Son of COPA?: H.R. 4059, “The Online Age Verification and Child Safety Act”

by on November 18, 2009 · 9 comments

Rep. Bart Stupak, (D-MI) recently introduced the ‘‘Online Age Verification and Child Safety Act’’ (H.R. 4059), which would require mandatory online age verification for “any pornographic website accessible by any computer located within the United States to display any pornographic material, including free content that may be available prior to the purchase of a subscription or product.”  The measure does not specify how such verification is to be administered, saying only that “any website or online service” must “establish and maintain a system of internal policies, procedures and controls to ensure that no such material is displayed to any user attempting to access their site without first verifying that the user is 18 years or older.”

In essence, the Stupak bill is the “Son of COPA,” or the Child Online Protection Act of 1998, a law that has been constitutionally tested and come up short during an epic, decade-long legal battle in which it was made clear that mandatory age verification is unwise, unworkable, and unconstitutional under the First Amendment.

COPA sought to make it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. COPA was immediately challenge, however, and a 10-year court battle ensued.  The law was blocked by lower courts because it was too sweeping in effect and because courts held that there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

COPA’s decade-long legal battle finally concluded in January 2009 when the U.S. Supreme Court refused to revisit the law.  COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004.  Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal in January, lower court rulings stood and COPA remained unconstitutional and unenforceable. The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

Many, many times here before I have documented my serious ongoing reservations about mandatory age verification.  [In particular, see this lengthy white paper and this event transcript for all the details.]  Moreover, as I pointed out in a recent PFF white paper (“Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer“), every major online safety task force that has studied the possibility of mandatory age verification for the Internet has come to the same conclusion: It won’t work, it’s unconstitutional, and it raises serious privacy concerns. Down below the fold I have pulled some of the relevant language from the five online safety task forces that have met since 2000 and considered this issue.  Some of the very best minds in academia, industry, government, and the child safety community sat on these task forces.  And, taken together, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety.

I would hope that Mr. Stupak and other lawmakers would heed the warnings about mandatory age verification that these task forces issued.  Read on for brief look at what the experts had to say. And as you do, remember that every dollar spent litigating another misguided attempt to mandate online age verification is another dollar that could be spent on education and empowerment solutions or other law enforcement strategies, all of which could be put in place immediately to make our kids safer online.

2000 – Commission on Online Child Protection (“COPA Commission”)

[Age verification] imposes moderate costs on users, who must get an I.D. It imposes high costs on content sources that must install systems and might pay to verify I.D.s. The adverse effect on privacy could be high. It may be lower than for credit card verification if I.D.s are separated from personally-identifiable information. Uncertainty about the application of a harmful to minors standard increases the costs incurred by harmful to minors sites in connection with such systems.  An adverse impact on First Amendment values arises from the costs imposed on content providers, and because requiring identification has a chilling effect on access. Central collection of credit card numbers coupled with the “embarrassment effect” of reporting fraud and the risk that a market for I.D.s would be created may have adverse effect on law enforcement.[1]

2002 – Youth, Pornography, and the Internet (“Thornburgh Commission”)

In an online environment, age verification is much more difficult because a pervasive nationally available infrastructure for this purpose is not available. […] Note that each of these [age verification] methods imposes a cost in convenience of use, and the magnitude of this cost rises as the confidence in age verification increases.[2]

2008 – Safer Children in a Digital World (“Byron Review”)

[N]o existing approach to age verification is without its limitations, so it is important that we do not fixate on age verification as a potential ‘silver bullet’.[3]

2009 – Internet Safety Technical Task Force (ISTTF)

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness.  Any system that relies on remote verification of information has potential for inaccuracies.  For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s.  Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records.  Any system that focuses on third-party in-person verification would require significant political backing and social acceptance.  Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.[4]

2009 – “Point Smart. Click Safe.” Blue Ribbon Working Group

The task force acknowledges that the issues of identity authentication and age verification remain substantial challenges for the Internet community due to a variety of concerns including privacy, accuracy, and the need for better technology in these areas.[5]

[1] COPA Commission, Report to Congress, Oct. 20, 2000,

[2] Computer Science and Telecommunications Board, National Research Council, Youth, Pornography and the Internet (Washington, DC: National Academy Press, 2002), at 63-4,

[3] Safer Children in a Digital World: The Report of the Byron Review, March 27, 2008, at 99.

[4] Internet Safety Technical Task Force, Enhancing Child Safety & Online Technologies: Final Report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States, Dec. 31, 2008, at 10,


– – – – –

[NOTE: Follow H.R. 4059 and comment on it over at Washington Watch.]

– – – – –

ATTACHMENT: Final Statement of Adam D. Thierer on Age Verification to the Internet Safety Technical Task Force

ISTTF Thierer Closing Statement

Previous post:

Next post: