California’s continuing effort to make the Internet their own digital fiefdom continued this week with Gov. Jerry Brown signed legislation that creates an online “Eraser Button” just for minors. The law isn’t quite as sweeping as the seriously misguided “right to be forgotten” notion I’ve critique here (1, 2, 3, 4) and elsewhere (5, 6) before. In any event, the new California law will:

require the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information. The bill would require the operator to provide notice to a minor that the minor may remove the content or information, as specified.

As always, the very best of intentions motivate this proposal. There’s no doubt that some digital footprints left online by minors could come back to haunt them in the future, and that concern for their future reputation and privacy is the primary motivation for the measure. Alas, noble-minded laws like these often lead to many unintended consequences, and even some thorny constitutional issues. I’d be hard-pressed to do a better job of itemizing those potential problems than Eric Goldman, of Santa Clara University School of Law, and Stephen Balkam, Founder and CEO of the Family Online Safety Institute, have done in recent essays on the issue.

Goldman’s latest essay in Forbes argues that “California’s New ‘Online Eraser’ Law Should Be Erased” and meticulously documents the many problems with the law. “The law is riddled with ambiguities,” Goldman argues, including the fact that:

First, it may not be clear when a website/app is “directed” to teens rather than adults. The federal law protecting kids’ privacy (Children’s Online Privacy Protection Act, or COPPA) only applies to pre-teens, so this will be a new legal analysis for most websites and apps. Second, the law is unclear about when the minor can exercise the removal right. Must the choice be made while the user is still a minor, or can a centenarian decide to remove posts that are over 8 decades old? I think the more natural reading of the statute is that the removal right only applies while the user is still a minor. If that’s right, the law would counterproductively require kids to make an “adult” decision (what content do they want to stand behind for the rest of their lives) when they are still kids. Third, the removal right doesn’t apply if the kids were paid or received “other consideration” for their content. What does “other consideration” mean in this context? If the marketing and distribution inherently provided by a user-generated content (UGC) website is enough, the law will almost never apply. Perhaps we’ll see websites/apps offering nominal compensation to users to bypass the law.

Goldman also notes that it is unclear why California should even have the right to be regulating the Internet in this fashion. It is his opinion that, “states categorically lack authority to regulate the Internet because the Internet is a borderless electronic network, and websites/apps typically cannot make their electronic packets honor state borders.” I’ve been moving in that direction for the past decade myself since patchwork policies for the Internet — regardless of the issue — can really muck up the free flow of both speech and commerce. I teased out my own concerns about this in my January essay on “The Perils of Parochial Privacy Policies” and argued that the a world of “50 state Internet Bureaus isn’t likely to help the digital economy or serve the long-term interests of consumers.”  Sadly, some privacy advocates seem to be cheering on this sort of parochial regulation anyway without thinking through those consequences. They are probably just happy to have another privacy law on the books, but as I always try to point out not just in this context but also in debates over online child safety, cybersecurity, and digital copyright protection, the ends rarely justify the means. I just don’t understand why more people who care about true Internet freedom aren’t railing against these stepped-up state efforts (especially the flurry of California activity) and calling it out for the threat that it is.

In an essay over on LinkedIn entitled, “Let’s Delete The ‘Eraser Button,'” Stephen Balkam points out another mystery about the new California law: “It’s unclear why this law was even proposed when there exists a range of robust reporting mechanism across the Internet landscape.” Indeed, in this particular case it seems like much of the law is redundant and unnecessary. “What this bill should have been about is education and awareness, about taking responsibility for our actions and using the tools that already exist across the social media landscape,” Balkam says. “Here are three key actions that can already be taken:

Delete – you can take down or delete postings, comments and photos that you have put up on Facebook, Twitter, YouTube and most of the other platforms. Report – anyone can report abusive comments or inappropriate content by others about you or other people and, in many cases, have them removed. Request – you can ask that you be untagged from a photo or that a posting or photo be removed that has been uploaded by someone else. In addition there are in-line privacy settings on many of the leading social media sites, so that you or your teen can choose who sees what.”

Balkam is exactly right. The tools are already there; it’s the education and awareness that are lacking. As I have pointed out countless times here before, there is no need for preemptive regulatory approaches when less-restrictive and potentially equally effective remedies already exist. We just need to do a better job informing users about the existence of those tools and methods and then explain how to take advantage of them. Just adding more layers of law — especially parochial regulation — is not going to make that happen magically. Worse yet, in the process, such laws open the barn door to far more creative and meddlesome forms of state-based Internet regulation that should concern us all.

And now for the really interesting question that I have no answer to: Will anyone step up and challenge this law in court?

