Today I testified at a hearing by Massachusetts Attorney General Martha Coakley on commercial sexual exploitation and the Internet. When I first learned about it, I feared the worst: time to demonize the Internet. After all, the hearing announcement openly targeted Craigslist and websites generally. But this was not the case at all—as we heard, NGOs, law enforcement, and industry all have roles to play.

Instead of Internet-bashing, the hearing was a constructive dialogue. We learned why children are forced into prostitution and how classified ads on the Internet can promote this illegal activity. I was there to learn how we can help.

Commercial sexual exploitation is big business. Over 100,000 women are in the illegal sex trade. Often these women are actually teenage girls, vulnerable and with no place to go. Their lives are run by pimps, they cater to “johns,” and their lives are a living hell – except that these women become so desensitized that they eventually have no life at all.

These child prostitutes show up in advertisements for “escort services” or “adult services.” Traditionally, these ads were in the yellow pages. Now they exist on the Internet, and these listings can often be graphic. But it’s hard to tell whether these ads involve women against their will or underage girls. That’s why there are folks who would like to see all these ads disappear. And they’ll blame Internet classifieds—indeed, one witness called sites like Craigslist and Backpage “electronic pimps.”

Unfortunately, there are those that think it is better to force the shut down of the adult services section of these sites. But as we heard from danah boyd of Microsoft and a fellow at the Harvard Berkman Center, merely shutting down the listed supply of adult services is superficial. It’s shutting off the most visible aspect of human anti-trafficking, which is a huge honeypot where pimps advertise and johns congregate. This should be the first place to start an investigation, not end a prosecution.

It’s far better for law enforcement to use these sites to identify what they think are ads of women in forced prostitution, and then infiltrate their criminal networks to reduce both the supply of women and the demand for their services. If we can develop strategies to break the networks, we can get to the root of the problem.

To this end, danah boyd also made great points about not getting distracted by the technology. Bad actors are sexually exploiting young girls by using the Internet to further their criminal enterprise, but it’s not an Internet problem
per se. Focusing on removing websites or portions of sites addresses symptoms of a much deeper criminal syndicate. For the most part, I think this point resonated with the Attorney General’s staff.

What certainly resonated throughout the entire hearing was that sex trafficking is a complex problem that requires a multi-disciplinary approach. We heard this from child welfare and victimization groups, law enforcement, and the online industry.

And that’s why we heard AG Coakley call for a task force to study the issue. We support her desire for all the interested groups to come together, and look forward to working with her to help eliminate commercial sexual exploitation.

Chalk up another victim to unwarranted political intimidation by state attorneys general. On Friday evening, Craigslist, which has long been under intense pressure to crack down on sex crimes, replaced its adult services section in the U.S. with a black censor bar. This move comes on the heels of a scathing letter sent to Craigslist by seventeen state AGs insinuating that Craigslist is culpable for the “victimization of children.” While the state attorneys general are likely celebrating victory this holiday weekend, all they’ve really done is to stifle free speech online and complicate efforts by law enforcement authorities to go after the real bad guys — you know, the ones who are forcing kids into sex slavery.

This isn’t the first time states have publicly attacked Craigslist for its involvement in sex crimes. Various AGs been trying to intimidate the site into eliminating avenues of adult content for years, as Alex Harris and Jim Harper have chronicled on these pages. In response to state AGs’ relentless saber-rattling, Craigslist made several major changes last year aimed at curbing illegal postings. The site shut down its notorious “erotic services” section and began charging $10 for every posting made to the adult services section. Craigslist even began manually screening all posts submitted to the adult services section. Since May 2009, over 700,000 postings have been rejected.

Apparently none of these concessions were enough for state AGs, always eager to score political points. Despite the safeguards Craigslist implemented last year, users continued to use the site in the commission of sex crimes. This is hardly surprising; given the sheer volume of user submissions and the increasingly complex measures taken by criminals to obfuscate their unlawful solicitations, some illegal postings are bound to circumvent any filtering regime. Now that Craigslist has censored its adult services section, former users of the section will invariably flock to other sites, as has happened every single time a major Bittorrent site has been taken offline or crippled by litigation. Craigslist is just one of many, many websites on the Internet that’s frequented by criminals, after all. From popular sites like Google and Yahoo! to small blogs that accept user comments, nearly any site that allows user submissions can be used to break the law.

Such websites generally aren’t legally liable for crimes committed by their users, as courts across the country have held time and time again (1,2,3,4). That’s because when Congress overhauled America’s telecom laws in 1996, it enacted the Communications Decency Act, which grants “providers” of “interactive computer service” immunity from state criminal prosecution for illegal content posted by users. Thus, while prosecutors can and do pursue criminal charges against individuals who post illegal content to Craigslist, they can’t go after Craigslist itself, as long as the site complies with enforceable governmental requests and promptly removes content it knows to be illegal.

