down below and a subsequent Twitter exchange, Ryan clarifies that he ultimately does not come down in favor of such a rule, preferring instead to find various other incentives to solve these problems. I thank him for this clarification — and definitely welcome it! — although I found his position somewhat murky after debating him personally on these issues recently. Nonetheless, I apologize if I mischaracterized his position in any way here.]

Unfortunately, Professor Calo does not fully consider the corresponding cost of such regulatory proposals in calling for the enactment of such a rule. If preemptive regulation slowed or ended certain information practices, it could stifle the provision of new and better services that consumers demand, as I have noted elsewhere. It might also trump other choices or values that consumers care about. While privacy is obviously an incredibly important value, we cannot assume that it is the only value, or the most important value, at stake here. Consumers also care about having access to a constantly growing array of innovative goods and services, and they also care about getting those goods and services at a reasonable price.

Moving from “Rights Talk” to Practical Privacy Solutions

This is the point in the essay where some readers are getting pretty frustrated with me and thinking I am some sort of nihilist who doesn’t give a damn about privacy. I assure you that nothing is further from the truth and that I care very deeply about privacy.

But if you really care about expanding the horizons of privacy protection in our modern world, at some point you have to accept that all the “rights talk” and top-down enforcement efforts in the world are not necessarily going to help as much as you wish they would. The same thing is true for online safety, digital security, and IP protection efforts: No matter how much you might wish the opposite was true, information control is just really, really hard. Legal and regulatory approaches to bottling up information flows will inevitably be several steps behind cutting-edge technological developments. (I’ve discussed these issues in several essays here, including: “Privacy as an Information Control Regime: The Challenges Ahead,” “Copyright, Privacy, Property Rights & Information Control: Common Themes, Common Challenges,” and “When It Comes to Information Control, Everybody Has a Pet Issue & Everyone Will Be Disappointed.”)

That doesn’t mean we should surrender in our efforts to identify more concrete privacy harms, but we should recognize that it will always be a hugely contentious matter and that a great many people will gladly trade away their privacy in a way that others will consider outrageous. In a free society, we must allow them to do so if they derive greater utility from other things. A paternalistic approach based on a sort of privacy fundamentalism will deny them the right to make that choice for themselves. And, practically speaking, no matter how much some might think that privacy values are “unalienable,” the reality is that there will be no way to stop many others from making different choices and relinquishing their privacy all the time.

Educating and empowering citizens is the better way to address this issue. We can try to teach them to make better privacy choices and treat their information, and information about others, with far greater care. We should also work to provide citizens more tools to help accomplish those goals. And if the problem is “information asymmetry” or some general lack of awareness about certain data collection and use practices, then let’s work even harder to make sure consumers are aware of those practices and what they can do about them.

It’s all part of the media literacy and digital citizenship agenda that we need to be investing much more of time and resources into. I outlined that approach in much more detail in this law review article. We need diverse tools and strategies for a diverse citizenry. We need to be talking to both consumers and developers about smarter data hygiene and sensible digital ethics. We need more transparency. We need more privacy privacy professionals working inside organizations to craft sensible data collection and use policies. And so on. Only by working to change attitudes about privacy, online “Netiquette,” and more ethical data use, can we really start to make a dent in this problem.

If nothing else, we must understand the limitations of information control in such highly context-specific harm scenarios. Prof. Rosen might want to ask himself how long it would take to even get his proposed constitutional amendment in place and what the chances are such a movement would even been successful. But, again, and far more importantly, Prof. Rosen and advocates of similar regulatory approaches should remember that their values are not shared by everyone and that, in a free society, a value as inherently subjective as privacy is likely to remain a hugely contentious, every-changing matter, especially when elevated to the level of constitutional rights talk. We need practical solutions to our privacy problems, not pie-in-the-sky Hail Mary schemes that are unlikely to go anywhere and, even if they did, would end up being too heavy-handed and potentially override individual autonomy in the process.

The Mercatus Center at George Mason University has just released my new white paper, “The Perils of Classifying Social Media Platforms as Public Utilities.” [PDF] I first presented a draft of this paper last November at a Michigan State University conference on “The Governance of Social Media.” [Video of my panel here.]

In this paper, I note that to the extent public utility-style regulation has been debated within the Internet policy arena over the past decade, the focus has been almost entirely on the physical layer of the Internet. The question has been whether Internet service providers should be considered “essential facilities” or “natural monopolies” and regulated as public utilities. The debate over “net neutrality” regulation has been animated by such concerns.

While that debate still rages, the rhetoric of public utilities and essential facilities is increasingly creeping into policy discussions about other layers of the Internet, such as the search layer. More recently, there have been rumblings within academic and public policy circles regarding whether social media platforms, especially social networking sites, might also possess public utility characteristics. Presumably, such a classification would entail greater regulation of those sites’ structures and business practices.

Proponents of treating social media platforms as public utilities offer a variety of justifications for regulation. Amorphous “fairness” concerns animate many of these calls, but privacy and reputational concerns are also frequently mentioned as rationales for regulation. Proponents of regulation also sometimes invoke “social utility” or “social commons” arguments in defense of increased government oversight, even though these notions lack clear definition.

Social media platforms do not resemble traditional public utilities, however, and there are good reasons why policymakers should avoid a rush to regulate them as such. Treating these nascent digital services as regulated utilities would harm consumer welfare because public utility regulation has traditionally been the archenemy of innovation and competition. Furthermore, treating today’s leading social media providers as digital essential facilities threatens to convert “natural monopoly” or “essential facility” claims into self-fulfilling prophecies. Related proposals to mandate “API neutrality” or enforce a “Separations Principle” on integrated information platforms would be particularly problematic. Such regulation also threatens innovation and investment. Marketplace experimentation in search of sustainable business models should not be made illegal.

Remedies less onerous than regulation are available. Transparency and data-portability policies would solve many of the problems that concern critics, and numerous private empowerment solutions exist for those users concerned about their privacy on social media sites.

Finally, because social media are fundamentally tied up with the production and dissemination of speech and expression, First Amendment values are at stake, warranting heightened constitutional scrutiny of proposals for regulation. Social media providers should possess the editorial discretion to determine how their platforms are configured and what can appear on them.

This 63-page paper can be found on the Mercatus site here, on SSRN, or on Scribd.  I’ve also embedded it below in a Scribd reader. Eventually, a shorter version of this paper will appear as a chapter in a MIT Press book.

Social Networks as Public Utilities [Adam Thierer]

This week I will again be attending the Family Online Safety Institute’s excellent annual summit. The 2-day affair brings together some of the world’s leading experts on online safety and privacy issues. It’s a great chance to learn about major developments in the field. As I was preparing for the session I am moderating on Thursday, I thought back to the first FOSI annual conference, which took place back in 2007. What is remarkable about that period compared to now is that there was a flurry of legislative and regulatory activity related to online child safety then that we simply do not see today.

In fact, just 3 1/2 years ago, John Morris of the Center for Democracy and Technology and I compile a legislative index [summary here] that cataloged the more than 30 legislative proposals that had been introduced in the the 110th session of Congress. There was also a great deal of interest in these issues within the regulatory community. Finally, countless state and local measures related to online safety and speech issues had been floated. Today, by contrast, it is hard for me to find any legislative measures focused on online safety regulation at the federal level, and I don’t see much activity at the agency level either. I haven’t surveyed state and local activity, but it seems like it has also died down.

Generally speaking, I think this is a good development since I am opposed to most proposals to regulate online speech, expression, or conduct. But let’s ignore the particular wisdom of such measures and ask a simple question: What explains the decline in Internet safety legislation and online content regulation? I believe there are three possible explanations:

1) The effectiveness of education and awareness-building strategies

I would like to believe that all the efforts made by various groups and individuals (including myself) to encourage policymakers to adopt  “Educate & Empower” approaches over “Legislative & Regulate” approaches are finally bearing fruit. The first instinct for many policymakers is to legislate immediately and then worry about the consequences later (if at all). But such approaches, no matter how well-intentioned, often backfire and have myriad unintended consequences (including the problem addressed next). So, perhaps it is the case that lawmakers and regulators are finally coming to realize that education and awareness approaches — married to empowerment-based efforts — are actually the more sensible approach compared to a flurry of legislative measures that ultimately accomplish very little.

