The Federal Trade Commission (FTC) is taking a more active interest in state and local barriers to entry and innovation that could threaten the continued growth of the digital economy in general and the sharing economy in particular. The agency recently announced it would be hosting a June 9th workshop “to examine competition, consumer protection, and economic issues raised by the proliferation of online and mobile peer-to peer business platforms in certain sectors of the [sharing] economy.” Filings are due to the agency in this matter by May 26th. (Along with my Mercatus Center colleagues, I will be submitting comments and also releasing a big paper on reputational feedback mechanisms that same week. We have already released this paper on the general topic.)

Relatedly, just yesterday, the FTC sent a letter to Michigan policymakers about restricting entry by Tesla and other direct-to-consumer sellers of vehicles. Michigan passed a law in October 2014 prohibiting such direct sales. The FTC’s strongly-worded letter decries the state’s law as “protectionism for independent franchised dealers” noting that “current provisions operate as a special protection for dealers—a protection that is likely harming both competition and consumers.” The agency argues that:

consumers are the ones best situated to choose for themselves both the vehicles they want to buy and how they want to buy them. Automobile manufacturers have an economic incentive to respond to consumer preferences by choosing the most effective distribution method for their vehicle brands. Absent supportable public policy considerations, the law should permit automobile manufacturers to choose their distribution method to be responsive to the desires of motor vehicle buyers.

The agency cites the “well-developed body of research on these issues strongly suggests that government restrictions on distribution are rarely desirable for consumers” and the staff letter continues on to utterly demolish the bogus arguments set forth by defenders of the blatantly self-serving, cronyist law. (For more discussion of just how anti-competitive and anti-consumer these laws are in practice, see this January 2015 Mercatus Center study, “State Franchise Law Carjacks Auto Buyers,” by Jerry Ellig and Jesse Martinez.)

The FTC’s letter is another example of how the agency can take steps using its advocacy tools to explain to state and local policymakers how their laws may be protectionist and anti-consumer in character. Needless to say, this also has ramifications for how the agency approaches parochial restraints on entry and innovation affecting the sharing economy.

In our forthcoming Mercatus Center comments to the FTC for its June 6th sharing economy workshop, Christopher Koopman, Matt Mitchell, and I will address many issues related to the sharing economy and its regulation. Beyond addressing all five of the specific questions asked in the Commission’s workshop notice, we also include a discussion about “Federal Responses to Local Anticompetitive Regulations.” Down below I have reproduced the current rough draft of that section of our filing in the hope of getting input from others. Needless to say, the idea of the FTC aggressively using its advocacy efforts or even federal antitrust laws to address state and local barriers to trade and innovation will make some folks uncomfortable–especially on federalism grounds. But we argue that a good case can be made for the agency using both its advocacy and antitrust tools to address these issues. Let us know what you think.

The Federal Trade Commission possesses two primary tools to address public restraints of trade created by state and local authorities: advocacy and antitrust.[1]

Through its advocacy program, the Commission can provide specific comments to state and local officials regarding the effects of both proposed and existing regulations.[2] Commissioner Joshua Wright has noted that, “For many years, the FTC has used its mantle to comment on legislation and regulation that may restrain competition in a way that harms consumers.”[3] Thus, at a minimum, the Commission can and should shine light on parochial governmental efforts to restrain trade and limit innovation throughout the sharing economy.[4] By shining more light on state or local anti-competitive rules, the Commission will hopefully make governments, or their surrogate bodies (such as licensing boards), more transparent about their practices and more accountable for laws or regulations that could harm consumer welfare. However, to be successful, the Commission’s advocacy efforts depend upon the willingness of state and local legislators and regulators to heed its advice.^[5]

The Commission has already used its advisory role in its recent guidance to state and local policymakers regarding the regulation of ridesharing services. The Commission noted then that “a regulatory framework should be responsive to new methods of competition,” and set forth the following vision regarding what it regards as the proper approach to parochial regulation of passenger transportation services:

Staff recommends that a regulatory framework for passenger vehicle transportation should allow for flexibility and adaptation in response to new and innovative methods of competition, while still maintaining appropriate consumer protections. [Regulators] also should proceed with caution in responding to calls for change that may have the effect of impairing new forms or methods of competition that are desirable to consumers. . . .  In general, competition should only be restricted when necessary to achieve some countervailing procompetitive virtue or other public benefit such as protecting the public from significant harm.[6]

This represents a reasonable framework for addressing concerns about parochial regulation of the sharing economy more generally.

Unfortunately, in areas relevant to the regulation of the sharing economy (e.g., taxicab regulations and rules governing home and apartment rentals) anticompetitive regulations have remained on the books—and in some instances have expanded—in spite of more than 30 years of Commission comment and advocacy.[7]  In fact, as Public Citizen noted in a recent Supreme Court filing:

[M]any more occupations are regulated than ever before, and most boards doing the regulating—in both traditional and new professions—are dominated by industry members who compete in the regulated market. Those board member-competitors, in turn, commonly engage in regulation that can be seen as anticompetitive self-protection. The particular forms anticompetitive regulations take are highly varied, the possibilities seemingly limited only by the imaginations of the board members.[8]

In these instances, the Commission’s antitrust enforcement authority may need to be utilized when its advocacy efforts fall short with regard to regulations that favor incumbents by limiting competition and entry.[9] Many academics have endorsed expanded antitrust oversight of public barriers to trade and innovation.[10] As Commissioner Wright has argued, “the FTC is in a good position to use its full arsenal of tools to ensure that state and local regulators do not thwart new entrants from using technology to disrupt existing marketplace.”[11] He notes specifically that he is “quite confident that a significant shift of agency resources away from enforcement efforts aimed at taming private restraints of trade and instead toward fighting public restraints would improve consumer welfare.”[12] We agree.

The Supreme Court’s recent decision in North Carolina State Board of Dental Examiners v. Federal Trade Commission made it clear that local authorities cannot claim broad immunity from federal antitrust laws.[13] This is particularly true, the Court noted, “where a State delegates control over a market to a nonsovereign actor,” such as a professional licensing board consisting primarily of members of the affected interest being regulated.[14] “Limits on state-action immunity are most essential when a State seeks to delegate its regulatory power to active market participants,” the Court held, “for dual allegiances are not always apparent to an actor and prohibitions against anticompetitive self-regulation by active market participants are an axiom of federal antitrust policy.”[15]

The touchstone of this case and the Court’s related jurisprudence in this area is political accountability.[16] State officials must (1) “clearly articulate” and (2) “actively supervise” licensing arrangements and regulatory bodies if they hope to withstand federal antitrust scrutiny.[17] The Court clarified this test in N.C. Dental holding that “the Sherman Act confers immunity only if the State accepts political accountability for the anticompetitive conduct it permits and controls.”[18] In other words, if state and local officials want to engage in protectionist activities that restrain trade in pursuit of some other countervailing objective, then they need to own up to it by being transparent about their anticompetitive intentions and then actively oversee the process after that to ensure it is not completely captured by affected interests.[19]

Some might argue that this does not go far enough to eradicate anti-competitive barriers to trade at the state or local level that could restrain the innovative potential of the sharing economy. While that may be true, some limits on the Commission’s federal antitrust discretion are necessary to avoid impinging upon legitimate state and local priorities.

Over time, it is our hope that by empowering the public with more options, more information and better ways to shine light on bad actors, the sharing economy will continue to make many of those old regulations unnecessary. Thus, in line with Commissioner Maureen Ohlhausen’s wise advice, the Commission should encourage state and local officials to exercise patience and humility as they confront technological changes that disrupt traditional regulatory systems.[20]

But when parochial regulators engage in blatantly anti-competitive activities that restrain trade, foster cartelization, or harm consumer welfare in other ways, the Commission can act to counter the worst of those tendencies.[21] The Commission’s standard of review going forward was appropriately articulated by Commissioner Wright recently when he noted that, “in the context of potentially disruptive forms of competition through new technologies or new business models, we should generally be skeptical of regulatory efforts that have the effect of favoring incumbent industry participants.”[22]

Such parochial protectionist barriers to trade and innovation will become even more concerning as the potential reach of so many sharing economy businesses grows larger. The boundary between intrastate and interstate commerce is sometimes difficult to determine for many sharing economy platforms. Clearly, much of the commerce in question occurs within the boundaries of a state or municipality, but sharing economy services also rely upon Internet-enabled platforms with a broader reach. To the extent state or local restrictions on sharing economy operations create negative externalities in the form of “interstate spillovers,” the case for federal intervention is strengthened.[23] It would be preferable if Congress chose to deal with such spillovers using its Commerce Clause authority (Art. 1, Sec. 8 of the Constitution),[24] but the presence of such negative externalities might also bolster the case for the Commission’s use of antitrust to address parochial restraints on trade.