In all my work on online child safety issues, I always try to stress how important education and media literacy efforts are. Indeed, technical parental control tools and methods, while important, should be viewed as just one part of a more holistic approach to encouraging digital literacy and digital citizenship.  In recent years, many scholars and child development experts such as Nancy Willard of the Center for Safe and Responsible Internet Use, Anne Collier and Larry Magid of ConnectSafely.org, Marsali Hancock of iKeepSafe, Common Sense Media, the Family Online Safety Institute, and many others have worked to expand traditional education and media literacy strategies to place the notion of digital citizenship at the core of their lessons and recommendations.

What does it mean? Anne Collier defines digital citizenship as “Critical thinking and ethical choices about the content and impact on oneself, others, and one’s community of what one sees, says, and produces with media, devices, and technologies.” And Common Sense Media defines digital literacy and digital citizenship as follows:

Digital Literacy programs are an essential element of media education and involve basic learning tools and a curriculum in critical thinking and creativity. Digital Citizenship means that kids appreciate their responsibility for their content as well as their actions when using the Internet, cell phones, and other digital media. All of us need to develop and practice safe, legal, and ethical behaviors in the digital media age. Digital Citizenship programs involve educational tools and a basic curriculum for kids, parents, and teachers.

Stephen Balkam, CEO of the Family Online Safety Institute, had an excellent essay in The Huffington Post yesterday on “21^st Century Citizenship,” that did a fine job of explaining these concepts in practical terms:

While there is a recognition that there must be a base-line of safety—using filters for younger kids and monitoring and privacy settings for the older ones—the emphasis is now placed on education, media literacy and a new kind of civics. It’s time for kids of all ages to understand and value the rights of free speech and assembly (i.e., connecting through social networking and other means) as well as an expectation of privacy and safety. And with those rights, go an important range of responsibilities and duties. These include the need to respect others views, even if they disagree with them, to adhere to terms of service (however lengthy and obtuse) and the rules regarding fair use, flaming, accessing or uploading porn, and so on. Just as we teach our kids to help at the scene of an accident, or to report a crime and to get involved in their local community, so we need to encourage similar behavior online. To report abusive postings, to alert a grownup or the service provider of inappropriate content, to not pile on when a kid is being cyberbullied, to be part of the solution and not the problem. We need to use what we’ve learned about social norms to align kids and ourselves with the positive examples of responsible behavior, rather than be transfixed and drawn towards the portrayals of the worst of the web. It may be true that one in five kids have been involved in sexting, but that means the vast majority exercise good judgment and make wise choices online. The social norms field is ripe with possibilities and guidance in how to foster good digital citizenship.

That’s 100% correct. This approach must be at the center of child safety debates going forward. As Nancy Willard notes, digital citizens:

1. Understand the risks: They know how to avoid getting into risk, detect if they are at risk, and respond effectively, including asking for help.
2. Are responsible and ethical: They do not harm others, and they respect the privacy and property of others.
3. Pay attention to the well-being of others: They make sure their friends and others are safe, and they report concerns to an appropriate adult or site.
4. Promote online civility and respect.

Only by teaching our kids to be good cyber-citizens can we ensure they are prepared for life in an age of information abundance.  Talk to your kids, people!  Teach them well.

Yesterday up on Capitol Hill, I hosted a very interesting discussion about “Next-Generation Parental Controls & Child Safety Efforts.”  I thought I’d provide a quick recap here for those who couldn’t attend. [Note: audio of the event will be up shortly at the link above and transcript is in the works.] The event featured Steve Crown, Vice President and Deputy General Counsel of Microsoft Corporation’s Entertainment & Devices Division; Dane Snowden, Vice President of External & State Affairs of CTIA – The Wireless Association; and Stephen Balkam, Chief Executive Officer of Family Online Safety Institute.

Steve Crown of Microsoft kicked the show off with a terrific overview of some the current and next-generation parental control tools and awareness efforts that Microsoft is deploying to help empower parents and keep kids safer both online and in gaming environments. Crown outlined Microsoft’s 5-prong strategy regarding how they have approached these issues on the gaming front, and I think it represents an excellent model of how sensible industry self-regulation and “best practices” can go a long way toward addressing concerns that many parents and policymakers have. The five strategies Crown outlined were: (1) Respect both the freedom of game creators and freedom of choice for game consumers; (2) empower parents with ratings, tools, and information; (3) use independent ratings (like the ESRB) to label content; (4) require all games be rated before they can be used on a platform so that parents can implement blocking controls; and (5) respect regional laws and rating systems in different parts of the globe.