2) The deterrent effect of inevitable and lengthy constitutional challenges

Here are two things I know for certain: First, almost every Internet-related measure faces a constitutional challenge, typically on First Amendment grounds (but sometimes also on Sec. 230 grounds). Second, most of those challenges succeed. I don’t have hard stats to back up this assertion, but I’d bet that there are few areas of modern law that have witnessed a higher percentage of successful constitutional challenges in recent years than the field of cyberlaw.  Taking that as a given, one must assume that at some point it becomes a deterrent to additional state action in this field.  Why waste years legislating and regulating if it is all enjoined and then overturned a short time later?

3) Resurgence of privacy as major policy issue and the emergence of cybersecurity as a policy issue

It could also be that case that privacy policy crowds out congressional interest in online safety legislation. In fact, it seems like these issues often move in opposing waves. When a wave of online safety legislative and regulatory activity is cresting, interest in privacy policy seems to fall. That certainly seemed to be the case between roughly 2005 and 2008 when online safety dominated congressional debates and privacy was hardly on the radar.  Today the reverse is true. Privacy has been the dominant Internet policy issue of the past year or so. It is sucking all the oxygen out of the room — whether that room is a congressional hearing room, a regulatory agency event, or even academic conferences.

Importantly, cybersecurity has rapidly emerged as a major new fault line in Internet policy debates. It, too, is eating up a lot of the “attention bandwidth” available among policymakers today.  And intellectual property matters always seem to be percolating out there.

It is my belief that because some of these Net policy issues are so complicated, policymakers are sometimes discouraged from doing a “deep dive” on them. To the extent they do, it seems unlikely that lawmakers are willing to invest serious time in more than a couple of these arcane matters at one time. Also, don’t forget how busy the relevant committees (Commerce and Judiciary) are with other, not tech policy-related matters. On any given legislative day, they could be handling a wide range of other policy issues that crowd out the amount of attention they can devote to Net policy matters, which are often far down the list of legislative priorities. Again, I’m generally pretty happy about that fact! I’d rather lawmakers go slow on these issues, whether the slow pace of the action is intentional or not.

So, what do you think? Are there other possible explanations for why we’ve seen less activity on the online safety / Internet content regulation front in recent years?

Yesterday’s 7-2 decision in Brown v. EMA [summaries here from me + Berin Szoka] was one of those historic First Amendment rulings that tends to bring out passions in people. You either loved it or hated it. But it’s sad to see some critics on the losing end of the case declaring that only greed could have possibly motivated the Court’s decision.

For example, California Senator Leland Yee, the author of the law that the Supreme Court struck down yesterday, obviously wasn’t happy about the outcome of the case. Neither was James Steyer, CEO of the advocacy group Common Sense Media, who has been a vociferous advocate of the California law and measures like it. What they had to say in response to the decision, however, was outlandish and juvenile. In essence, they both claimed that the Supreme Court only struck down the law to make video game developers and retailers happy.

“Unfortunately, the majority of the Supreme Court once again put the interests of corporate America before the interests of our children,” Leland Yee said in a post on his website yesterday. “As a result of their decision, Wal-Mart and the video game industry will continue to make billions of dollars at the expense of our kids’ mental health and the safety of our community. It is simply wrong that the video game industry can be allowed to put their profit margins over the rights of parents and the well-being of children.” Jim Steyer reached a similar conclusion: “Today’s decision is a disappointing one for parents, educators, and all who care about kids,” he said. “Today, the multi-billion dollar video game industry is celebrating the fact that their profits have been protected, but we will continue to fight for the best interests of kids and families.”

Mr. Yee and Mr. Steyer seem to be under the impression that the Court and supporters of its ruling in Brown cannot possibly care about children and that something sinister motivates our passion about the victory. Apparently we’re all just apparently in it to make video game industry fat cats and retailing giants happy! That’s a truly insulting position for Mr. Yee and Mr. Steyer to adopt. Perhaps it is just because they are sore about the outcome in the case that are adopting such rhetorical tactics. Regardless, I think they do themselves, their constituencies, and the public a great injustice by suggesting that only greed could possibly be motivating the outcome in this case.

Why is it so hard for Mr. Yee and Mr. Steyer to believe that many of us — like the majority writing for the Court in Brown — believe that video games represent valuable, constitutionally protected speech and that laws like those in California are an affront to First Amendment rights we cherish? What Mr. Yee and Mr. Steyer are asking us to believe is that all those average gamers and free speech advocates who lined up behind the video game industry and merchants who brought this case did so only out of a concern about the welfare of those companies.  Preposterous!  Anyone who knows anything about game industry politics knows that some rather serious tensions exist between gamers, game developers, and game retailers.

Incidentally, it’s particular silly for Mr. Yee to single out Wal-Mart in his comment yesterday since Wal-Mart actually goes to great lengths to keep “Mature”-rated games out of the hands of minors who might try to purchase them on their own. But I could care less about how much money Wal-Mart, any other retailer, or any video game developer makes from selling games. That’s the last thing on the mind of most First Amendment supporters when they praise this decision and it’s ridiculous that Mr. Yee and Mr. Steyer would list it as the primary motivation of the Court or supporters of the decision.

And then there’s Mr. Steyer’s comment that “today’s decision is a disappointing one for parents, educators, and all who care about kids.”  Utterly insulting tripe. Millions of parents like me “care about kids” passionately and devote most of our lives to raising them properly. I understand you want to help us do that, but you are not helping when you insult the very people you say your organization exists to support.

I have repeatedly praised Common Sense Media here and elsewhere for many of the outstanding services and information they provide to parents. My wife and I regularly consult CSM’s excellent movie and video game summaries before we let our kids consume certain titles. It was also my great privilege to serve on a blue ribbon online child safety task force that CSM created and co-sponsored.

But when Mr. Steyer veers into this sort of hysterical ‘you’re-either-for-these-laws-or-you’re-against-children’ sort of lunacy, it really makes me question whether I should frequent his organization’s website anymore or have any further interaction with this group. While I appreciate CSM’s efforts to empower parents with more and better information about the content our families consume, it is insulting in the extreme for Mr. Steyer to suggest that you can’t “care about kids” and also care about the First Amendment.

Like the majority of the justices on the Court, I support limits on how our government controls speech because we live in a nation that cherishes freedom of expression and personal responsibility.  We should not expect Uncle Sam to act as a national nanny and make subjective determinations about what is best for our families. As Catherine Ross, a professor at George Washington University Law School, noted in a nice Washington Post oped, “By rejecting this radical path, the justices [in Brown] protected our children by preserving our liberty.”

Quite right.  I’m proud the Supreme Court sided with freedom yesterday and against the sort of nannyism from above that Mr. Steyer and Mr. Yee apparently favor and equate with “caring about kids.”  These men obviously don’t take First Amendment rights quite as seriously as some of the rest of us. But shame on them for claiming that just because many of us (or the Courts) do take these rights and responsibilities seriously that it somehow means we don’t care about our children or that we only believe these things in order to make corporations happy.

PFF has just released the transcript of an excellent panel discussion I moderated last week entitled, “Let’s Make a Deal: Broadcasters, Mobile Broadband, and a Market in Spectrum.”  As I’ve mentioned here before, one of the hottest issues in DC right now is the question of broadcast TV spectrum reallocation.  Blair Levin, who serves as the Executive Director of the Omnibus Broadband Initiative at the Federal Communications Commission, recently raised the possibility of reallocating a portion of broadcast television spectrum for alternative purposes, namely, mobile broadband. Such a “cash-for-spectrum” swap would give mobile broadband providers to spectrum they need to roll out next generation wireless broadband networks while making sure broadcaster receive compensation for any spectrum they hand over.  The FCC just recently released a public notice on “Data Sought on Users of Spectrum,” (NBP Public Notice # 26) that looks into the matter. “This inquiry,” the agency says,” takes into account the value that the United States puts on free, over-the-air television, while also exploring market-based mechanisms for television broadcasters to contribute to the broadband effort any spectrum in excess of that which they need to meet their public interest obligations and remain financially viable.” Meanwhile, the House Energy and Commerce Communications Subcommittee is set to hold a hearing on the issue next Tuesday.