This legal provision, known as Section 230, has been crucial to the growth of the Internet as we know it. As Adam Thierer aptly put it last year, it’s the “cornerstone of Internet Freedom.” Section 230 has enabled website operators to offer an array of incredible user-driven offerings without fear of being sued or jailed for their users’ unlawful actions. Without it, “Web 2.0” sites like YouTube, Digg, and Reddit might never have gotten off the ground. Monitoring user submissions can be enormously burdensome, especially for smaller sites like WashingtonWatch.com, a popular user-centric site operated and owned by the Cato Institute’s Jim Harper. Were these sites liable for the content of their users’ postings, they likely wouldn’t even accept them in the first place.

Congress established this protection in order to “to maintain the robust nature of Internet communication and, accordingly, to keep government interference in the medium to a minimum,” as the U.S. 4th Circuit Court of Appeals concluded in its forceful 1997 opinion in Zeran v. America Online, Inc. In their assault on Craigslist, state attorneys general ignore Congress’s clear intent in establishing Section 230 — to keep government’s hands off the Internet.

To be sure, Section 230 does have a downside, as Craigslist itself has underscored time and time again. Illegal user postings can result in tragedy, as was the case for AK and MC, two girls who took out ads in The Washington Post and The San Francisco Chronicle last month recounting their experiences as victims of sex crimes facilitated through Craigslist. Despite Section 230’s flaws, however, the alternative is far worse.

Many, if not most, postings on Craigslist’s adult services section were perfectly legal, and until Friday thousands of individuals relied on the section to find consenting adults with whom to fulfill their intimate desires. In pressuring Craigslist to censor the section, state AGs have essentially stifled the free speech rights of thousands of individuals. Criminals will simply migrate to even shadier websites, further hindering efforts by law enforcement to put child sex traffickers behind bars.

It’s 2010, and nearly 5 billion devices worldwide are now connected to the Internet — a freely accessible, unfiltered, unauthenticated worldwide network. As long as such a network exists, it’s all but inevitable that it will have a seedy underbelly. Law enforcement officials should investigate sex crimes against children committed using the Internet and aggressively prosecute suspected child sex traffickers. Trying to intimidate interactive websites like Craigslist, however, is the wrong approach.

Be prepared next week for a cacophony of hand-wringing and prognosticating about retail sales figures reported on “Black Friday.” Retailers traditionally count on holiday shoppers to put them “in the black” for the year with a surge of purchases on the Friday after Thanksgiving.

But if you really want to understand this year’s retail sales picture, wait til the Monday after Thanksgiving. “Black Monday” is day a lot of people return to work, fire up the computer, and begin their online holiday shopping. 

Recent reports suggest that the recession has boosted rather than harmed electronic commerce, for one simple reason: the Internet makes it a lot easier to find the best price for many common purchases. Numerous recent posts tell this story:

Harsh Economy Can’t Shake Love for Online Retailers

Internet Supermaket Booms in Bad Times

Is Online Shopping Affected by a Recession?

The most popular online sites on STORES Magazine’s list include those of established merchants, such as Walmart, Best Buy, JC. Penney, and Target. They also include the pure online plays, such as Amazon.com, eBay, and Overstock.com.  Craigslist — the site where I hunt for used and free stuff — made Stores’ “Top 50” list for the first time this year.  That’s surely a sign that the recession has been a boon to online shopping!

by Berin Szoka & Adam Thierer, Progress Snapshot 5.11 (PDF)

Ten years ago, Nobel Prize-winning economist Milton Friedman lamented the “Business Community’s Suicidal Impulse:” the persistent propensity to persecute one’s competitors through regulation or the threat thereof. Friedman asked: “Is it really in the self-interest of Silicon Valley to set the government on Microsoft?” After yesterday’s FCC vote’s to open a formal “Net Neutrality” rule-making, we must ask whether the high-tech industry—or consumers—will benefit from inviting government regulation of the Internet under the mantra of “neutrality.”

The hatred directed at Microsoft in the 1990s has more recently been focused on the industry that has brought broadband to Americans’ homes (Internet Service Providers) and the company that has done more than any other to make the web useful (Google). Both have been attacked for exercising supposed “gatekeeper” control over the Internet in one fashion or another. They are now turning their guns on each other—the first strikes in what threatens to become an all-out, thermonuclear war in the tech industry over increasingly broad neutrality mandates. Unless we find a way to achieve “Digital Détente,” the consequences of this increasing regulatory brinkmanship will be “mutually assured destruction” (MAD) for industry and consumers.

New Fronts in the Neutrality Wars

The FCC’s proposed rules would apply to all broadband providers, including wireless, but not to Google or many other players operating in other layers of the Net who favor such broadband-specific rules. With this rulemaking looming, AT&T came after Google with letters to the FCC in late September and then another last week accusing the company of violating neutrality principles in their business practices and arguing that any neutrality rules that apply to ISPs should apply equally to Google’s panoply of popular services. In particular, AT&T accused Google of “search engine bias,” suggesting that only government-enforced neutrality mandates could protect consumers from Google’s supposed “monopolist” control.

