On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:
- Parry Aftab, Executive Director, WiredSafety.org
- Todd Haiken, Senior Manager of Policy, Common Sense Media
- Jim Halpert, Partner, DLA Piper
- Berin Szoka, Senior Fellow, The Progress & Freedom Foundation
We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:
Download mp3
Here is the full event description: Continue reading →
The new Maine law I blogged about on Sunday is much worse than I thought based on my initial reading. If allowed to stand, it would constitute a sweeping age verification mandate introduced through the back door of “child protection.”
The law, which goes into effect in September, would extend the approach of the Children’s Online Privacy Protection Act (COPPA) of 1998 by requiring “verifiable parental consent” before the collection of kids “personal information” about kids, not just those under 13, but also adolescents age 13-17. Unlike other state-level proposals in New Jersey, Illinois, Georgia and North Carolina, Maine’s “COPPA 2.0” law would also cover health information, but would only govern the collection and use of data for marketing purposes (while the FTC has interpreted COPPA to cover to essentially any capability for communicating personal information among users).
But the Maine law would go much further than these proposals or COPPA itself by banning transfer or use of such data in anything other than de-identified, aggregate form. Still I took some comfort in the fact that the Maine law, unlike COPPA or these other proposals, lacked the second of COPPA’s two prongs: (i) collection from kids and (ii) collection on sites that are directed at kids. It’s because of the second prong that COPPA applies not only when a site operator knows that it’s collecting information from kids (or merely allowing them to share information with other users), but also when the operator’s site is (like, say, Club Penguin) targeted to kids in terms of its subject matter, branding, interface,
etc. Because I initially concluded that the Maine law would apply only to knowing collection, I supposed that it would be less likely to require age verification of all users, as other COPPA 2.0 proposals would—something that would be unlikely to survive a First Amendment challenge based on the harm to online anonymity.
But I was quite wrong. During the PFF Capitol Hill briefing Adam and I held on Monday, Jim Halpert, one of our panelists, noted that the bill imposed “strict liability.” Continue reading →
Maine has just enacted a law severely restricting marketing to kids: the Act To Prevent Predatory Marketing Practices against Minors, summarized by Covington & Burling. Adam and I released a major paper in June about such laws: COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech. Maine is following the lead of several other states that have tried to expand the Children’s Online Privacy Protection Act (COPPA) of 1998 to cover nost just kids under 13 but adolescents as well and potentially all social networking sites. We discussed at length the problems such laws create, particularly the possibility that large numbers of adults would, for the first time, be subject to age verification mandates before accessing (or participating in) the growing range of sites with social networking capabilities. This, in turn, would significantly “chill” free speech online by undermining anonymity.
Like COPPA 2.0 proposals in New Jersey (simply extending COPPA to cover adolescents) and Illinois (applying COPPA to most social networking sites), the Maine law tries to build on COPPA’s “verifiable parental consent” requirement for the 13-17 audience as well as those under 13.
On the one hand, the Maine law goes much further than these other COPPA 2.0 proposals. While the original bill was limited to the Internet and wireless communications, the final bill’s scope applies to all communications. The bill also covers “health-related” information (HRI) as well as “personal information” (PI). On the other hand, the Maine law is thus somewhat narrower than other COPPA 2.0 proposals and COPPA itself in that it applies only to “marketing or advertising products, goods or services.” While COPPA is commonly misunderstood to cover only marketing, it actually covers essentially any “collection” (broadly defined) of personal information from kids for any purpose—including merely giving kids access to communications functionality that might let them share personal information with other users (even if the site itself is not “collecting” that information in the commonly understood sense).
Continue reading →
The painful issue of cyberbullying has recently taken center stage in the ongoing debate about online child safety. Last week I wrote about Lori Drew’s acquittal on charges related to Megan Meier’s tragic suicide, suggesting that the judge in the case was right to overturn her conviction on a very expansive reading of the federal anti-hacking statute. While I think that decision was necessary on legal grounds, it’s sure to add “fuel to the fire” of calls for “action” in Congress. Thus, I emphasized that observers of the case need to separate their understandable outrage from the from the questions of (1) whether that statute was properly applied and (2) how the law should treat such cases in the future.
On the second question, Adam and I recently released a major entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation.” We distinguish among:
- Cyberbullying: kid-on-kid abuse online
- Cyberharassment generally: people of all ages using the Internet to harass each other
- Adult-on-kid cyberharassment: For example, Lori Drew’s alleged (but still unclear) role in the Megan Meier case
In a nutshell, we argue that education is the better approach to cyberbullying (Problem #1)—an approach taken by a bill introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL) . We go on to argue that, while it would be difficult to create criminal sanctions for cyberharassment generally (Problem #2) without infringing free speech and due process rights, it might be possible to craft laws narrowly tailored to cyberharassment of kids by adults (Problem #3). Continue reading →
The Gawker offers a fascinating discussion of the legal right to anonymity:
“There is clearly a moral case that some people should be able to join the public debate and retain their anonymity,” Tench told Gawker. “And I think this will have a chilling effect. Blogs like this can only exist anonymously, and I imagine that anyone who wanted to set one up is thinking about this case.”
As well they should. But the notion that anonymous publishers have a right, in perpetuity, to keep their identities a secret—or that people who learn their identities are honor-bound not to reveal them—is nonsense.
Amen! One can resist, fiercely, government efforts to reduce online anonymity through age verification or identity authentication mandates, as Adam Thierer have argued most recently in our work about efforts to expand COPPA to cover adolescents (“COPPA 2.0,” which would indirectly mandate age verification for large numbers of adults for the first time). One might even argue that there are moral reasons to resist the urge to out pseudonymous/anonymous bloggers (just as one might avoid outing closeted gays out of respect for their privacy). But one need not accept the pernicious idea that the government should punish the outing of peusodonymous/anonymous writers, which is simply a restraint on legitimate free speech.
This exchange, cited by the Gawker article, is particularly interesting, and demonstrates how one can distinguish the question of whether outing is “right” or “appropriate” from the question of whether it should be punished by law:
When the National Review‘s Ed Whelan revealed Publius, who writes for Obsidian Wings, to be a professor of law at the South Texas College of Law named John F. Blevins earlier this month, the palpable online outrage forced Whelan to apologize.
As Berin mentioned last week, we have a new paper out on proposals to expand the Children’s Online Privacy Protection Act (COPPA) of 1998. We generically refer to those COPPA-expansion efforts as “COPPA 2.0.” Hence, the title of our paper: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.” To recap what Berin already noted, in the name of improving online child safety, some legislators and state attorneys general (AGs) are advocating the expansion of COPPA’s “verifiable parental consent” model of age verification before certain sites or services may collect, or enable the sharing of, personal information for children.
Unlike “COPPA 1.0,” however, which only applied to children under the age of 13, “COPPA 2.0” would apply to all minors up to age 17. Moreover, the range of sites covered by the new law would generally be expanded to include just about any site or service with social networking functionality.
Since Berin has already summarized our general concerns with efforts to expand COPPA’s “verifiable parental consent” online age verification system to cover more online users and sites, I thought I would focus here on what I believe will be the most controversial (and important) part of our paper — our discussion about how COPPA 2.0 affects the speech rights of both adults
and adolescents.
Continue reading →
Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”
As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.
Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment,
etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.
We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:
- Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
- Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
- Hamper routine and socially beneficial communication between adolescents and adults;
- Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.