PFF’s panel discussion on this issue featured an all-star cast of characters, including opening remarks by Blair Levin, and a terrific discussion ensued. [You can hear the full audio from the event here.]  Down below I have highlighted some of the major points each speaker made during the discussion and also embedded the complete transcript in a Scribd reader.  Also, just a reminder that my PFF colleague Barbara Esbin and I authored a short paper on this issue recently: “An Offer They Can’t Refuse: Spectrum Reallocation That Can Benefit Consumers, Broadcasters & the Mobile Broadband Sector.”

• Blair Levin, Executive Director of the FCC’s Omnibus Broadband Initiative, began the discussion by describing how additional spectrum will be needed to expand wireless broadband and why spectrum currently held by broadcasters would be a good option.  In addition to identifying spectrum that has the technical qualities to support broadband, he explained, “You also would look at things like where there’s an economic gap between the current use and potential wireless use.  You would want to look at bands where maybe there are regulations which constrain the market mechanism.  You also might want to look at bands where you can have a meaningful reallocation of spectrum while, nonetheless, preserving current uses.”
• Coleman Bazelon, Principal at The Brattle Group, presented findings from his recent paper on the value of spectrum currently held by broadcasters if it was reallocated to commercial mobile or wireless broadband uses. “This analysis shows that there are significant gains from reallocating the broadcast band, and I think the takeaway should be that there are significant gains, not that its $42 billion or $51 billion, but that its tens and tens of billions of dollars,” Bazelon stated.
• David Donovan, President of the Association for Maximum Service Television, Inc., questioned the estimates of the additional value of broadcast spectrum that could be gained if it was auctioned for other uses.  “If you are valuing over the air television broadcasting and its importance to the American public, using a snapshot based on an auction valuation at a particular point in time is really highly inappropriate,” he stated. “The business model of broadcasting is heavily regulated. … and that defines, of course, the value, just like heavy zoning defines the price of land.”
• Kostas Liopiros, Principal of The Sun Fire Group, discussed the technical feasibility of using various blocks of spectrum for wireless broadband use.  “Only additional spectrum can produce the required gains of capacity in the future, but if the gains capacities are oriented towards wireless broadband, for national wireless broadband capability, you need to focus on the right type of spectrum,” he explained.
• John Hane, Counsel in the Communications Practice Group of Pillsbury Winthrop Shaw Pittman LLP, warned of the legal difficulties of modifying broadcast licenses.  “Extinguishing licenses requires a hearing, potentially hundreds of them, each one affecting one or more Congressional districts.”  Although the FCC is able to modify a license without the licensee’s consent, he continued, “that is a very long and complicated process with an uncertain time frame.  If there really is a spectrum crisis, the stick approach …is not going to solve it very fast.”
• Paul Gallant, Senior Vice President of Concept Capital, discussed the possible effects of Congress involvement in auction of broadcast spectrum.  If broadcasters are reluctant to modifying their business model, Gallant explained, it might be beneficial for them to have Congress involved in such a deal.  However, he warned that Congressional involvement could also result in uncertainty for the broadcasters.  “It is not clear, if Congress does pass a bill, whether broadcasters come out better or worse than they would if they had worked something out with the FCC.  The main reason is there is tremendous budget pressure in Congress today.  They are looking for new sources of revenue,” Gallant explained.
• Andrew Jay Schwartzman, President and CEO of Media Access Project, expressed that he was resistant to the idea of auctioning spectrum.  “It isn’t property,” He stated.  “They favor incumbents.  They’re rigged.  They don’t generate the revenues that OMB and Congress seem to think they will.” He also warned of the possible impact of auctions on innovation. “Auctions lock in existing technology and near-term foreseeable technology. The people who are able and willing to bid are basing it on technology that they know they can generate and that does not allow the spectrum to be used in better ways coming down the road.”

Transcript of Dec 1 PFF Event on Broadcaster TV Spectrum Reallocation [PFF – Thierer] http://d1.scribdassets.com/ScribdViewer.swf?document_id=23980532&access_key=key-wdpoolnrm5gxq1xu7c6&page=1&version=1&viewMode=list

Along with my colleague Barbara Esbin, the Director of PFF’s Center for Communications and Competition Policy, I have just released a new paper on discussing the possibility of reallocating a portion of broadcast television spectrum for alternative purposes, namely, mobile broadband. As I discussed here before, Blair Levin, the Executive Director of the FCC’s Omnibus Broadband Initiative, has been suggesting that it might be possible to craft a grand bargain whereby broadcasters get cash for some (or all) of their current spectrum allocations if they return spectrum to the FCC for reallocation and re-auction, likely to mobile broadband services.

In our paper, “An Offer They Can’t Refuse: Spectrum Reallocation That Can Benefit Consumers, Broadcasters & the Mobile Broadband Sector,” [PDF] Barbara and I argue that:

the benefits of such a deal could be enormous for wireless broadband providers, developers of digital technologies, and consumers.  Expanding the pool of spectrum available for next-generation wireless broadband offerings will ensure that innovative new networks, devices, and services are made available to the public on a timely basis.  Ultimately, that will mean more high-speed choices for consumers, especially those in rural areas harder to reach with high-speed wireline networks.  Finally, more generally, anything that moves us in the direction of a freer market in spectrum is a good thing. But fairness to broadcasters lies at the heart of this spectrum reallocation plan. If a deal can’t be structured that broadcasters would find acceptable, they should not be forced to come to the table. When we speak of an offer they can’t refuse, we mean one so attractive that no rational businessperson or investor would pass it up. It is essential broadcasters be willing partners in the deal, and be full participants in the process of shaping its contours.

Read the entire thing here, or below the fold as a Scribd document.

Broadcast TV Spectrum Reallocation (Thierer & Esbin – PFF) http://d1.scribdassets.com/ScribdViewer.swf?document_id=22365493&access_key=key-2cs1sry5qv9xd3x6d5bv&page=1&version=1&viewMode=list

With today’s historic Supreme Court decision in FCC v. Fox, I have been commenting on the logic and implications of the decision. Part 3 dealt with the majority’s decision in the case, which was driven solely by procedural / admin law considerations.  This installment will discuss the very interesting concurring opinion penned by Justice Thomas, which is the only one that takes a serious look at the constitutional foundations of the FCC’s current regulatory regime.  While I was sad to see Justice Thomas join the majority’s decision upholding the FCC’s radical expansion of speech regulation in recent years, he joined that majority only on straightforward procedural grounds.   On the underlying constitutional issues at stake here, it is clear from his concurring statement that he is ready for the Court to hear a challenge to the previous court precedents and traditional regulatory doctrines that have long supported FCC speech and media controls.

“I write separately,” Justice Thomas says “to note the questionable viability of the two precedents that support the FCC’s assertion of constitutional authority to regulate the programming at issue in this case.”  Specifically, he addresses the two key cases upon which almost all FCC speech regulation rests: Red Lion Broadcasting Co. v. FCC, 395 U. S. 367 (1969) and FCC v. Pacifica Foundation, 438 U. S. 726 (1978). Thomas continues: “Red Lion and Pacifica were unconvincing when they were issued, and the passage of time has only increased doubt regarding their continued validity.”