The promise made yesterday by the FCC—to only apply neutrality principles to the infrastructure layer of the Net—is hollow and will ultimately prove unenforceable. The reality is that regulation always spreads. The march of regulation can sometimes be glacial, but it is, sadly, almost inevitable: Regulatory regimes grow but almost never contract. Indeed, in some ways, the prediction we made just three weeks ago is already coming true: The basic premise of neutrality regulation is already being proposed for other layers of the Internet—and not just by AT&T in retaliation. One need not agree with all of AT&T’s accusations to recognize that, whatever the FCC might say today, any large online intermediary with a popular platform potentially faces the threat of “network neutrality” mandates—because every platform is essentially a “network,” too. We’re not just talking about “search neutrality” (Google as well as Microsoft) but also about “device neutrality” (mobile handsets), “app neutrality” (Apple’s iTunes store, Facebook’s developers and Google’s Android mobile OS) and so on for social networking, email, instant messaging, online advertising, etc.

An open letter sent to FCC Chairman Julius Genachowski this week by 28 founders and CEOs of leading application providers—including Amazon, Google, Facebook, Netflix, Craigslist, Sony and Twitter—speaks generally about the need for the FCC to enforce a “guarantee of neutral, nondiscriminatory access by users.” While many of these signatories may have in mind ISPs as the network “gatekeepers” that need to be reined in by the FCC, the more successful among them are likely to find this letter used against them in the future—perhaps even by co-signatories—to advance a broad conception of what the government must do to ensure “openness” and “access” for platforms at all layers of the Internet.

Dumb Networks, Dumb Devices

The intellectual foundations for this regulatory creep have already been laid by groups like Free Press and Public Knowledge and law professors like Columbia’s Tim Wu, Harvard’s Jonathan Zittrain and Seton Hall’s Frank Pasquale. As originally conceived by Tim Wu in 2003, “network neutrality” is not unique to broadband networks: “the basic economic problem found in the network neutrality debate (a form of ‘platform exclusion’ or ‘vertical foreclosure’) can be found in many other markets.” Indeed, Wu’s popular Net Neutrality FAQ declares:

The promotion of network neutrality is no different than the challenge of promoting fair evolutionary competition in any privately owned environment, whether a telephone network, operating system, or even a retail store. Government regulation in such contexts invariably tries to help ensure that the short-term interests of the owner do not prevent the best products or applications becoming available to end-users.

Zittrain picked up where Wu left off in The Future of the Internet and How to Stop It—attacking, as the enemies of innovation, not ISPs but the supposedly “closed” platforms of Apple, TiVo and Microsoft’s Xbox. Zittrain warns that:

If there is a present worldwide threat to neutrality in the movement of bits, it comes not from restrictions on traditional Internet access that can be evaded using generative PCs, but from enhancements to traditional and emerging appliancized services that are not open to third-party tinkering.

Zittrain’s general solution is “API [Applications Programming Interface] neutrality:” If you create a platform (whether hardware or software) and begin allowing third-party contributions (“generativity”), you will lose all control over devices or applications that can run on that platform.

Those who offer open APIs on the Net in an attempt to harness the generative cycle ought to remain application-neutral after their efforts have succeeded, so all those who built on top of their interface can continue to do so on equal terms…. [N]etwork neutrality ought to be applied to the new platforms of Web services that, in turn, depend on Internet connectivity to function.

Clearly, if Zittrain and his allies have their way, the sort of neutrality mandates envisioned by the FCC or some Congressmen for ISPs will eventually cover companies such as Apple, Google, Facebook, Myspace, Twitter and Amazon—all singled out by Zittrain in a New York Times op-ed in July:

If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from competing, mighty incumbents.

Frank Pasquale agrees on the need to restrain all “the dominant players at all layers of online life,” but focuses on his demand for a Federal Search Commission to control supposedly “biased” search results. While the FCC wrings its hands over “managed services” offered by ISPs, search engines are increasingly offering their own value-added services by “blending” algorithmically-derived results with special features like maps, videos, books or music depending on what the search term suggests the user is interested in. “Artificially” ensuring that these features appear on the first page of search results is clearly non-neutral, and necessarily involves search engines making ”managed” decisions as to whose features to include. Yet such features also clearly benefit users—dramatically improving the usefulness of search engines and helping to sustain struggling business models like music retailing.

But one need not resort to the works of “ivory tower” academics to see the slippery slope we’re already tumbling down with the infinitely elastic principle of “neutrality.” The prospect of the FCC gradually transforming into a “Federal Information Commission” becomes more apparent when one reads the Wireless Innovation and Investment Notice of Inquiry recently released by the FCC:

As other approaches, such as cloud computing, evolve, will established standards or de facto standards become more important to the applications development process? For example, can a dominant cloud computing position raise the same competitive issues that are now being discussed in the context of network neutrality? Will it be necessary to modify the existing balance between regulatory and market forces to promote further innovation in the development and deployment of new applications and services?

