Rep. Bart Stupak, (D-MI) recently introduced the ‘‘Online Age Verification and Child Safety Act’’ (H.R. 4059), which would require mandatory online age verification for “any pornographic website accessible by any computer located within the United States to display any pornographic material, including free content that may be available prior to the purchase of a subscription or product.”  The measure does not specify how such verification is to be administered, saying only that “any website or online service” must “establish and maintain a system of internal policies, procedures and controls to ensure that no such material is displayed to any user attempting to access their site without first verifying that the user is 18 years or older.”

In essence, the Stupak bill is the “Son of COPA,” or the Child Online Protection Act of 1998, a law that has been constitutionally tested and come up short during an epic, decade-long legal battle in which it was made clear that mandatory age verification is unwise, unworkable, and unconstitutional under the First Amendment.

COPA sought to make it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. COPA was immediately challenge, however, and a 10-year court battle ensued.  The law was blocked by lower courts because it was too sweeping in effect and because courts held that there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

COPA’s decade-long legal battle finally concluded in January 2009 when the U.S. Supreme Court refused to revisit the law.  COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004.  Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal in January, lower court rulings stood and COPA remained unconstitutional and unenforceable. The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

Many, many times here before I have documented my serious ongoing reservations about mandatory age verification.  [In particular, see this lengthy white paper and this event transcript for all the details.]  Moreover, as I pointed out in a recent PFF white paper (“Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer“), every major online safety task force that has studied the possibility of mandatory age verification for the Internet has come to the same conclusion: It won’t work, it’s unconstitutional, and it raises serious privacy concerns. Down below the fold I have pulled some of the relevant language from the five online safety task forces that have met since 2000 and considered this issue.  Some of the very best minds in academia, industry, government, and the child safety community sat on these task forces.  And, taken together, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety.

I would hope that Mr. Stupak and other lawmakers would heed the warnings about mandatory age verification that these task forces issued.  Read on for brief look at what the experts had to say. And as you do, remember that every dollar spent litigating another misguided attempt to mandate online age verification is another dollar that could be spent on education and empowerment solutions or other law enforcement strategies, all of which could be put in place immediately to make our kids safer online.

2000 – Commission on Online Child Protection (“COPA Commission”)

[Age verification] imposes moderate costs on users, who must get an I.D. It imposes high costs on content sources that must install systems and might pay to verify I.D.s. The adverse effect on privacy could be high. It may be lower than for credit card verification if I.D.s are separated from personally-identifiable information. Uncertainty about the application of a harmful to minors standard increases the costs incurred by harmful to minors sites in connection with such systems.  An adverse impact on First Amendment values arises from the costs imposed on content providers, and because requiring identification has a chilling effect on access. Central collection of credit card numbers coupled with the “embarrassment effect” of reporting fraud and the risk that a market for I.D.s would be created may have adverse effect on law enforcement.[1]

2002 – Youth, Pornography, and the Internet (“Thornburgh Commission”)

In an online environment, age verification is much more difficult because a pervasive nationally available infrastructure for this purpose is not available. […] Note that each of these [age verification] methods imposes a cost in convenience of use, and the magnitude of this cost rises as the confidence in age verification increases.[2]

2008 – Safer Children in a Digital World (“Byron Review”)

[N]o existing approach to age verification is without its limitations, so it is important that we do not fixate on age verification as a potential ‘silver bullet’.[3]

2009 – Internet Safety Technical Task Force (ISTTF)

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness.  Any system that relies on remote verification of information has potential for inaccuracies.  For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s.  Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records.  Any system that focuses on third-party in-person verification would require significant political backing and social acceptance.  Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.[4]

2009 – “Point Smart. Click Safe.” Blue Ribbon Working Group

The task force acknowledges that the issues of identity authentication and age verification remain substantial challenges for the Internet community due to a variety of concerns including privacy, accuracy, and the need for better technology in these areas.[5]

[2] Computer Science and Telecommunications Board, National Research Council, Youth, Pornography and the Internet (Washington, DC: National Academy Press, 2002), at 63-4, www.nap.edu/html/youth_internet/

[3] Safer Children in a Digital World: The Report of the Byron Review, March 27, 2008, at 99.  www.dcsf.gov.uk/byronreview

[4] Internet Safety Technical Task Force, Enhancing Child Safety & Online Technologies: Final Report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States, Dec. 31, 2008, at 10, http://cyber.law.harvard.edu/pubrelease/isttf.