BOOM!  With those words, Justice Thomas has dropped the hammer and taken what will hopefully be the first swing at toppling the house of cards that is modern FCC speech regulation.  Justice Thomas goes on to itemize the many problems with what I have referred to as “America’s Jurisprudential Twilight Zone” when it comes to how we apply the First Amendment to media platforms in this country.  He states:

This deep intrusion into the First Amendment rights of broadcasters, which the Court has justified based only on the nature of the medium, is problematic on two levels. […]  First, instead of looking to first principles to evaluate the constitutional question, the Court relied on a set of transitory facts, e.g., the ‘scarcity of radio frequencies’… to determine the applicable First Amendment standard. But the original meaning of the Constitution cannot turn on modern necessity…  Second, even if this Court’s disfavored treatment of broadcasters under the First Amendment could have been justified at the time of Red Lion and Pacifica, dramatic technological advances have eviscerated the factual assumptions underlying those decisions. […]

Moreover, traditional broadcast television and radio are no longer the ‘uniquely pervasive’ media forms they once were. For most consumers, traditional broadcast media programming is now bundled with cable or satellite services. Broadcast and other video programming is also widely available over the Internet. And like radio and television broadcasts, Internet access is now often freely available over the airwaves and can be accessed by portable computer, cell phones, and other wireless devices.

Indeed, along with my friends as the Center for Democracy & Technology, I documented these trends in an amicus brief to the Supreme Court in this case and pointed out that, at some point, these facts must impact the constitutional equation when it comes to the way the FCC continues to regulate broadcast programming uniquely.  Justice Thomas appears to agree:

The extant facts that drove this Court to subject broadcasters to unique disfavor under the First Amendment simply do not exist today. […] These dramatic changes in factual circumstances might well support a departure from precedent under the prevailing approach to stare decisis. […] For all these reasons, I am open to reconsideration of Red Lion and Pacifica in the proper case.

Unfortunately, this case apparently was not “the proper case” for Justice Thomas and so he joined the majority’s APA-driven decision and left the thorny constitutional issues for another day.  Eventually, however, the Court is going to have to come to grips with the issues that Justice Thomas has put front and center in his concurring opinion today.

Finally, in his otherwise outstanding statement, I was disappointed that Justice Thomas made no mention of the Court’s recent Internet jurisprudence, which has all gone squarely in favor of robust First Amendment protection for the Net and online speakers.  In particular, the “least restrictive means” test that has developed in those cases (i.e., deferring to user self-help tools before allowing state regulation) is equally applicable to programming television programming.  Just as parents have been empowered to take control of the online content that comes into their homes using filters and other tools, so too have parents been empowered to restrict or tailor television program to their tastes and values. How, then, is it the case that the Court upholds this logic in cases like Reno (the CDA case), Ashcroft (the COPA case), & Playboy (the cable TV signal scrambling case), but not in the case of broadcast TV programming, which is easier to control than ever before?  It makes zero sense.

Regardless, I hope other judges are listening to what Justice Thomas had to say today and taking these arguments seriously.

Theories constitute the technology of academia. They give us eggheads the tools we need to get our work done, just as computers serve programmers and DNA sequencing serves bioengineers. I trust that TLF’s readers won’t think me too far off-topic, then, if I cite a new approach to consent theory, something that should interest anyone who cares about the fundamental reasons for valuing of liberty. Here’s a snapshot of the theory:

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.

The USA Today editorial board published a nasty piece today belittling MySpace.com’s recent efforts to implement more safeguards for its users. Despite the fact that MySpace made over 70 promises to the Attorneys General as part of the agreement–the entire agreement is summarized here–that’s still not good enough for the USA Today’s editorial board, which wants full-blown identity verification before anyone is allowed on a social networking site:

“Even in the absence of a perfect software solution, interim steps are possible. How about using databases of drivers’ licenses to cross-check ages? In more than 20 states, they are public records. The point is, more effective safeguards are needed now, …. MySpace [should be] moving faster to set up age and ID verifications, not just study them.”

Well, where do I begin? I get so frustrated when I see comments like this because it is abundantly clear to me that people don’t think things through when it comes to age verification. As I pointed out in my lengthy PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” age verification is extremely complicated, and it would be even more complicated in this case because public officials are demanding the age verification of minors as well as adults, which presents a wide array of special challenges and concerns.

What Age Verification Really Is: The Death of Online Anonymity We need to begin by understanding what age verification really is. By definition, mandatory age verification represents an effort to make online anonymity a crime. In simple terms, citizens would be forced to “show their papers” at the door of every website or else run the risk of being denied access–simply because they do not want to surrender their name or age.

Think about what that means. It’s easy to take the benefits of online anonymity for granted. There are millions of people who comment anonymously on blogs like this one every day, or write anonymous book or product reviews on Amazon.com or eBay, or who just chat with others about various topics under the cloak of anonymity. It is a wonderful thing.

Of course, anonymity has some downsides. The downside of people speaking their minds freely is that, well, people will speak their minds freely! And, yes, on occasion, that means some people will talk smack and just generally be jerks while disguising their identities because don’t want to stand by their comments or be accountable for them. But that’s the cost of free expression. If you want to live in a free society and encourage a vibrant exchange of views, there will be times when that means we must defend the right of people to say incredibly silly or even insulting things.

And God knows there are plenty of silly and insulting things being said on social networking sites every second of the day. But there are also countless moments of joy and wonder, when people come together and communicate with each other, or share culture with others in incredibly creative and social-beneficial ways. And, again, a great deal of that communication or culture-sharing is done in a completely anonymous fashion.

For example, as I have mentioned here before, I am fanatical about cars and home theater gadgets. I spend a lot of my free time hanging out at a small social networking site for fellow Lotus car lovers called Lotus Talk. And I also spend a fair amount of time at the amazing AVS Forum, which is the world’s biggest chat board for home theater and A/V stuff. On these sites, thousands of random strangers come into contact every day. We create profiles, we post pictures, we share stories, we talk about life and our passions for cars and A/V gadgets. This is very the essence of social networking. And, for the most past, we are all doing it anonymously. And it is happens everywhere online, every second of every day. Do we really want to make it all illegal?

Practical Considerations: The Complexities of Human Identification OK, so there might be some downsides to making anonymity illegal online. But some critics would say: “So what, we need to make people show their papers at the door of every website–at least for those social networking sites where kids hang out–to make sure kids are safe online.” Well, that’s easier said than done.

At least in theory, the problem that age verification is supposed to solve is to keep older people away from youngsters, at least in certain circumstances. Also, some proponents wish to use age verification to ban preteen access to social networking sites. To accomplish either of those objectives, we must be able to effectively verify everyone’s age by consulting reliable records about those looking to create an account on a social networking site. In other words, when Janie Smith comes to a social networking site for the first time, the site must be able to verify not only that she is Janie Smith, but that she really is as old as she claims to be. But, again, such verifying is easier said than done.

Consider first what is required to verify an adult’s identity. When government officials or even corporations seek to verify someone identify or age, they can rely on birth certificates, Social Security numbers, driver’s licenses, military records, home mortgages, car loans, other credit records, or credit cards.

But even with all those pieces of information, challenges remain. Is the information publicly accessible or restricted by legal or other means? Are all the underlying pieces of information and documentation trustworthy, or have they been manipulated or misreported in some way? Has someone faked his or her identity? And so on. Thus, while the identity authentication systems–both public and private–have improved significantly in recent decades, they still face some inherent challenges and concerns about fraud.

The current concern about “identity theft” demonstrates the complexities and level of difficulty involved in stamping out this problem. Even U.S. passports, which are relatively robust identification documents that contain authentication data, are occasionally forged with success. “It is safe to assume that future age verification efforts will yield failures on par with other identification/authentication mechanisms,” says information security expert Jeff Schmidt, former CEO of Authis, Inc.: “When one considers how frequently college students successfully circumvent age verification requirements in person and with government issued documents, one can begin to grasp the challenges that lie ahead.”

Importantly, we’re talking just about adults here. When the focus of identity verification efforts shifts to minors, the endeavor becomes far more complicated. Minors don’t have home mortgages or car loans. They don’t have military records and most have never worked. Most don’t have driver’s licenses or credit cards either.

Of course, minors do have birth certificates, Social Security numbers, and school records, but both parents and government officials have long demanded that access to those records be tightly guarded. That’s for a very good reason: As a society, we take privacy seriously—especially the privacy of our children. Laws and regulations have been implemented that shield such records from public use, including the Family Educational Rights and Privacy Act of 1974 and various state statutes.