One can imagine how some might use such language to accuse Google of being in “a dominant cloud computing position” such that “the context of network neutrality” will be applied to cloud service (like Google Voice) to “modify the existing balance between regulatory and market forces” through regulation. Indeed, that’s precisely what AT&T has suggested in recent letters (September 25 ^th and October 14 ^th) to the FCC.

AT&T’s partner Apple has already been the subject of such attacks for its decision to block the Google Voice app earlier this summer. The incident marked the beginning of open warfare between Google and AT&T/Apple. The FCC quickly jumped into the mix, first questioning how Apple manages its iTunes apps store for the iPhone, then questioning how Google runs its free Voice application. What legal authority the FCC has over either service is far from clear, but Apple seems to have gotten the message: It recently approved the Spotify music streaming app for the iPhone, which could be a serious competitive threat to the iTunes music store. This small incident highlights how easily regulators can impose their will through informal mechanisms like open-ended investigations even without clear authority to issue rules or bring enforcement actions. Yet none dare call it what it is: regulatory blackmail.

The Inevitability of Regulatory Capture

No doubt, other industry players will cheer on such regulatory harassment of the titans of tech—and maybe even demand more of it. Regulatory creep is driven by more than the self-interests of every bureaucracy to expand its own mission, budget and staff. As the Electronic Frontier Foundation has noted, “Experience shows that the FCC is particularly vulnerable to regulatory capture.” While lobbyists play an important role in defending business from government, all too many businesses naively look at government as a beast that can be tamed, trained, and turned to one’s own advantage, and often try to use the expanding regulatory apparatus to their own advantage or simply throw their competitors under the bus to save themselves. The result is a Hobbesian regulatory “war of all against all” within industry.

As Professor Alfred E. Kahn explained in his 2-volume opus, The Economics of Regulation, all regulation—however high-minded—is inevitably captured by special interests because:

When a commission is responsible for the performance of an industry, it is under never completely escapable pressure to protect the health of the companies it regulates, to assure a desirable performance by relying on those monopolistic chosen instruments and its own controls rather than on the unplanned and unplannable forces of competition. […] Responsible for the continued provision and improvement of service, [the regulatory commission] comes increasingly and understandably to identify the interest of the public with that of the existing companies on whom it must rely to deliver goods.

If Internet regulation follows the same course as other industries, the FCC and/or lawmakers will eventually indulge calls by all sides to bring more providers and technologies “into the regulatory fold.” Clearly, this process has already begun. Even before rules are on the books, the companies that have made America the leader in the Digital Revolution are turning on each other in a dangerous game of brinksmanship, escalating demands for regulation and playing right into the hands of those who want to bring the entire high-tech sector under the thumb of government—under an Orwellian conception of “Internet Freedom” that makes corporations the real Big Brother, and government, our savior.

Toward a Less MAD World: Digital Détente

Sincere defenders of real Internet Freedom—that is, freedom from government techno-meddling—recognize that there will always be disputes over how companies deal with each other online across all layers of the Internet. The question is not whether we need a technical coordinating mechanism for handling such disputes. Someone should mediate conflicts over alleged deviations from abstract neutrality principles. But should that arbitrator be an inherently political body like FCC? Or should we instead look to truly independent, apolitical arbitrators like the Internet Engineering Task Force or collaborative efforts like the Network Neutrality Squad? Such alternative dispute resolution mechanisms and fora need not have the power of law to be effective: The weight of their expert opinion, based on careful investigation of the facts, would likely resolve most disputes, because companies have strong reputational incentives to comply with reasoned rulings by truly neutral experts. And the white hot spotlight of public attention has a way of disciplining marketplace behavior as well.

Government would still have a role to play, of course, in enforcing antitrust laws where anticompetitive harm to consumers can be proven, and in enforcing the promises companies make to consumers. Ultimately, however, certain business models and technologies require non-neutral treatment, and the best remedy for concerns about non-neutrality is competition itself: In the high-tech sector more than any other, disruptive innovation makes it difficult for even the most successful companies to stay on top forever. Competitive entry—or even the threat of new entry—provides a powerful check on the power of so-called “gatekeepers,” but even more important is the prospect that today’s leaders will be tomorrow’s laggards: There’s little reason to think Google (search and advertising), Apple (smart phones and music) and Facebook (social networking) won’t someday find themselves playing catch-up, just as IBM (computers), Microsoft (desktop software and search), Friendster and MySpace (social networking), and Yahoo! and AOL (web portals) have had to do.