[1]     See Maureen K. Ohlhausen, Reflections on the Supreme Court’s North Carolina Dental Decision and the FTC’s Campaign to Rein in State Action Immunity, before the Heritage Foundation, Washington, DC, March 31, 2015, at 19-20.

[2]     Id., at 20. (“The primary goal of such advocacy is to convince policymakers to consider and then minimize any adverse effects on competition that may result from regulations aimed at preventing various consumer harms.”) Also see James C. Cooper and William E. Kovacic, “U.S. Convergence with International Competition Norms: Antitrust Law and Public Restraints on Competition,” Boston University Law Review, Vol. 90, No. 4, (August 2010): 1582, “Competition advocacy helps solve consumers’ collective action problem by acting within the regulatory process to advocate for regulations that do not restrict competition unless there is a compelling consumer protection rationale for imposing such costs on citizens.”).

[3]     Joshua D. Wright, “Regulation in High-Tech Markets:  Public Choice, Regulatory Capture, and the FTC,” Remarks of Joshua D. Wright Commissioner, Federal Trade Commission at the Big Ideas about Information Lecture Clemson University, Clemson, South Carolina, April 2, 2015, at 15, https://www.ftc.gov/public-statements/2015/04/regulation-high-tech-markets-public-choice-regulatory-capture-ftc.

[4]     Cooper and Kovacic, “U.S. Convergence with International Competition Norms,” at 1610, (“Competition agencies could devote greater resources to conduct research to measure the effects of public policies that restrict competition. A research program could accumulate and analyze empirical data that assesses the consumer welfare effects of specific restrictions. Such a program could also assess whether the stated public interest objectives of government restrictions are realized in practice.”)

[5]     Cooper and Kovacic, “U.S. Convergence with International Competition Norms,” at 1582, (“The value of competition advocacy should be measured by (1) the degree to which comments altered regulatory outcomes times (2) the value to consumers of those improved outcomes. For all practical purposes, however, both elements are difficult to measure with any degree of certainty.”).

[6]     Federal Trade Commission, Staff Comments Before the Colorado Public Utilities Commission In The Matter of The Proposed Rules Regulating Transportation By Motor Vehicle, 4 Code of Colorado Regulations, (March 6, 2013), http://ftc.gov/os/2013/03/130703coloradopublicutilities.pdf.

[7]     Marvin Ammori, “Can the FTC Save Uber,” Slate, March 12, 2013, http://www.slate.com/articles/technology/future_tense/2013/03/uber_lyft_sidecar_can_the_ftc_fight_local_taxi_commissions.html (noting that, “not only does the FTC have the authority to take these cities to impartial federal courts and end their anticompetitive actions; it also has deep expertise in taxi markets and antitrust doctrines.”) Also see, Edmund W. Kitch, “Taxi Reform—The FTC Can Hack It,” Regulation, May/June 1984, http://object.cato.org/sites/cato.org/files/serials/files/regulation/1984/5/v8n3-3.pdf.

[8]     Brief of Amici Curiae Public Citizen in Support of Respondent, North Carolina State Bd. of Dental Exam’rs v. FTC, (August 2014): 24.

[9]     Brief of Antitrust Scholars as Amici Curiae in Support of Respondent, North Carolina State Bd. of Dental Exam’rs v. FTC, (August 6, 2014): 24, (“Antitrust review is entirely appropriate for curbing the excesses of occupational licensing because the anticompetitive effect has a similar effect on the market—and in particular consumers—as does traditional cartel activity.”)