In my book on Parental Controls & Online Child Safety: A Survey of Tools & Methods, I’ve documented many of the empowerment tools that Microsoft has deployed in recent years to make this empowerment vision a reality. One of the most important things MS does on its XBox 360 console is to provide an immediate “out-of-the-box” prompt for parents to set up parental controls and establish other limitations on online chat, spending, or Internet access. Microsoft announced another cool new feature in November 2007, the “Family Timer.” It lets parents limit how and when children play games on the console. This is similar to the time management tools Microsoft offers in its Vista operating system for PCs.  Incidentally, my wife has asked me to start using the Family Timer on our XBox — not for our kids, but for me!  This particular 40-year-old man is still a big kid at heart.

Crown also stressed the importance of “deep cooperation and coordination” when it comes to making parental empowerment a reality.  For example, when announcing the Family Timer, Microsoft also launched a new awareness campaign in conjunction with the Parent Teacher Association (PTA) referred to as the “Is Your Family Set?” campaign At the same time, Microsoft and the PTA also rolled out a new “P.A.C.T.” agreement form that parents and their children could sign to reach an agreement on acceptable video game usage in the home.

To bring all these efforts together and give parents a sort of “one-stop shop” for all these gaming tools and information, in early 2009, Microsoft launched a new portal, “Get Game Smart.com.”  The GetGameSmart site provides instructions and video tutorials about how to set up parental controls and family settings, tips and advice from child safety experts, a frequent newsletter, and much more.

Again, “cooperation and coordination” was central to the Get Game Smart effort, with over 15 partners being involved. Moreover, Crown pointed out, cooperation and coordination has also been essential to the efforts of Microsoft and others in the gaming industry when it comes to “point of sale” awareness-building about game ratings.  Obviously, game developers and console makers can’t have staff on hand at every store where games or consoles might be sold. Consequently, it often falls to sales clerks and others in retail stores to convey ratings info.  Luckily, because of the partnerships that have been struck between various stakeholders all along the food chain, public awareness and use of ratings has grown rapidly. Microsoft, the ESRB, and others in the gaming industry have worked with retailers like Best Buy, WalMart, and many online vendors to make sure relevant ratings information is used at the point of sale to inform parents or limit underage access to games rated for more mature audiences.

The chart below illustrates the dramatic increase in ratings use and awareness since 1999 — from 49% awareness in 1999 to 86% by 2008.  That’s an incredible success story in terms of how industry self-regulation and best practices can go all long way toward addressing the concerns of parents and policymakers without denying the public access to a broad range of games for all ages.

Also on hand at our Hill event yesterday was Dane Snowden of the CTIA – The Wireless Association. Snowden also stressed the importance of partnerships and coordination among many diverse players to build awareness about parental controls and online safety in the mobile context. Snowden pointed out that there are well over 600 different mobile communications devices on the market today, which makes devising controls a daunting task. But both the wireless industry and independent vendors are responding with a wave of new integrated tools and add-on services that can help parents control handset use and online interactions.

For example, beginning in November 2005, CTIA unveiled new “Wireless Carrier Content Guidelines” that industry members would follow “to proactively provide tools and controls to manage wireless content offered by the carriers or available via Internet-enabled wireless devices.  According to an April 2009 filing by CTIA to the FCC, the guidelines work as follows:

Under these guidelines, participating carriers agree to develop content classification standards and educate consumers about the meaning of the chosen categories and ratings. The Notice describes the bifurcation in these content classification guidelines between “Carrier Content” and content available from other sources. The guidelines for Carrier Content cover materials that are available through a carrier’s managed content portal as well as third-party materials for which customers may be billed directly by their wireless carrier. These materials are divided into “Generally Accessible Carrier Content,” which is available to all consumers, and “Restricted Carrier Content,” which is not available to wireless users under 18 years of age without specific parental authorization.

Many major wireless carriers have already announced their plans or policies regarding such content or developed family tools to help parents protect their children. Market leaders AT&T (“SmartLimits” and “Media Net”),Verizon Wireless (“Family Locator”), T-Mobile (“Web Guard”), and Sprint (“Net Safety“) already have excellent parental control services and websites up and running.

Dane Snowden also noted that a vibrant marketplace of independent parental control tools is now thriving on many platforms, including Apple iTunes apps and Windows Mobile apps. Thus, just as was the case in the traditional PC world, we can expect to see parental control tools integrated within networks and devices and then also on top of networks and devices. That’s the best of both worlds since it gives parents a lot of flexibility and options.

Finally, my old friend Stephen Balkam of Family Online Safety Institute placed all these developments in a broader historical context. He believes we are finally seeing a shift from a “fear-based approach” to online safety toward a “fact-based approach.” Balkam cited the early fears and techno-panics that motivated misguided and ultimately unconstitutional laws such as the Communications Decency Act of 1996 and the Child Online Protection Act of 1998. He also pointed out just how irrelevant such laws would have been even if they had remained on the books in light of the recent rise of problems like cyberbullying and “sexting.”