[5] www.pointsmartclicksafe.org/report

[NOTE: Follow H.R. 4059 and comment on it over at Washington Watch.]

ATTACHMENT: Final Statement of Adam D. Thierer on Age Verification to the Internet Safety Technical Task Force

ISTTF Thierer Closing Statement http://d1.scribdassets.com/ScribdViewer.swf?document_id=10275410&access_key=key-2arwch33v27rw4obom5&page=1&version=1&viewMode=list

Just read this AP article that reported on a Tuesday hearing of the Ohio Supreme Court about an Ohio “harmful to minors” law. According to the article, the statute makes it illegal to distribute harmful material to minors through “direct communications by people who know or have reason to believe the recipient is a minor.”

The case is in the 6th Circuit Court of Appeals, which has asked the Ohio Supreme Court to interpret “mass distribution” and “personally directed devices.” Per the law:

2) A person remotely transmitting information by means of a method of mass distribution does not directly sell, [etc.] … if either of the following applies: (a) The person has inadequate information to know or have reason to believe that a particular recipient of the information or offer is a juvenile. (b) The method of mass distribution does not provide the person the ability to prevent a particular recipient from receiving the information.

In the hearing (see the video) Justice Robert Cupp coins this beauty of a statement:  “It’s not really the statute that’s confusing here, it’s the technologies.” Judge say what?

Isn’t the whole point of a statute to be applied to factual situations? Anything can make sense in the abstract (even law!). But applied to everyday life, the simplistic becomes complex — and can have unintended consequences.

Such is especially true with laws that regulate Internet communications. The Ohio AG is attempting to narrow the statute by saying it applies only in situations where a speaker (1) directly communicates the harmful material, (2) knowing or has reason to know the recipient is a minor, and (3) the speaker has control over the medium — ie. not applicable to general broadcasting (forums or chat rooms) but applicable where publishers can exclude or limit the audience (direct email).

Are these limitations enough to not cover legitimate communications on the Internet? The Plaintiff, American Booksellers Foundation for Free Expression, wants an exemption for the Internet. I generally think that it is best to not bifurcate the Internet and non-Internet worlds, particularly when we think of child safety issues (digital natives see the Internet as an extension of everyday life much more than us old fogies).

Media Coalition has a page dedicated to the case here. Stay tuned.

It appears that the long legal saga of the Child Online Protection Act of 1998 (COPA) has finally come to a close. This morning, according to AP, the U.S. Supreme Court rejected the government’s latest request to revive the law, which was stuck down as an unconstitutional violation of the First Amendment by lower courts and never went into effect.

COPA was an effort by Congress to modify the Communications Decency Act of 1996 (CDA) in response to the Supreme Court’s decision in Reno v. ACLU finding that the CDA was unconstitutionally over-broad. COPA sought to narrow the scope of regulation and protect minors from sexual material on the Internet by making it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. Although narrower than the CDA, COPA was immediately challenged and also blocked by lower courts because it was still too sweeping in effect. Moreover, the courts found there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

Following the initial challenge, COPA then became the subject of an epic, decade-long legal battle that finally concluded today when the U.S. Supreme Court refused to revisit the law. COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004.  Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal today, lower court rulings stand and COPA will remain unconstitutional and unenforceable.

The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

While COPA is now dead and buried, it would be foolish to think this is the end of efforts to legislate on this front. Although it remains unclear what the legislative response will look like during a time of Democratic rule, I am certain that legislation will be floated in short order (i.e., “Son of COPA”) to try to get around the constitutional issues and regulate objectionable online content. If legislators were smart, they’d avoid legally risky solutions like more centralized filtering mandates or age verification requirements. They’d be on safer ground to consider going the subsidy route and finding a way to get parental control tools in the hands of more families and institutions. I’m not saying that I favor such subsidies, merely that such an approach would almostly certainly pass legal muster and probably wouldn’t even be challenged in court. They might also consider more public education / PSA-driven approached to online safety. Those approaches may end up finding more support in a Democratic Congress and administration anyway.

[More coverage at NYT, Reuters, CNet and Ars.]