“Digital Détente” would require that all parties concede something and work constructively toward a more “peaceful” ( i.e., less regulatory) resolution. And yet, no Internet company wants to disarm unilaterally, foreswearing politics as a continuation of competition by other means. Only through multilateral disarmament could they break out of the current cycle of regulatory one-upmanship: If the companies in the Internet ecosystem could form a united front against increased government regulation and in favor of removing existing regulatory obstacles to competition, they could all return to their core competencies of creativity and innovation.

The alternative is a regulatory “nuclear winter”: high-tech titans turning their political fire on each other, catching innocent third parties in the cross-fire and bringing a dark cloud of government regulation over the entire Internet. Such increased regulation would stifle investment and innovation throughout the Internet ecosystem. Thus, it is consumers who will ultimately suffer most from the tech industry’s suicidal impulse, as their choices and digital lives are impoverished. For their sake, we hope all industry players will step back from the brink to avoid such high-tech mutually assured destruction.

Last night, thanks to Craig’s List and a Web-enabled cell phone, I unloaded two extra tickets to tonight’s World Cup qualifying game between the U.S. and Costa Rica in under an hour. (8:00, ESPN2 “USA! USA! USA!”)

Wanting to avoid the hassle of selling the tickets at RFK, I placed an ad on Craig’s List offering them at cost, figuring I might find a taker and arrange to hand them off downtown today or at the stadium tonight. Checking email as I walked to the gym, I found an inquiry about the tickets and phoned the guy, who happened to live 100 feet from where I was walking. A few minutes later, he had the tickets and I had the cash.

This quaint story is a single data point in a trend line—the high-tech version of It’s Getting Better All the Time. Everyone living a connected life enjoys hundreds, or even thousands, of conveniences every day because of information technology. Through billions of transactions across the society, technology improves our lives in ways unimaginable two decades ago.

Before 1995, nobody ever traded spare soccer tickets in under an hour, on a Tuesday night, without even changing his evening routine. If soccer tickets are too trivial (you must not understand the game), the same dynamics deliver incremental, but massive improvements in material wealth, awareness, education, and social and political empowerment to everyone—even those who don’t live “online.”

Sometimes debates about technology regulation are cast in doom and gloom terms like the Malthusian arguments about material wealth. But the benefits we already enjoy thanks to technology are not going away, and they will continue to accrue. We are arguing about the pace of progress, not its existence.

This is no reason to let up in our quest to give technologists and investors the freedom to produce more innovations that enhance everyone’s well-being even more. But it does counsel us to be optimistic and to teach this optimism to our ideological opponents, many of whom seem to look ahead and see only calamity.

Last year, my PFF colleague Adam Thierer asked whether State AGs + NCMEC = The Net’s New Regulators? Adam noted that NCMEC, the National Center for Missing and Exploited Children, a private non-profit organization, was playing a law enforcement role in regulating child pornography—but without any clear mechanisms for ensuring its accountability and effectiveness. Adam’s point wasn’t just that transparency is a good thing, but that when it comes to a cause as important as protecting children from exploitation, it’s vital to ensuring that we’re that we’re actually doing a good job at it!

Yesterday, Emmanuel Lazaridis commented on that post:

Given the increasing regulatory and investigative powers of the NCMEC, it is no longer clear whether or not the [Freedom of Information Act] applies to NCMEC records. We are about to find out. I am right now bringing a case against the NCMEC in federal court for access to records under the FOIA and, failing that, for discovery under 28 U.S.C. § 1782(a).

Mr. Lazaridis’s complaint in the D.C. District Court claims that Lazaridis (a Greek national) has been unfairly deemed a fugitive from U.S. justice for having taken his daughter to Greece over the objections of the girl’s American mother, Lazaridis’s ex-wife. NCMEC got involved by placing the girl on their MissingKids.com registry of abducted children. Lazaridis wants the court to recognize his custody, deem him not to be a fugitive, and to order NCMEC to turn over all their records on the girl.

This is, of course, just one side of the story (and such cases are usually so complicated as to be indecipherable to outsiders). But even if Lazaridis’s case were wholly without merit, his basic argument would be a sound one: Why shouldn’t NCMEC, in exercising any of its essentially governmental functions, be subject to the same accountability requirements through FOIA as the FBI would be?

When the issue is the Lazaridis family’s trans-Atlantic custody battle, it may seem easy to ignore this question. But when NCMEC is essentially making policy regarding filtering Internet content, blacklisting websites, turning over user logs to law enforcement, or “cleaning up” Craigslist, the question of NCMEC’s accountability under FOIA cannot be avoided as a critical decision about the future of Internet governance.

On heels of Adam’s piece last year, controversialist Chris Soghoian suggested one answer: Given its status as a sacred cow, we cannot expect any politician pay heed to calls to overhaul NCMEC or subject it to oversight. However, what we can do, is call for the nationalization of the National Center for Missing and Exploited Children.