To address such concerns, Balkam stressed the importance of media literacy and digital citizenship and the need for a “Web 3.0” approach along the lines of what Anne Collier and Larry Magid have outlined in their work on the issue. Balkam also put in a plug for the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047), which was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that would be administered by the Department of Justice.  Balkam argued, and I agree, that such education and counseling-based approaches represent the better approach to a “criminalization” solution.

In closing, I think the 3 key take-aways from yesterday’s discussion were:

1. Cooperation and coordination are essential when devising parental control solutions and trying to build awareness of them.
2. Additional parental empowerment tools are great, but focusing on striking the right balance is crucial.  Parental empowerment tools must be both sophisticated and simple to use at the same time.
3. Education is absolutely essential in every child safety context. Whether it’s potentially objectionable content or unwanted forms of communications, we must talk to our kids and better prepare them for life in the Digital Age.  The best “parental control” is parental interaction and ongoing conversation with our kids.

As I noted recently, Berin Szoka and I just released a big PFF white paper (PDF) entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation,” which examines two very different federal approaches to the issue. One approach is focused on the creation of a new federal crime to punish cyberbullying, which would include fines and jail time for violators. One approach, set forth by Rep. Linda Sánchez (D-CA) in H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” would create a new federal felony: “Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both.”

The other legislative approach is education-based and would create an Internet safety education grant program to address the issue in schools and communities. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services.

On June 12, the Family Online Safety Institute (FOSI) hosted a discussion about these bill on Cap Hill, which was moderated by FOSI CEO Stephen Balkam. Representatives from both Rep. Sanchez’s and Sen. Menendez’s offices were on hand to discuss their bills, and I provided some feedback based upon what Berin and I concluded in our paper.  It was a good discussion and I encourage you to watch the whole thing because there were some good questions from the audience later in the show.

Just wanted draw everyone’s attention to a couple of great podcasts about online safety issues that include comments from members of the Internet Safety Technical Task Force (ISTTF). As I mentioned a few weeks ago, the ISTTF project and final report represent a major milestone in the discussion about online safety in America, and I was honored to serve as a member of this task force.

This in-depth “Radio Berkman” podcast featuring ISTTF director John Palfrey and co-director Dena Sacco is a really excellent (but lengthy!) overview of the ISTTF’s word. Here’s a shorter podcast that Prof. Palfrey did with Larry Magid of CNet. And I also recommend this excellent NPR “On the Media” podcast featuring my friend Stephen Balkam of the Family Online Safety Institute (FOSI).

For those interested, down below you will find a running list I have been keeping of coverage of the ISTTF. (I will try to keep updating this list here).

Articles and podcasts about the ISTTF:

• ISTTF director John Palfrey discusses the report on this short podcast with Larry Magid as well as this longer one from the Berkman Center
• ISTTF co-director danah boyd comments on the report on her blog
• ISTTF member Larry Magid of ConnectSafely.org: “Net Threat to Minors Less Than Feared,” CNet News.com
• ISTTF member Anne Collier of Net Family News: “Key Crossroads for Net Safety“
• ISTTF member Stephen Balkam of FOSI featured on an NPR podcast about our work
• ISTTF member John Morris of CDT: “Deconstructing Reaction to Net Safety Task Force Report“
• ISTTF member Marsali Hancock, President of iKeepSafe blog essay about the task force
• AGs respond to report in interview with Emily Steel of the Wall Street Journal: “The Case for Age Verification“
• New York Times article by Brad Stone: “Report Calls Online Threats to Children Overblown“
• Wall Street Journal article by Emily Steel: “No Easy Answer for Protecting Kids Online“
• Associated Press story by Anick Jesdanun: “Panel: Technology Alone Can’t Protect Kids Online“
• Chronicle of Higher Education Wired Campus blog entry by Tracy Mitrano, “Report Weighs the Benefits and Risks of Social Networks,”
• PC World article by Jaikumar Vijayan: “Study Accused of Exaggerating Kids Online Safety“
• PC World blog post by Jaikumar Vijayan: “Are Internet Child Safety Concerns Overblown or Understated?”

Background info:

• an old blog entry of mine about the formation of the task force
• an old paper of mine about the agreement between MySpace and AGs that led to the formation of the ISTTF
• an essay of mine from the ISTTF’s mid-point: “Age Verification Debate Continues; Schools Now at Center of Discussion“
• my big white paper on the dangers of mandatory age verification
• my book: “Parental Controls and Online Child Protection: A Survey of Tools and Methods”
• my final ISTTF statement