On Thursday, it was my great pleasure to participate in a Washington Legal Foundation (WLF) event on “Online Privacy Regulation: The Challenge of Defining Harm.” The entire event video can be found on YouTube here, but down below I pasted the clip of just my remarks. Other speakers at the event included:  FTC Commissioner Maureen K. Ohlhausen, Commissioner; John B. Morris, Jr., the Associate Administrator and Director of Internet Policy athe U.S. Department of Commerce’s National Telecommunications and Information Administration; and Katherine Armstrong, Counsel at the law firm of Hogan Lovells. Glenn Lammi of the WLF moderated the session.

My remarks drew upon a few recent law review articles I have published relating digital privacy debates to previous debates over free speech and online child safety issues. (Here are those articles: 1, 2, 3).

Playboy’s newly released 2009 College Sex Survey found that 49% of college students admitted to “Sexting” (having sent or received sexually explicit messages and pictures via cell phones). A survey conducted a year ago by the National Campaign to Prevent Teen and Unplanned Pregnancy and CosmoGirl.com found that 20% of teens (13-19) and 33% young adults (20-26) have “sent/posted nude or seminude pictures or video of themselves.” Together, these two studies give us a sense of just how prevalent sexting is.

Since nude photos of minors under 18 can be considered “child” pornography even if taken and shared voluntarily by the minor, there’s a very real possibility that minors will be prosecuted for common (if inappropriate) interactions with their peers under laws that were intended to prevent adults from exploiting children sexually. This is serious stuff indeed when one considers the dire consequences of being convicted not just of a felony, but a “sex offense.” Depending on state law, “sexters” put on a sex offender registry may spend the rest of their lives on sex registries as social pariahs with difficulty in finding a job, housing, being banned from using “social networking sites,” etc.

The study conducted last year offered some excellent advice for teens, young adults, and their parents. Perhaps we ought to spend more time focused on education than on criminalization.  The tips are worth repeating here.  First, for teens and kids: “Five Things to Think about Before Pressing Send:”

Don’t assume anything you send or post is going to remain private. Your messages and images will get passed around, even if you think they won’t: 40% of teens and young adults say they have had a sexually suggestive message (originally meant to be private) shown to them and 20% say they have shared such a message with someone other than the person for whom is was originally meant. There is no changing your mind in cyberspace—anything you send or post will never truly go away. Something that seems fun and flirty and is done on a whim will never really die. Potential employers, college recruiters, teachers, coaches, parents, friends, enemies, strangers and others may all be able to find your past posts, even after you delete them. And it is nearly impossible to control what other people are posting about you. Think about it: Even if you have second thoughts and delete a racy photo, there is no telling who has already copied that photo and posted it elsewhere. Don’t give in to the pressure to do something that makes you uncomfortable, even in cyberspace. More than 40% of teens and young adults (42% total, 47% of teens, 38% of young adults) say “pressure from guys” is a reason girls and women send and post sexually suggestive messages and images. More than 20% of teens and young adults (22% total, 24% teens, 20% young adults) say “pressure from friends” is a reason guys send and post sexually suggestive messages and images. Consider the recipient’s reaction. Just because a message is meant to be fun doesn’t mean the person who gets it will see it that way. Four in ten teen girls who have sent sexually suggestive content did so “as a joke” but many teen boys (29%) agree that girls who send such content are “expected to date or hook up in real life.” It’s easier to be more provocative or outgoing online, but whatever you write, post or send does contribute to the reallife impression you’re making. Nothing is truly anonymous. Nearly one in five young people who send sexually suggestive messages and images, do so to people they only know online (18% total, 15% teens, 19% young adults). It is important to remember that even if someone only knows you by screen name, online profile, phone number or email address, that they can probably find you if they try hard enough.

And tips for “parents to talk to their kids about sex and technology:”

Talk to your kids about what they are doing in cyberspace. Just as you need to talk openly and honestly with your kids about real life sex and relationships, you also want to discuss online and cell phone activity. Make sure your kids fully understand that messages or pictures they send over the Internet or their cell phones are not truly private or anonymous. Also make sure they know that others might forward their pictures or messages to people they do not know or want to see them, and that school administrators and employers often look at online profiles to make judgments about potential students/employees. It’s essential that your kids grasp the potential short-term and long-term consequences of their actions. Know who your kids are communicating with. Of course it’s a given that you want to know who your children are spending time with when they leave the house. Also do your best to learn who your kids are spending time with online and on the phone. Supervising and monitoring your kids’ whereabouts in real life and in cyberspace doesn’t make you a nag; it’s just part of your job as a parent. Many young people consider someone a “friend” even if they’ve only met online. What about your kids? Consider limitations on electronic communication. The days of having to talk on the phone in the kitchen in front of the whole family are long gone, but you can still limit the time your kids spend online and on the phone. Consider, for example, telling your teen to leave the phone on the kitchen counter when they’re at home and to take the laptop out of their bedroom before they go to bed, so they won’t be tempted to log on or talk to friends at 2a.m. Be aware of what your teens are posting publicly. Check out your teen’s MySpace, Facebook and other public  online profiles from time to time. This isn’t snooping—this is information your kids are making public. If everyone else can look at it, why can’t you? Talk with them specifically about their own notions of what is public and what is private. Your views may differ but you won’t know until you ask, listen, and discuss. Set expectations. Make sure you are clear with your teen about what you consider appropriate “electronic” behavior. Just as certain clothing is probably off-limits or certain language unacceptable in your house, make sure you let your kids know what is and is not allowed online either. And give reminders of those expectations from time to time. It doesn’t mean you don’t trust your kids, it just reinforces that you care about them enough to be paying attention.