Think of it this way: We have a drug czar, a war czar, a copyright czar, and will likely have a cybersecurity czar and car czar under the next administration. Why not throw a child porn czar into the mix? Nationalize NCMEC, make all of its workers federal employees, with good health care and job security, and perhaps even expand its budget–after all, it does good work, right? NCMEC’s job is simply too important to be entrusted to a nonprofit group–such a task can only be performed by a fully trained and funded law enforcement agency (one, which conveniently enough, is subject to the Freedom of Information Act, congressional oversight, and constitutional requirements for due process.)

Despite my differences with Chris, he’s often right and may be here, too. He’s certainly right that Congress is unlikely to address the problem of NCMEC’s accountability given the sensitivity of the issue of child protection.

But, fortunately, we live in a republic, not a pure democracy: Our third branch of government, the courts, exists to enforce the rule of law; being somewhat insulated from political pressure, the courts provide a final check on the authority even of the almighty NCMEC. So while Chris’s nationalization proposal might well be the ideal solution, it hasn’t happened yet—nine months later to the day, and it’s probably not high on the Obama administration’s list of czarist reforms.

But simply by ordering NCMEC to comply with FOIA, the Lazaridis court could, with the stroke of a pen, bring accountability to NCMEC’s law enforcement functions. The legal question is simple: Does NCMEC qualify as an “agency,” which FOIA defines as an “authority of the Government of the United States?”

If so, NCMEC must not only respond to requests for certain of its “records,” but it must also follow a rule-making process akin to that required of federal agencies when they make policy decisions, offering the public appropriate notice and the opportunity to comment on proposed regulations—instead of, say, threatening Internet companies behind closed doors (sometimes the same companies that later make generous donations to NCMEC) or cutting deals with state attorneys general.

It turns out that this is not a new issue. Federal courts have had to decide whether a number of quasi-governmental entities qualify as “agencies” over the years, especially given the trend towards privatization over the last three decades. Some organizations, like the Smithsonian Institution, have decided to comply with FOIA even though courts have held that they’re not required to do so. NCMEC could have allayed all these concerns years ago by doing the same thing, but absent a change in management at the organization, it seems only a court order will force the organization to open its “black box” of decision-making to public inquiry.

In a number of other circumstances, courts have required nominally private organizations to comply with the federal FOIA or its state equivalents. A thorough (if dated) treatment of this issue can be found in the 1999 law review article, Privatization and the Freedom of Information Act: An Analysis of Public Access to Private Entities Under Federal Law by Craig Feiser, Florida’s deputy solicitor general and an adjunct at FSU Law. Feiser explains:

When Congress amended FOIA in 1974, it added section 552(f)(1) and broadened the definition of “agency” to include entities not explicitly mentioned under the APA, but which “perform governmental functions and control information of interest to the public.”

In deciding whether a private organization qualifies as an agency subject to FOIA, courts have considered two factors.

One factor asks whether the entity has substantial independent authority in performing a function of the government, making it the functional equivalent of the government. The other factor asks whether the government substantially controls the entity’s day-to-day operations or organizational framework. In using either factor, the court is essentially asking to what degree the entity is performing a government function. In one case, the government is pulling nearly all of the strings; in the other case, the entity is making decisions independently for the government.

Financially, NCMEC is largely a creature of government: 70% of NCMEC’s $42 million budget in 2007 came from the government. But as Feiser notes, funding does not always mean control. Government control over NCMEC’s internal decisions is unclear. Indeed, the very lack of government control over an organization essentially regulating the Internet and imposing criminal sanctions that could follow convicted “sex offenders” for life would by itself be an enormous problem.

But given what NCMEC actually does, it obviously qualifies as an “agency” subject to FOIA under the “functional equivalence factor,” which as Feiser explains,

basically represents the opposite situation from the control factor. Here, the entity is functioning independently, but making decisions for the government, as opposed to having its decisions made by the government. In effect, it is the functional equivalent of the federal government, and, therefore, it should be an “agency” under the FOIA.

I’ll be watching the Lazaridis case closely, hoping that the court sees NCMEC for what it is: a private organization tasked with implementing not just any government function, but the enforcement of laws against the most vulnerable victims in society. Absent such a recognition, NCMEC will continue to grow into an unaccountable regulator for the Internet.

Today, the only public oversight of NCMEC required by law is the requirement that NCMEC (like any non-profit with federal tax-exempt 501(c)(3) non-profit status) file a Form 990 each year disclosing basic information about its finances. That report does not list NCMEC’s donors, because donors have a First Amendment right to remain anonymous, but a more transparent organization would, like my own think tank, at least identify its major donors. The 2006 and 2007 Form 990s do reveal a few interesting things, though, about what NCMEC does with its budget (70% of which comes from the taxpayer):

• NCMEC’s CEO, Ernie Allen, was paid $359,191 plus $411,636 in benefits in 2006 (PDF p. 46) and $409,821 plus $426,540 in benefits in 2007 (PDF p. 19), for a total of $1.6 million in two years (roughly $800,000/year);
• Not counting Allen, NCMEC spent $778,564 on its top five highest-paid employees in 2006 ($155,713/employee), and $875,657 in 2007 ($175,131/employee) (PDF p. 10 in both);
• 31% of NCMEC’s 2006 revenues and 35% of its 2007 revenues went to salaries (PDF pp. 1 & 2 in both); and
• NCMEC had 104 employees paid over $50,000 in 2006 (PDF p. 10) and 116 in 2007 (PDF p. 10).