[10]   See Mark A. Perry, “Municipal Supervision and State Action Antitrust Immunity,” The University of Chicago Law Review, Vol. 57, (Fall 1990): 1413-1445; William J. Martin, “State Action Antitrust Immunity for Municipally Supervised Parties,” The University of Chicago Law Review, Vol. 72, (Summer, 2005): 1079-1102; Jarod M. Bona, “The Antitrust Implications of Licensed Occupations Choosing Their Own Exclusive Jurisdiction,” University of St. Thomas Journal of Law & Public Policy, Vol 5, (Spring 2011): 28-51; Ingram Weber “The Antitrust State Action Doctrine and State Licensing Boards,” The University of Chicago Law Review, Vol. 79, (2012); Aaron Edlin and Rebecca Haw, “Cartels by Another Name:  Should Licensed Occupations Face Antitrust Scrutiny?,” University of Pennsylvania Law Review, Vol. 162, (2014): 1093-1164.

[11]   Wright, “Regulation in High-Tech Markets,” at 28-9.

[12]   Wright, “Regulation in High-Tech Markets,” at 29.

[13]   North Carolina State Bd. of Dental Exam’rs v. FTC, 135 S. Ct. 1101 (2015).

[14]   Id.

[15]   Id. Also see Edlin & Haw, “Cartels by Another Name,” at 1143, (“Who could seriously argue that an unsupervised group of competitors appointed to regulate their own profession can be counted on to neglect their selfish interests in favor of the state’s?”); Brief Amicus of the Pacific Legal Foundation and Cato Institute, North Carolina State Bd. of Dental Exam’rs v. FTC, (August 2014): 3, (“Antitrust immunity for private parties who act under color of state law is especially problematic, given that anticompetitive conduct is most likely to occur when private parties are in a position to exploit government’s regulatory powers.”)

[16]   See Maureen K. Ohlhausen, Reflections on the Supreme Court’s North Carolina Dental Decision and the FTC’s Campaign to Rein in State Action Immunity, before the Heritage Foundation, Washington, DC, March 31, 2015, at 16, https://www.ftc.gov/public-statements/2015/03/reflections-supreme-courts-north-carolina-dental-decision-ftcs-campaign, (“states need to be politically accountable for whatever market distortions they impose on consumers.”); Edlin & Haw, “Cartels by Another Name,” at 1137, (“political accountability is the price a state must pay for antitrust immunity.)

[17]   See Federal Trade Commission, Office of Policy and Planning, Report of the State Action Task Force (2003): 54, (“clear articulation requires that a state enunciate an affirmative intent to displace competition and to replace it with a stated criterion. Active supervision requires the state to examine individual private conduct, pursuant to that regulatory regime, to ensure that it comports with that stated criterion. Only then can the underlying conduct accurately be deemed that of the state itself, and political responsibility for the conduct fairly placed with the state.”) This test has been developed and refined in a variety of cases over the past 35 years. See: California Retail Liquor Dealers Ass’n v. Midcal Aluminum, Inc., 445 U.S. 97 (1980); Cmty. Comm’ns Co., Inc. v. City of Boulder, 455 U.S. 40, 48-51 (1982); City of Columbia v. Omni Outdoor Advertising, Inc., 499 U.S. 365 (1991); FTC v. Ticor Title Ins. Co., 504 U.S. 621 (1992).

[18]   North Carolina State Bd. of Dental Exam’rs v. FTC, 135 S. Ct. 1101 (2015).

[19]   Edlin & Haw, “Cartels by Another Name,” at 1156. (“Requiring that the state place its imprimatur on regulation is at least better than the status quo, in which states too often delegate self-regulation to professionals and walk away.”) See also North Carolina State Bd. of Dental Exam’rs v. FTC, 135 S. Ct. 1101 (2015) (“[Federal antitrust] immunity requires that the anticompetitive conduct of nonsovereign actors, especially those authorized by the State to regulate their own profession, result from procedures that suffice to make it the State’s own.”).

[20]  Maureen K. Ohlhausen, Commissioner, Fed. Trade Commission, “Regulatory Humility in Practice,” Remarks of the American Enterprise Institute, Washington, D.C. (April 1, 2015).