Also, to the extent that age verification of adults works for some websites–online dating services, for example–it is important to realize that in most of those cases the users want to be verified. In that context, identify authentication increases marketability of a user’s “profile,” or it allows him or her to participate more actively in an environment where trust is essential. This fact makes it far more likely that age verification will work because user compliance is driven by market forces, not regulation. That compliance will not be the case when users–especially kids–inherently resist the idea of being age-verified before they go onto certain websites. (We should also not forget that some kids will share their online credentials or passwords with friends.)

It is also important to realize that age verification and background checks are not synonymous. Information security expert John J. Cardillo, President and CEO of Sentinel, a leading authentication firm, argues that:

Most people are ignorant of what we do. They hear the words “check” or “verification” and they assume a full background check will be run on the individual. When this is sponsored by an AG, the chief law enforcement officer of their state, there’s a perception that the criminal background checks are inclusive in whatever they’re proposing. Age verification, on its own, doesn’t indicate whether or not a person is a convicted sex offender. Mandated age verification, as proposed, would allow the hundreds of thousands of offenders… who are over 18, unrestricted access to sites. Worse, it would allow these offenders the ability to vouch for children that might or might not exist. This is where it gets most dangerous. People might assume that “verified” users have undergone some type of vetting, and let their guard down just that little bit the offenders need to exploit. In the case of convicted sex offenders, age verification actually helps them by giving them an additional layer of legitimacy.

This points to the danger of creating a false sense of security online by mandating a solution that doesn’t address the real problem.

Finally, the special challenges raised by the nature of the Internet and online communication must be reiterated. Finding a dependable source of identity or age information and then reliably matching it to someone thousands of miles away on the Internet (perhaps in another jurisdiction, or even another country) is a daunting challenge—made even more difficult by the fact that a remote individual may be actively attempting to subvert the age verification process. Solving this problem necessitates authentication data that are appropriate for online interaction. In the real world, we perform in-person authentication with a photo or physical description; the online world requires a username/password combination, biometric authenticator, or physical security token. An arms-race scenario is obviously at work here, and because a perfect solution is impossible, we must guard against a false sense of security. Lastly, because technology is evolving at such a rapid pace in this area, there is a risk that legislative solutions will become obsolete very rapidly.

In light of those complications, how would government, social networking sites, or anyone else, go about age-verifying minors online?

Do We Really Want National ID Cards for Kids? In the extreme, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others—including social networking sites—as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children. Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into to collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Sources of Age Information Thus, if social networking sites are going to age-verify minors, they will likely need to devise or rely on some other, nongovernmental solution. The most commonly proposed solutions typically fall into the following groupings:

(1) Credit cards as approximate age proxies; (2) Driver’s licenses as approximate age proxies or as a source of date of birth; (3) Birth certificates as a source of actual date of birth; (4) Parents or guardians vouching for minors; (5) Schools vouching for minors; (6) Third parties vouching for minors; and, (7) Biological or biometric determination of age.

I won’t summarize all them here since I do so in my longer PFF report on the issue. But let me just point out the deficiencies of the two leading proposals: Credits cards and parents vouching for children.

(1) Credit Cards as Approximate Age Proxies: Credit cards are often viewed by policy makers as the silver bullet solution for age verification. Even though credit card companies typically do not wish their cards to be used as age verification tools, government has advocated their use in that way in the past. But they are not a silver bullet.

“Mere possession of a credit card is not a reliable assertion of identity or age,” argues Jeff Schmidt. Credit cards can be a rough proxy for age on the assumption that only adults over the age of 18 have credit cards, but that assumption is false. Many minors are given credit cards by their parents. Youngsters can borrow or steal credit cards from their parents or others. And Schmidt notes that newly created stored value cards, specifically marketed for use by children, “are in many cases indistinguishable from actual credit cards—both in physical appearance and in the back-end transaction processing systems.” Sentinel’s John Cardillo points out additional reasons why credit cards are not effective age verification tools:

When a card is used for verification purposes, an authorization on that card is run for $1.00 (or less), however a charge isn’t put through. The card typically isn’t reconciled against any database for name and/or age, nor is a signature checked. Because of the insignificant dollar amount, the only thing that’s checked for security purposes, in some instances, is zip code. Anyone who’s ever bought gasoline with a credit card knows this to be true. Our names and ages aren’t checked at the pump. Check your statement online next time you gas up. You’ll see an authorization for $1.00 and the actual charge a few days later. The same merchant banks handle the transactions online. In other words, in most cases, all that’s being verified is that the card account isn’t closed or stolen. Who’s using it is irrelevant.

Moreover, “many parents may feel uncomfortable giving their credit card number online at children’s Web sites where there is no [commercial] transaction involved,” notes a coalition of major commercial organizations, including the American Advertising Federation, American Association of Advertising Agencies, Association of National Advertisers, The Direct Marketing Association, Inc., and Magazine Publishers of America. In a June 2005 filing to the Federal Trade Commission, those organizations noted that “in light of current online scams, heightened concerns about online security, and the rise of such practices as phishing, parents may be reluctant to provide credit card numbers absent a transaction.” But that begs the question: If lawmakers require social networking sites to process a financial transaction to age-verify, is that fair? In particular, is it fair for low-income families? And what about those families that do not possess a credit card?

Finally, the law is not even settled about using credit cards for access to adult-oriented websites. The Child Online Protection Act (COPA) was passed by Congress in 1998 in an effort to restrict minors’ access to adult-oriented websites. The measure provided an affirmative defense to prosecution if a website operator could show that it had made a good faith effort to restrict site access by requiring a credit card, adult personal identification number, or some other type of age-verifying certificate or technology. But the legislation was immediately challenged and has gone to the Supreme Court for review twice. And the law is still being debated in a lower court. Thus, almost 10 years after its initial passage, the legislation remains stuck in jurisprudential limbo after endless legal wrangling about its constitutionality.

Incidentally, COPA established an expert Commission on Online Child Protection to study methods for reducing access by minors to harmful material on the Internet. As part of its final report, the COPA commission said that credit card-based age verification would be completely inappropriate for instant messaging and chat, which were the precursors of social networking. The commission found: “This system’s limitations include the fact that some children have access to credit cards, and it is unclear how this system would apply to sites outside the U.S. It is not effective at blocking access to chat, newsgroups, or instant messaging.”

(2) Parents or Guardians Vouching for Minors: Legislation has been floated in a few states, such as North Carolina, that would make it illegal for a minor to maintain an account or webpage on a social networking site “without the permission of the minor’s parent or guardian and without providing such parent or guardian access to such profile web page.” Similar measures were recently introduced in North Carolina and Connecticut that would require social networking sites not only to obtain parental approval but also take steps to verify that they are the actual parents of the child.

This approach will appeal to many because it can be likened to a parent signing a “permission slip” for a child. Unfortunately, parental permission-based approaches are more complicated for online activities. Because websites are far away from the parents, how is the site operator going to ensure that the person vouching for the child’s age is really the parent or even an adult? Would the verifier mail or fax notarized documents? Those documents can be forged, of course. Mandatory follow-up phone calls would be cumbersome, costly, and potentially viewed as intrusive. And the use of credit cards to satisfy the permission requirement might raise some of the same problems already discussed above.

Despite these potential drawbacks, this was the general framework established by the Children’s Online Privacy Protection Act (COPPA) of 1998, which required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods mentioned above to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a recent report to Congress, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

And the marketplace experience with COPPA so far reflects that conclusion. One of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites,” notes Denise G. Tayloe, CEO of Privo, Inc., one of the four FTC-approved safe harbor programs. “As a result, databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says. Parry Aftab of Wired Safety confirms this, noting that: “Preteens quickly learned that if they say they are under thirteen they will be prohibited from using many sites. So they regularly lie about their age everywhere online.”

Despite these flaws, Tayloe argues that COPPA serves an important role. Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that the law “provides a platform to educate parents and kids about privacy.” Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.