I’d be reluctant to suggest that anyone at NCMEC was more interested in money than in protecting children, but if given the choice, we’d all prefer to do well while doing good. So if Allen were smart, he’d realize that a court order subjecting NCMEC to FOIA might be the best of all possible worlds: Requiring real accountability would neutralize calls for nationalizing NCMEC, allowing the organization to continue operating as a non-profit that can pay quite a bit better than the Federal civil service. Even the Senior Executive Service, for agency heads, maxes out at a measly $177,000/year.

Of course, if NCMEC’s records and decisions to regulate the Internet were subject to FOIA, the organization might not be able to… “convince” the Internet companies it essentially regulates to write large checks to NCMEC. But even this tax-hating libertarian would be hard-pressed to argue against funding the enforcement of laws against child pornography, abduction and exploitation with taxpayer dollars.

As the grandson of an FBI agent, whose framed credentials hang in a place of pride in my office (stamped “RETIRED” after his 25 years of loyal service), I can’t help but wonder how many more agents the FBI could employ to combat child porn with an extra $1.6 million/year in funding (the salary of Allen and NCMEC’s top-five highest paid employees). It seems that FBI agents today make roughly $48,000-87,000/year. Let’s call it an average of $67,500 and throw in 20% for overhead. That works out to $81,000/year—or:

• 20 new agents for what NCMEC is paying its top six employees; or
• 368 new agents for the $29.82 million NCMEC received in government support in 2007.

I’m sure the solution is far more complicated than simply hiring more FBI agents, and that NCMEC does much good work in the service of a noble cause. But until NCMEC is either nationalized as a direct arm of law enforcement or made significantly more accountable as a private organization, we won’t really have any way of knowing whether the money being spent on NCMEC is being spent in the most effective manner possible to deal with the problems of child pornography, abduction and exploitation. We also won’t know whether draconian alternatives to direct enforcement ( e.g., hiring more FBI agents) like network-level filtering mandates are truly necessary, despite their unintended consequences for the free speech and privacy rights of law-abiding Internet users.

craigslist has filed a complaint against South Carolina Attorney General Henry McMaster, seeking to enjoin him from prosecuting the site for displaying the solicitations to prostitution that sometimes appear there. The complaint cites section 230 of the Communications Decency Act, the First Amendment, and a few other laws that craigslist believes protect it from liability.

The complaint makes a pretty good case that craigslist has taken reasonable steps, working with law enforcement, to keep prostitution off the site. With that it has done its part. If prosecutors want to go after prostitution, they can use craigslist to do so. They should not attack the messenger if consenting adults are trying to exchange money for sexual services in their local areas.

Over the past year, I have been monitoring a very interesting trend with important ramifications for the future of Internet policy. State Attorneys General (AGs) — often in league with the National Center for Missing and Exploited Children (NCMEC) — have been striking a variety of “voluntary” agreements with various Internet companies that deal with child safety concerns or other online issues. These agreements require the companies involved to take various steps to alter site architecture and functionality, commit to stop certain practices, or take steps to block certain users (ex: predators; escort services) or types of content (ex: child porn; online “discrimination”) altogether.

To begin, let me be very clear about one thing: Some of these activities or types of content warrant a law enforcement response. That is certainly the case with child pornography or predation, for example. However, as I will note down below, there is a legitimate question about whether state officials and a non-profit private organization should be crafting legal or regulatory policies to address such concerns for a global medium like the Internet. Regardless, these agreements are creating a new layer of Internet regulation (almost extra-legal in character) that is worthy of exploration.

First, let me itemize some of these recent “voluntary” agreements between Internet companies and the AGs and/or NCMEC:

• MySpace, Facebook & 49 state AGs: On January 14th, 2008, social networking website operator MySpace.com announced an agreement with 49 state Attorneys General (AGs) aimed at better protecting children online. As part their “Joint Statement on Key Principles of Social Networking Safety,” MySpace promised the AGs it would expand online safety tools, improve education efforts, and expand its cooperation with law enforcement. Facebook entered into a similar agreement with the AGs in May. These agreements came after AGs had relentlessly pushed these social networking sites for over a year to adopt age verification techniques to screen site users. Although mandatory age verification was not part of the final agreements, an Internet Safety Technical Task Force (ISTTF) was formed to study online safety tools, including a review of online identity authentication technology. It was clear when the announcements were made that the AGs were very interested in seeing online age verification pursued.
• Various ISPs and New York AG + NCMEC: In June 2008, New York Attorney General Andrew Cuomo pushed several major ISPs to enter into a Memorandum of Understanding (MOU) with NCMEC to address the dissemination of child pornography online.  Under the MOU, the ISPs must use a NCMEC-provided list of URLs supposedly containing child pornographic images to blacklist and block all access to those sites for their users. The agreement also closed off access to Usenet discussion boards on those ISP’s networks.
• Craigslist & California AG + NCMEC: In early November, Craigslist struck an agreement with 40 state AGs as well as NCMEC in which the online classifies operator agreed to take steps to root out certain sexually-themed or “erotic services” listings. See this Ars Technica article for additional details.
• eHarmony & New Jersey AG: Just this past week, the online dating service company eHarmony announced it had struck an agreement with the Attorney General of New Jersey to settle a complaint that a New Jersey resident filed with the state in 2005 alleging that eHarmony violated his rights by not offering a same-sex matching service. The agreement creates some interesting questions, as George Mason University law professor David Bernstein told the Wall Street Journal. The discrimination claim “seems like quite a stretch,” he said, and he said that he is worried it might encourage similar claims. “If you start a dating service for African Americans, do you need one for whites and Latinos? If you have one for Jews, do you need one for Christians and Muslims?” According to the Journal, eHarmony faces a similar discrimination claim in a California court, so we might get answers soon enough.

There are a number of interesting legal and practical questions raised by these agreements:

• “Voluntary” Agreements & the Law: Although typically billed as “voluntary” in nature, it seems highly unlikely that any of the companies involved would have made these concessions without  pressure from the state AGs (and sometimes NCMEC) to do so. How binding are these agreements in light of that? Of course, it is unlikely any of the companies involved would (or could) later challenge the validity or scope of these agreements after they had already signed onto them. But what if a free speech or civil liberties group challenged these agreements in court because of their impact on the Internet, online speech, or a certain group of citizens? Would they have a case? Would they even have standing? Where do they have it?
• Precedent & Applicability: Do such agreements constitute precedents that could be applied in other cases or contexts? Could parties not involved in the original agreements — either because they refused or did not yet exist — eventually be covered by them in some fashion? Do these agreements cover services available in the American but hosted entirely overseas?
• Commerce Clause Issues: Do state Attorneys General have the right to impose such quasi-regulatory regimes on an interstate medium like the Internet? Can 50 state AGs impose uniform laws on the Net without any congressional oversight, as was the case in the MySpace and Craigslist agreements? Conversely, what will the impact be of individual state AGs going their own way, as was the case with the eHarmony agreement? If Congress remains silent on the agreements but a group (ex: a civil liberties group) brings a dormant Commerce Clause case, what are their chances of prevailing in court?
• Accountability & Effectiveness: Will anyone in Congress or a federal agency oversee these agreements? How transparent are these agreements when they are brokered behind closed doors or with NCMEC? Does the Freedom of Information Act (FOIA) apply such that records and information can be made public?  What is the benchmark of success when different states adopt different legal regimes for the Net?

I’m not saying I have any good answers here; I’m just trying to get the questions on the table and get a discussion going. I would appreciate any input on the matter, especially of the legal variety. It strikes me that we are in somewhat uncharted waters here, at least for the Internet. On the other hand, I’m sure there have been state AG-related “voluntary” agreements struck in other industries and contexts in the past that might provide some insight into what, if anything, happens next.

What I find most interesting about these developments is that the state AGs appear to be gradually accomplishing what Congress has not been able to do over the past dozen years: To impose a comprehensive regulatory structure on the Internet. But that emerging regulatory structure is highly fractured and piecemeal in nature, and that troubles me. I am particularly concerned about the long-term impact of a 50-state patchwork approach to online regulation — both for speech and commerce. It’s not like we’re talking about the regulation of a corner newsstand here, after all. This is the Internet, and localized regulation of this national — actually global — platform makes me more than a bit nervous.

In closing, I want to again reiterate that I do not necessarily oppose intervention in any of these cases. However, to the extent such regulations do need to be imposed and enforced, it may make more sense for the process to be federalized and NCMEC’s role nationalized and administered by the Federal Bureau of Investigation or some branch of the Department of Justice. There needs to be greater transparency and accountability when matters of child pornography or predation are at issue, and NCMEC’s lack of FOIA-ability in this regard is problematic. I think NCMEC is a fine organization that does very important work to help protect children, but it is work that involves criminal activities and the collection of evidence that could be used in criminal court proceedings. In light of that — and in light of the expanded law enforcement powers being granted to NCMEC — I believe the time has come to have a serious conversation about whether those powers should continue to be housed in a private, non-profit organization, or if they should be transfered to a federal law enforcement agency. Of course, there could be serious downsides associated with the nationalization of those powers, which also should be considered.