[21]   Edlin & Haw, “Cartels by Another Name,” at 1094, (“state action doctrine should not prevent antitrust suits against state licensing boards that are comprised of private competitors deputized to regulate and to outright exclude their own competition, often with the threat of criminal sanction.”). See also Brief Amicus of the Pacific Legal Foundation and Cato Institute, North Carolina State Bd. of Dental Exam’rs v. FTC, (August 2014): 2, 21, http://www.americanbar.org/content/dam/aba/publications/supreme_court_preview/BriefsV4/13-534_resp_amcu_plf-cato.authcheckdam.pdf, (noting that courts “should presume strongly against granting state-action immunity in antitrust cases.  It makes little sense to impose powerful civil and criminal punishments on private parties who are deemed to have engaged in anti-competitive conduct, while exempting government entities—or, worse, private parties acting under the government’s aegis—when they engage in the exact same conduct. . . . “Whatever one’s opinion of antitrust law in general, there is no justification for allowing states broad latitude to disregard federal law and erect private cartels with only vague instructions and loose oversight.”)

[22]   Wright, “Regulation in High-Tech Markets,” at 7.

[23]   FTC, Report of the State Action Task Force, 44, (“an unfortunate gap has emerged between scholarship and case law. Although many of the leading commentators have expressed serious concern regarding problems posed by interstate spillovers, their thinking has yet to take root in the law. Such spillovers undermine both economic efficiency and some of the same political representation values thought to be protected by principles of federalism.”); Brief Amicus of the Pacific Legal Foundation and Cato Institute, North Carolina State Bd. of Dental Exam’rs v. FTC, (August 2014): 13, (“Allowing states expansive power to exempt private actors from antitrust laws would also disrupt national economic policy by encouraging a patchwork of state-established entities licensed to engage in cartel behavior. This would disrupt interstate investment and consumer expectations, and would have spillover effects across state lines.”) Cooper and Kovacic, “U.S. Convergence with International Competition Norms,” at 1598, (“When a state exports the costs attendant to its anticompetitive regulatory scheme to those who have not participated in the political process, however, there is no political backstop; arguments for immunity based on federalism concerns are severely weakened, if not wholly eviscerated, in these situations.”

[24]   See Adam Thierer, The Delicate Balance: Federalism, Interstate Commerce, and Economic Freedom in the Technological Age (Washington, DC: The Heritage Foundation, 1998): 81-118.

Welcome to the jungle We take it day by day If you want it you’re gonna bleed But it’s the price you pay

Amazon.com announced yesterday that it won’t be paying the price of affiliate advertising in North Carolina if the state uses it to assert nexus for sales tax collection. It will stop using affiliates in the Tar Heel state, which is what Overstock did when New York considered the affiliate nexus approach.

States are wrong-headed when it comes to asserting tax nexus just because some companies use a web-based network of affiliates to help advertise their products. As I’ve discussed before, affiliates are more akin to in-state advertisers, not sales reps.

Furthermore, states that pass these affiliate nexus bills really end up hurting in-state companies that rely on Internet advertising.  At a time when companies are struggling for ways to make money on the Internet, we think now is a particularly bad time to tax Internet marketing.

North Carolina should stay out of the affiliate tax jungle. It’s constitutionally messy, bad policy…and as Guns ‘N Roses mildly stated, it’ gonna bring you down – huh!

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.

As Braden mentioned, we were both down in Raleigh, North Carolina this week testifying at a big hearing on mandatory age verification for social networking sites.

It was quite a heated battle. The legislation, SB 132, was supported at the hearing by North Carolina attorney general Roy Cooper, several of his staff attorneys, a couple of NC senate lawmakers, and some folks from Aristotle, a company that claims it has devised a workable age verification solution for social networking purposes. A vote on the proposal was delayed and we’re still awaiting the final outcome.

Down below, I have attached the outline of my remarks in which I argued that age verification mandates would actually make kids less safe online. Here’s why:

1) Age verification is not synonymous with a background check.

• Are citizens being lead to believe that age verification guarantees them perfectly safe online environments? After all, even if the verification process gets the age part of the equation right, it tells us little else about the person being verified.

• Incidentally, what happens when the parent being verified is a predator using their child to create false credentials? Unfortunately, we know that some predators have children.

• This gets to the primary concern in this debate: The very real potential exists that we are creating solutions that inject a false sense of security in parents and children alike.

2) Even assuming we do not encounter problems with the initial sign-up phase and procedures, questions remain about follow-ups and subsequent validations.

• Will parents be asked to fill out and submit paperwork routinely to verify their identity (or their child’s) on an ongoing basis? Will parents be expected to take phone calls from dozens of social networking sites (or call sites themselves) to continue authorization? Will parents tolerate that?