Nonetheless, these permission-based verification schemes might work reasonably well for smaller, closed online communities in which the kids and parents are willing to take the time (and expense) to undertake extensive authentication. For example, smaller social networking sites such as ZoeysRoom.com, Imbee.com, ClubPenguin.com, and Tweenland.com have extremely strict enlistment policies, primarily because they target or allow younger users. As Sue Shellenbarger of the Wall Street Journal explains:

The under-16 sites pose few of the hazards linked to networking sites for older people. The activities range from chats and blogging to creating virtual pets or characters and acting out roles in virtual cities. For a child to register, the sites typically require a parent’s email permission, a parental signature on a permission form, or a parent’s credit card verification. Some limit young children’s interchanges to drop down menus of preapproved words and phrases. Most filter content for inappropriate material and employ live adult monitors who ensure that kids’ conversations don’t stray off course. Some limit chats or blog access to participants who are already preapproved and already known to a child’s family.

Ironically, one can probably safely assume that the kids using such services are not in the high-risk group discussed earlier. The parents who use such services are probably doing a fine job of mentoring their kids and don’t really need to resort to such restrictive solutions. Nonetheless, such highly restrictive “walled garden” approaches do provide parents with greater ease of mind. That’s not necessarily because of the strict enlistment policies so much as the extreme limitations on what kids can do on those sites or with whom they can communicate while online.

But regardless of how well the above-mentioned parental consent schemes work in practice for these smaller, more closed online communities–and some experts, like Cardillo, do question how well they actually work–such solutions lack scalability. Schemes that demand laborious and expensive enrollment requirements, or that greatly limit functionality and interactivity after users sign up, will almost certainly not work for larger social networking sites with a massive community of users. The administrative burdens would be significant for both site operators and parents alike. For example, Parry Aftab notes that COPPA has made it much more difficult for some smaller website operators to staff afloat. “The cost of obtaining verifiable parental consent for interactive communications is very high, estimated at more than $45 per child, and even at that price [consent is] difficult to obtain.”

And because users would sacrifice a great deal of autonomy and functionality once online, many would likely rebel against the system or would seek to subvert it in some fashion. If such a system significantly slows or impedes the creation of new accounts for domestic social networking sites, it will create a perverse incentive for kids to seek other sites with less-restrictive policies, including offshore sites.

Conclusion There are many other issues I haven’t mentioned here that deserve consideration. I’ll just check off a few:

• Assuming we go through with this, who is aggregating all this data? Who has access to the databases? How might that data be used?

• Is all this constitutional? Won’t there be First Amendment or privacy cases brought that endlessly complicate implementation?

• Will kids just flock off-shore to unregulated sites in an effort to reclaim some of the independence they have lost through by surrendering anonymity on U.S.-based sites? What are the consequences of that? Do parents or American policymakers really have any leverage over shady websites operators in Antigua?

• Aren’t there better ways to use our resources? How about focusing our time, energy and resources on educating kids about online risks and deal with these concerns in more constructive ways?

You get the point: Age verification is complicated. Insanely complicated. And it would have enormous costs and profound ramifications for the future of online speech and privacy. We must never forget that government regulation–no matter how well-intentioned–can often have such unintended consequences. It’s a lesson that the USA Today and many others need to heed before they flippantly suggest that age verification is a piece of cake and it’s just a matter of MySpace or someone else throwing a switch to magically make it happen.

Not. That. Simple.

This morning in New York City, social networking website operator MySpace.com announced a major joint effort with 49 state Attorneys General aimed at better protecting children online. (Coverage at CNet, NYT and Forbes). At a joint press conference, MySpace and the AGs unveiled a “Joint Statement on Key Principles of Social Networking Safety” involving expanded online safety tools, improved education efforts, and law enforcement cooperation. They also agreed to create an industry-wide Internet Safety Technical Task Force to study online safety tools, including a review of online identity authentication technology. Generally speaking, the agreement is step forward for online safety. Indeed, many of the principles in the agreement could form a potential model “code of conduct” that other social networking sites could adopt. In a report I authored for the Progress & Freedom Foundation in August 2006, I argued that it was vital for companies and trade associations to take steps such as this to avoid the specter of government regulation or censorship:

All companies doing business online… must show policymakers and the general public that they are serious about addressing [online safety] concerns. If companies and trade associations do not step up to the plate and meet this challenge soon—and in a collective fashion—calls will only grow louder for increased government regulation of online speech and activities. What is needed is a voluntary code of conduct for companies doing business online. This code of conduct, or set of industry “best practices,” would be based on a straight-forward set of principles and policies that could be universally adopted by [a] wide variety of operators…

In particular, this code of conduct proposal called for companies to make specific pledges regarding improved online safety tools, expanded education / media literacy efforts, and ongoing assistance to law enforcement regarding investigations of online crimes.

The Agreement

MySpace responded to this challenge in impressive fashion with its announcement today. The agreement touched upon all of those elements and included the following “Principles of Social Networking” (as described in a MySpace press release):

• Site Design and Functionality: The Principles incorporate safety initiatives that MySpace has already implemented and initiatives it will work to implement in the coming months. Examples of safety features MySpace has in place include reviewing every image and video uploaded to the site, reviewing the content of Groups, making the profiles of 14 and 15 year old users automatically private and protecting them from being contacted by adults that they don’t already know in the physical world, and deleting registered sex offenders from MySpace. Examples of improvements MySpace will make include defaulting 16 and 17 year old users’ profiles to private and strengthening the technology that enforces the site’s minimum age of 14.

• Education and Tools for Parents, Educators and Children. The Principles acknowledge that MySpace has already been devoting meaningful resources to Internet safety education including a new online safety public service announcement targeted at parents and free parental software that is under development. MySpace will explore the establishment of a children’s email registry that will empower parents to prevent their children from having access to MySpace or any other social networking site. In addition, under the Principles MySpace will increase its communications with consumers who report a complaint about inappropriate content or activity on the site.

• Law Enforcement Cooperation. The Attorneys General view MySpace’s cooperation with law enforcement, which includes a 24-hour hotline, to be a model for the industry. The parties will continue to work together to enhance the ability of law enforcement officials to investigate and prosecute Internet crimes.

• Online Safety Task Force. As part of the Principles, MySpace will organize, with the support of the Attorneys General, an industry-wide Internet Safety Technical Task Force to develop online safety tools, including a review of identity authentication tools. While existing age verification and identity products are not an effective safety tool for social networking sites, the Task Force will explore all new technologies that can help make users more safe and secure including age verification. The Task Force will include Internet businesses, identity authentication experts, non-profit organizations, academics and technology companies.

The agreement then goes on—in the form of two appendices—to detail over 70 specific steps that MySpace will take to expand upon these principles. As part of the agreement, MySpace agreed to:

• Implement “age locking” for existing profiles such that members will be allowed to change their ages only once above or below the 18 year old threshold. Once changed across this threshold, under 18 members will be locked into the age they provided while 18 and older members will be able to make changes to their age as long as they remain above the 18 threshold. MySpace will implement “age locking” for new profiles such that under 18 members will be locked into the age they provide at sign-up while 18 and older members will be able to make changes to their age as long as they remain above the 18 threshold.

• Users able to restrict friend requests to only those who know their email address or last name. “Friend only” group invite mandatory for 14 and 15 year olds. “Friend only” group invite by default for 16 and 17 years olds. Users under 18 can block all users over 18 from contacting them or viewing their profile. Users over 18 will be limited to search in the school section only for high school students graduating in the current or upcoming year. Users over 18 may designate their profiles as private to users under 18, and users under 18 may designate their profiles as private to users over 18.

• Change the default setting for 16-17 year olds’ profiles from “public” to “private” and create a closed high school section for users under 18. The “private” profile of a 16/17 year old will be viewable only by his/her “friends” and other students from that high school who have been vouched for by another such student. Students attending the same high school will be able to “Browse” for each other.

• Obtain a list of adult sites on an ongoing basis and sever all links to those sites from MySpace. They will also demand that adult entertainment industry performers set their profiles to block access to all under 18 users and remove all under 18 users from profiles of identified adult entertainment industry performers.

And that just scratches the surface. There is much more to the agreement. In fact, it is difficult to imagine how MySpace could have gone any further to satisfy the online safety concerns raised by AGs or other public policymakers. Indeed, some MySpace users will likely protest that some of the changes go too far. That’s especially clear after reading some of the other technical details of the proposal included in the two appendices.

E-Mail Registry

For example, in the technical appendix summarizing the design and functionality initiatives that MySpace has agreed to consider, they say they will pursue a new “children’s e-mail registry”:

[MySpace will] engage a third-party to build and host a registry of email addresses for children under 18. Parents would register their children if they did not want them to have access to MySpace or any other social networking site that uses the registry. A child whose information matches the registry would not be able to register for MySpace membership.

That proposal might raise some eyebrows since it is unclear how that registry would work and what, if any, privacy / security concerns it might raise. Of course, other critics will argue that such a system will be easily circumvented or tricked. After all, how does MySpace know that the person submitting an e-mail is child’s real parent? And what about multiple e-mail accounts? It’s fairly easy to get a free e-mail account these days. But, if the system somehow did work as billed, it would raise serious questions about who has access to that e-mail registry and how secure the database was.

The agreement also contains a number of restrictions on access by minors to specific types of content, or to other users or groups on MySpace. Viewed in isolation, those restrictions seem fairly reasonable—especially those dealing with access by minors to adult areas (ex: “swingers” clubs or the “Romance and Relationship Forum and Groups”). Taken together, however, the growing list of site restrictions might be viewed by many young users as an impediment to their social networking activities. Many parents and policymakers will like the sound of that, of course. But where might those users go if they are frustrated by the growing number of restrictions imposed on their online activities? This is indicative of the difficult position MySpace finds itself into today: They are piling on additional restrictions and safeguards in the name of online safety to satisfy the concerns raised by many parents and policymakers. But if these initiatives impose too many encumbrances on social networking activity and interactions it could undermine the very purpose of the site and its value to members.

This explains why MySpace is eager to get other social networking sites to adopt policies similar to those found in the agreement it struck with the AGs. Obviously, MySpace would prefer not be the only website stuck with these burdens. Moreover, it probably does not want other sites to have an unfair competitive advantage in terms of more lax operating restrictions. Of course, even if every domestic social networking site adopted stricter policies along the lines of what MySpace agreed to, there will always be offshore alternatives for youngsters to choose from. This is the tricky balance that complicates all debates about online child safety today: How do we create sensible online policies without encouraging kids to operate completely surreptitiously in a “digital underground,” especially shady offshore environments?

Age Verification

Generally speaking, however, MySpace struck the right balance with most of the other proposals in the agreement with the AGs, especially considering the pressure they were under from some policymakers to go much further. In that regard, the agreement with the AGs is especially notable for what it does not include: age verification mandates. The call for an Internet Safety Technical Task Force to study online safety methods and identity authentication tools is a sensible alternative to the rush to mandate age verification, which some AGs have been advocating vociferously over the past two years.

Hopefully the task force will provide critical examination of the issue and not simply begin with pre-ordained conclusions about the wisdom or effectiveness of online age verification techniques and technologies. At the press conference announcing the agreement, however, Attorneys General Roy Cooper of North Carolina and Richard Blumenthal of Connecticut seemed to imply that that the goal of the task force would be to develop and implement a full-blown age verification system for the Internet. “We are going to find and develop online identity authentication tools,” said AG Cooper. And AG Blumenthal reiterated an argument he made ad nauseum last year when he argued that, “if we can put a man on the moon” then we ought to be able to verify the ages of people when they go online. [I first heard AG Blumenthal make this argument when I debated him and AG Cooper at a NCMEC conference two years ago. Here’s the summary of my response that day.]

But it’s just not that simple. As I argued in a lengthy PFF study last year entitled, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” there are no silver bullet age verifications solutions. Online authentication is a complicated, multi-faceted technical issue. And, even assuming we could find a way to make it work, there are many other considerations that must be taken into account, such as the burden it might impose on freedom of speech or individual privacy.

The danger, therefore, is that the AGs have preconceived notions about the wisdom and efficacy of age verification mandates, and that they will either seek to stack the deck on the task force with age verification advocates or pressure the task force to adopt mandatory age verification without thoroughly studying the issue. Again, that would be a serious mistake and it would also likely give rise to legal challenges.

Education & Empowerment

The better approach is to focus on other steps that actually will keep kids safe online. As I have argued in my book on Parental Controls and Online Child Protection: A Survey of Tools and Methods, the best solution to online safety concerns is what I call the “3-E Solution: which stands for “education, empowerment, and enforcement.”

Luckily, there’s a great deal of that included in the MySpace agreement with the AGs. MySpace has pledged to “continue to dedicate meaningful resources to convey information to help parents and educators protect children and help younger users enjoy a safer experience on MySpace.” In particular, MySpace will “engage in public service announcements, develop free parental monitoring software, and explore the establishment of a children’s email registry.”

The importance of education initiatives cannot be overstated. Technical solutions, such as those the AGs clearly favor, will always suffer from inherent limitations and will often be circumvented. Education, by contrast, lasts a lifetime. We need to be teaching our kids how to be good cyber-citizens and how to identify and report legitimate online threats (predators, bullies, scam artists, etc). It is my belief that today’s youth are far more savvy and sensible about these threats than most adults or policymakers give them credit for. Nonetheless, it is important to be vigilant about online safety education and etiquette in an attempt to teach kids—especially more “at-risk” youth who might be susceptible to online threats—basic life lessons about sensible cyberspace behavior and interactions.

Conclusion

Despite the handful of concerns raised above, the MySpace agreement serves as a model for what other social networking companies and online operators could do if they wanted to get more serious about promoting Internet safety. MySpace has done about all it can to be responsive to the demands of parents and policymakers.

Of course, it could be true that no matter how much the company does to improve parental control tools or educate the public, some parents may never take advantage of those tools or information. This remains one of the great mysteries of the parental controls debate: Why is it that so many parents say they want more and better controls and strategies, but when they are made available many of them choose not to use them?

Regardless, if for whatever reason, parents are not taking advantage of these tools and options, their inaction should not be used to justify government regulation as a surrogate for household choice / parental responsibility. Parents have been empowered. It is now their responsibility to take advantage of the tools and controls at their disposal to determine what is acceptable in their homes and in the lives of their children.

MySpace should be applauded for its new statement of principles and its impressive efforts to empower and educate both parents and children about online safety while assisting law enforcement when necessary to root out the real bad guys lurking online.

As Braden mentioned, we were both down in Raleigh, North Carolina this week testifying at a big hearing on mandatory age verification for social networking sites.

It was quite a heated battle. The legislation, SB 132, was supported at the hearing by North Carolina attorney general Roy Cooper, several of his staff attorneys, a couple of NC senate lawmakers, and some folks from Aristotle, a company that claims it has devised a workable age verification solution for social networking purposes. A vote on the proposal was delayed and we’re still awaiting the final outcome.

Down below, I have attached the outline of my remarks in which I argued that age verification mandates would actually make kids less safe online. Here’s why:

1) Age verification is not synonymous with a background check.

• Are citizens being lead to believe that age verification guarantees them perfectly safe online environments? After all, even if the verification process gets the age part of the equation right, it tells us little else about the person being verified.

• Incidentally, what happens when the parent being verified is a predator using their child to create false credentials? Unfortunately, we know that some predators have children.

• This gets to the primary concern in this debate: The very real potential exists that we are creating solutions that inject a false sense of security in parents and children alike.

2) Even assuming we do not encounter problems with the initial sign-up phase and procedures, questions remain about follow-ups and subsequent validations.

• Will parents be asked to fill out and submit paperwork routinely to verify their identity (or their child’s) on an ongoing basis? Will parents be expected to take phone calls from dozens of social networking sites (or call sites themselves) to continue authorization? Will parents tolerate that?

• If the sign-up and subsequent authentication process proves cumbersome and time-consuming, will this encourage kids to search out less trustworthy “underground” or offshore websites?

• How are we going to regulate those offshore sites? Also, could new regulations drive domestic operators offshore?