• If the sign-up and subsequent authentication process proves cumbersome and time-consuming, will this encourage kids to search out less trustworthy “underground” or offshore websites?

• How are we going to regulate those offshore sites? Also, could new regulations drive domestic operators offshore?

• In sum, the sheer scale of the Net and online activities greatly complicate the enforcement of age verification schemes, especially those of the parental permission-based variety.

3) Will age verification mandates encourage the rise of an illegal black market in credentials?

• Will kids share or even sell their online credentials, such as their user name and passwords, to others who desire them?

• Certainly kids won’t just stop trying to get onto social networking sites. Are we going to punish kids (or prosecute their parents) for evasion? And, again, will kids look to offshore sites?

4) There are serious privacy issues at stake here, and those issues could give rise to other problems.

• Requiring all parents to be verified before their children can go online will obviously be seen by some parents as intrusive and a potential violation of their privacy.

• If some parents resist such regulations or refuse to submit to such verifications, what will their kids do? Again, it might encourage kids to seek out false credentials of to visit offshore sites.

• Incidentally, who has access to all this new information about parents and children that the government is requiring that social networking operators collect? Do we want online operators creating massive new databases of information about us or our kids if better alternatives exist?

Bottom line: The inherent danger of age verification regulation is that it: • results in unintended consequences or solutions that don’t solve the problems they were intended to address; • creates a false sense of security that might encourage some youngsters (or adults) to let their guard down while online; and • creates potential incentives to push mainstream social networking sites offshore. No matter how bad parents or policy makers think social networking sites are today—and, in reality, the sites are not nearly as bad as they imagine—those sites are infinitely superior to potentially shady offshore websites that are completely unaccountable to U.S. officials. And the domestic sites are more accountable to the general public and are responsive to press scrutiny.

In sum, there are no silver bullet solutions. Instead, we need a multi-prong, layered strategy…

Better approach to online child safety = The “3-E Solution”: Education, Empowerment, and Enforcement

“Education” refers to not only the need for K-12 information literacy efforts but also, more broadly, to the need for comprehensive online safety instruction and awareness-building efforts. Governments at all levels need to take an aggressive role here.

“Empowerment” refers to the importance of providing parents with more and better tools to make informed decisions about media and communications tools in their lives of their children. Government can facilitate these efforts in partnership with industry and non-profit organizations. For example, helping to make parents more aware of Internet monitoring tools and strategies would be one of the most constructive solutions.

“Enforcement” refers to stepped up law enforcement efforts to find and adequately prosecute child predators. It is essential that law enforcement officials receive the resources and training necessary to adequately monitor online networks for predators and to bring them to justice when they are found. For example, law enforcement agencies need sophisticated computer forensic labs and skilled experts to help investigate online crimes. And they need to be trained to conduct proper sting operations to find predators before they harm our children. Finally, much longer prison sentences are needed for child predation.

[For additional information, please see my March study, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”]

In late March, I hosted a congressional seminar entitled “Age Verification for Social Networking Sites: Is It Possible? And Desirable?” I brought together 5 experts in the field to debate the issue, including:

• John Cardillo, President & CEO, Sentinel
• Jay Chaudhuri, Special Counsel to North Carolina Attorney General Roy Cooper
• Raye Croghan, Vice President, IDology, Inc.
• Tim Lordan, Executive Director, Internet Education Foundation
• Jeff Schmidt, CEO, Authis

It was an outstanding discussion and I’m happy to report that the transcript is now available online here. Also, you can listen to the audio from the event here. Also, you can find the big study of mine that we discussed that day here.

Jennifer Medina of the New York Times penned an article yesterday on the debate over social networking fears leading to calls for age verification mandates. She noted that measures are moving in several states that would require social networking sites to age-verify users before they are allowed to visit the sites or create profiles there. But Medina also noted that there are many difficult questions about how age verification would work and how “social networking” would even be defined. (I summarize these questions in my recent PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”)

Ms. Medina was also kind enough to interview me for the story and she summarizes some of what I had to say in her piece. In a nutshell, I stressed that the most effective way to deal with this problem is to get serious about dealing with sex offenders instead of trying to regulate law-abiding citizens. We need to be locking up convicted sex offenders for a lot longer in this country to make sure they behind bars instead of behind keyboards seeking to prey on our children.

I also stressed the importance of online safety education as part of the strategy here. But my comments on that didn’t make the cut in the story. But you can read my big recent paper on this issue for additional details.

Lisa Lerer of Forbes was nice enough to do a feature story this week about my views on the panic over social networking and the push for age verification of such sites. Her piece is entitled “Why MySpace is a Safe Space,” and begins as follows: “Adam Thierer doesn’t look like much of a revolutionary. But last month he challenged both Washington and conventional wisdom with a fairly radical proposition: Perhaps MySpace and the Internet aren’t so scary for kids, after all.”

I don’t really regard what I’ve been saying in my recent essays or big new PFF study as “revolutionary.” Rather, if you spend any time studying this issue and these sites in a dispassionate, educated way, I think the conclusions I draw seem quite reasonable. Unfortunately, I don’t think many policy makers or critics have spent any serious time on these sites or seriously explored the relative danger of online social networking sites relative to offline social networking places. A classic “moral panic” has developed because of this: An older generation fears a new medium that it does not use or understand.

Anyway, read my discussion with Lisa for more details.

I’m putting the wraps on a big paper on the dangers of mandating age verification for social networking websites. One of the questions I ask in the study is exactly how broadly “social networking sites” will be defined for purposes of regulation? Will chat rooms, hobbyist sites, listservs, instant messaging, video sharing sites, online marketplaces or online multiplayer gaming sites qualify? If so, how will they be policed and how burdensome will age-verification mandates become for smaller sites? Finally, does the government currently have the resources to engage in such policing activities since almost all websites now have a social networking component? I explore these and other questions in my paper.

But now I have another type of site to add to list, and not one that I originally gave much consideration to: online newspapers. Over the weekend, the USA Today relaunched its website, not only to freshen up its look, but also to fundamentally change the ways the site works. According to the editors, the new features of the site will give readers the ability to:

• Scan other news sources directly on USATODAY.com; • See how readers are reacting to stories; • Recommend stories and comments to other readers; • Comment directly on stories; • Participate in discussion forums; • Write reviews (of movies, music and more); • Contribute photos; • Better communicate with USA Today staff.

Other bloggers were quick to note that the newspaper is essentially trying to refashion itself as a social networking site. Some wonder whether a newspaper can really be a social networking site. Others point out that traditional newspaper readers may resist such changes for a variety of reasons. (Don Dodge points out that 92% of reader responses have been negative so far).

But let’s ignore all that for a moment and get back to the question I posed in the title of my post: If USA Today is billing itself as a social networking site–or if others argue that it represents a social networking site–will the company be required to age-verify users before they visit the site?

Well, that depends on how the age verification regs would get written, of course. But one definition has already been suggested under the proposed “Deleting Online Predators Act” (DOPA), which would ban such sites in publicly funded schools and libraries. Under DOPA, “Commercial Social Networking Websites” are defined as any site that: “(a) allows users to create web pages or profiles that provide information about themselves and are available to other users; and (b) offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.”

Keeping that definition in mind, let’s check out some more material from the USA Today’s “Quick Guide to New Features.” Specifically, look at sections on this page about “personal spaces” and “avatars”:

Personal space: When you become a member, we automatically establish a personal profile page. As you interact with the USA Today community, your comments, recommendations and other contributions are automatically appended to your page. Your profile page includes a place for you to upload photos, write a blog, and the ability to send messages to other users. These pages allow readers to get a better sense of the site’s most active contributors. Avatar: Every one of our pages features a spot just for you: up there in the right-hand corner. That’s where you’ll be notified of messages left by other readers. Make yourself at home. Upload a picture of yourself, a funny icon, or choose from our selection of ready-made avatars.

Sounds a heck of lot like a social networking site to me. And if it was defined as such by lawmakers, it could mean that (under DOPA) access to the USA Today would need to be banned in public schools and libraries and that everyone would need to be age-verified before they go on the new USA Today website in their own homes. Welcome to the world of unitended regulatory consequences!

Additional Reading:

“Social Networking Websites & Child Protection: Toward a Rational Dialogue,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.17, June 2006.

“Is MySpace the Government’s Space?,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.16, June 2006.