• In sum, the sheer scale of the Net and online activities greatly complicate the enforcement of age verification schemes, especially those of the parental permission-based variety.

3) Will age verification mandates encourage the rise of an illegal black market in credentials?

• Will kids share or even sell their online credentials, such as their user name and passwords, to others who desire them?

• Certainly kids won’t just stop trying to get onto social networking sites. Are we going to punish kids (or prosecute their parents) for evasion? And, again, will kids look to offshore sites?

4) There are serious privacy issues at stake here, and those issues could give rise to other problems.

• Requiring all parents to be verified before their children can go online will obviously be seen by some parents as intrusive and a potential violation of their privacy.

• If some parents resist such regulations or refuse to submit to such verifications, what will their kids do? Again, it might encourage kids to seek out false credentials of to visit offshore sites.

• Incidentally, who has access to all this new information about parents and children that the government is requiring that social networking operators collect? Do we want online operators creating massive new databases of information about us or our kids if better alternatives exist?

Bottom line: The inherent danger of age verification regulation is that it: • results in unintended consequences or solutions that don’t solve the problems they were intended to address; • creates a false sense of security that might encourage some youngsters (or adults) to let their guard down while online; and • creates potential incentives to push mainstream social networking sites offshore. No matter how bad parents or policy makers think social networking sites are today—and, in reality, the sites are not nearly as bad as they imagine—those sites are infinitely superior to potentially shady offshore websites that are completely unaccountable to U.S. officials. And the domestic sites are more accountable to the general public and are responsive to press scrutiny.

In sum, there are no silver bullet solutions. Instead, we need a multi-prong, layered strategy…

Better approach to online child safety = The “3-E Solution”: Education, Empowerment, and Enforcement

“Education” refers to not only the need for K-12 information literacy efforts but also, more broadly, to the need for comprehensive online safety instruction and awareness-building efforts. Governments at all levels need to take an aggressive role here.

“Empowerment” refers to the importance of providing parents with more and better tools to make informed decisions about media and communications tools in their lives of their children. Government can facilitate these efforts in partnership with industry and non-profit organizations. For example, helping to make parents more aware of Internet monitoring tools and strategies would be one of the most constructive solutions.

“Enforcement” refers to stepped up law enforcement efforts to find and adequately prosecute child predators. It is essential that law enforcement officials receive the resources and training necessary to adequately monitor online networks for predators and to bring them to justice when they are found. For example, law enforcement agencies need sophisticated computer forensic labs and skilled experts to help investigate online crimes. And they need to be trained to conduct proper sting operations to find predators before they harm our children. Finally, much longer prison sentences are needed for child predation.

[For additional information, please see my March study, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”]

In late March, I hosted a congressional seminar entitled “Age Verification for Social Networking Sites: Is It Possible? And Desirable?” I brought together 5 experts in the field to debate the issue, including:

• John Cardillo, President & CEO, Sentinel
• Jay Chaudhuri, Special Counsel to North Carolina Attorney General Roy Cooper
• Raye Croghan, Vice President, IDology, Inc.
• Tim Lordan, Executive Director, Internet Education Foundation
• Jeff Schmidt, CEO, Authis

It was an outstanding discussion and I’m happy to report that the transcript is now available online here. Also, you can listen to the audio from the event here. Also, you can find the big study of mine that we discussed that day here.

Jennifer Medina of the New York Times penned an article yesterday on the debate over social networking fears leading to calls for age verification mandates. She noted that measures are moving in several states that would require social networking sites to age-verify users before they are allowed to visit the sites or create profiles there. But Medina also noted that there are many difficult questions about how age verification would work and how “social networking” would even be defined. (I summarize these questions in my recent PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”)

Ms. Medina was also kind enough to interview me for the story and she summarizes some of what I had to say in her piece. In a nutshell, I stressed that the most effective way to deal with this problem is to get serious about dealing with sex offenders instead of trying to regulate law-abiding citizens. We need to be locking up convicted sex offenders for a lot longer in this country to make sure they behind bars instead of behind keyboards seeking to prey on our children.

I also stressed the importance of online safety education as part of the strategy here. But my comments on that didn’t make the cut in the story. But you can read my big recent paper on this issue for additional details.

Lisa Lerer of Forbes was nice enough to do a feature story this week about my views on the panic over social networking and the push for age verification of such sites. Her piece is entitled “Why MySpace is a Safe Space,” and begins as follows: “Adam Thierer doesn’t look like much of a revolutionary. But last month he challenged both Washington and conventional wisdom with a fairly radical proposition: Perhaps MySpace and the Internet aren’t so scary for kids, after all.”

I don’t really regard what I’ve been saying in my recent essays or big new PFF study as “revolutionary.” Rather, if you spend any time studying this issue and these sites in a dispassionate, educated way, I think the conclusions I draw seem quite reasonable. Unfortunately, I don’t think many policy makers or critics have spent any serious time on these sites or seriously explored the relative danger of online social networking sites relative to offline social networking places. A classic “moral panic” has developed because of this: An older generation fears a new medium that it does not use or understand.

Anyway, read my discussion with Lisa for more details.

I’m putting the wraps on a big paper on the dangers of mandating age verification for social networking websites. One of the questions I ask in the study is exactly how broadly “social networking sites” will be defined for purposes of regulation? Will chat rooms, hobbyist sites, listservs, instant messaging, video sharing sites, online marketplaces or online multiplayer gaming sites qualify? If so, how will they be policed and how burdensome will age-verification mandates become for smaller sites? Finally, does the government currently have the resources to engage in such policing activities since almost all websites now have a social networking component? I explore these and other questions in my paper.

But now I have another type of site to add to list, and not one that I originally gave much consideration to: online newspapers. Over the weekend, the USA Today relaunched its website, not only to freshen up its look, but also to fundamentally change the ways the site works. According to the editors, the new features of the site will give readers the ability to:

• Scan other news sources directly on USATODAY.com; • See how readers are reacting to stories; • Recommend stories and comments to other readers; • Comment directly on stories; • Participate in discussion forums; • Write reviews (of movies, music and more); • Contribute photos; • Better communicate with USA Today staff.

Other bloggers were quick to note that the newspaper is essentially trying to refashion itself as a social networking site. Some wonder whether a newspaper can really be a social networking site. Others point out that traditional newspaper readers may resist such changes for a variety of reasons. (Don Dodge points out that 92% of reader responses have been negative so far).

But let’s ignore all that for a moment and get back to the question I posed in the title of my post: If USA Today is billing itself as a social networking site–or if others argue that it represents a social networking site–will the company be required to age-verify users before they visit the site?

Well, that depends on how the age verification regs would get written, of course. But one definition has already been suggested under the proposed “Deleting Online Predators Act” (DOPA), which would ban such sites in publicly funded schools and libraries. Under DOPA, “Commercial Social Networking Websites” are defined as any site that: “(a) allows users to create web pages or profiles that provide information about themselves and are available to other users; and (b) offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.”

Keeping that definition in mind, let’s check out some more material from the USA Today’s “Quick Guide to New Features.” Specifically, look at sections on this page about “personal spaces” and “avatars”:

Personal space: When you become a member, we automatically establish a personal profile page. As you interact with the USA Today community, your comments, recommendations and other contributions are automatically appended to your page. Your profile page includes a place for you to upload photos, write a blog, and the ability to send messages to other users. These pages allow readers to get a better sense of the site’s most active contributors. Avatar: Every one of our pages features a spot just for you: up there in the right-hand corner. That’s where you’ll be notified of messages left by other readers. Make yourself at home. Upload a picture of yourself, a funny icon, or choose from our selection of ready-made avatars.

Sounds a heck of lot like a social networking site to me. And if it was defined as such by lawmakers, it could mean that (under DOPA) access to the USA Today would need to be banned in public schools and libraries and that everyone would need to be age-verified before they go on the new USA Today website in their own homes. Welcome to the world of unitended regulatory consequences!

Additional Reading:

“Social Networking Websites & Child Protection: Toward a Rational Dialogue,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.17, June 2006.

“Is MySpace the Government’s Space?,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.16, June 2006.