Last year, my PFF colleague Adam Thierer asked whether State AGs + NCMEC = The Net’s New Regulators? Adam noted that NCMEC, the National Center for Missing and Exploited Children, a private non-profit organization, was playing a law enforcement role in regulating child pornography—but without any clear mechanisms for ensuring its accountability and effectiveness. Adam’s point wasn’t just that transparency is a good thing, but that when it comes to a cause as important as protecting children from exploitation, it’s vital to ensuring that we’re that we’re actually doing a good job at it!

Yesterday, Emmanuel Lazaridis commented on that post:

Given the increasing regulatory and investigative powers of the NCMEC, it is no longer clear whether or not the [Freedom of Information Act] applies to NCMEC records. We are about to find out. I am right now bringing a case against the NCMEC in federal court for access to records under the FOIA and, failing that, for discovery under 28 U.S.C. § 1782(a).

Mr. Lazaridis’s complaint in the D.C. District Court claims that Lazaridis (a Greek national) has been unfairly deemed a fugitive from U.S. justice for having taken his daughter to Greece over the objections of the girl’s American mother, Lazaridis’s ex-wife. NCMEC got involved by placing the girl on their MissingKids.com registry of abducted children. Lazaridis wants the court to recognize his custody, deem him not to be a fugitive, and to order NCMEC to turn over all their records on the girl.

This is, of course, just one side of the story (and such cases are usually so complicated as to be indecipherable to outsiders). But even if Lazaridis’s case were wholly without merit, his basic argument would be a sound one: Why shouldn’t NCMEC, in exercising any of its essentially governmental functions, be subject to the same accountability requirements through FOIA as the FBI would be?

When the issue is the Lazaridis family’s trans-Atlantic custody battle, it may seem easy to ignore this question. But when NCMEC is essentially making policy regarding filtering Internet content, blacklisting websites, turning over user logs to law enforcement, or “cleaning up” Craigslist, the question of NCMEC’s accountability under FOIA cannot be avoided as a critical decision about the future of Internet governance.

On heels of Adam’s piece last year, controversialist Chris Soghoian suggested one answer: Given its status as a sacred cow, we cannot expect any politician pay heed to calls to overhaul NCMEC or subject it to oversight. However, what we can do, is call for the nationalization of the National Center for Missing and Exploited Children.

Think of it this way: We have a drug czar, a war czar, a copyright czar, and will likely have a cybersecurity czar and car czar under the next administration. Why not throw a child porn czar into the mix? Nationalize NCMEC, make all of its workers federal employees, with good health care and job security, and perhaps even expand its budget–after all, it does good work, right? NCMEC’s job is simply too important to be entrusted to a nonprofit group–such a task can only be performed by a fully trained and funded law enforcement agency (one, which conveniently enough, is subject to the Freedom of Information Act, congressional oversight, and constitutional requirements for due process.)

Despite my differences with Chris, he’s often right and may be here, too. He’s certainly right that Congress is unlikely to address the problem of NCMEC’s accountability given the sensitivity of the issue of child protection.

But, fortunately, we live in a republic, not a pure democracy: Our third branch of government, the courts, exists to enforce the rule of law; being somewhat insulated from political pressure, the courts provide a final check on the authority even of the almighty NCMEC. So while Chris’s nationalization proposal might well be the ideal solution, it hasn’t happened yet—nine months later to the day, and it’s probably not high on the Obama administration’s list of czarist reforms.

But simply by ordering NCMEC to comply with FOIA, the Lazaridis court could, with the stroke of a pen, bring accountability to NCMEC’s law enforcement functions. The legal question is simple: Does NCMEC qualify as an “agency,” which FOIA defines as an “authority of the Government of the United States?”

If so, NCMEC must not only respond to requests for certain of its “records,” but it must also follow a rule-making process akin to that required of federal agencies when they make policy decisions, offering the public appropriate notice and the opportunity to comment on proposed regulations—instead of, say, threatening Internet companies behind closed doors (sometimes the same companies that later make generous donations to NCMEC) or cutting deals with state attorneys general.

It turns out that this is not a new issue. Federal courts have had to decide whether a number of quasi-governmental entities qualify as “agencies” over the years, especially given the trend towards privatization over the last three decades. Some organizations, like the Smithsonian Institution, have decided to comply with FOIA even though courts have held that they’re not required to do so. NCMEC could have allayed all these concerns years ago by doing the same thing, but absent a change in management at the organization, it seems only a court order will force the organization to open its “black box” of decision-making to public inquiry.

In a number of other circumstances, courts have required nominally private organizations to comply with the federal FOIA or its state equivalents. A thorough (if dated) treatment of this issue can be found in the 1999 law review article, Privatization and the Freedom of Information Act: An Analysis of Public Access to Private Entities Under Federal Law by Craig Feiser, Florida’s deputy solicitor general and an adjunct at FSU Law. Feiser explains:

When Congress amended FOIA in 1974, it added section 552(f)(1) and broadened the definition of “agency” to include entities not explicitly mentioned under the APA, but which “perform governmental functions and control information of interest to the public.”

In deciding whether a private organization qualifies as an agency subject to FOIA, courts have considered two factors.

One factor asks whether the entity has substantial independent authority in performing a function of the government, making it the functional equivalent of the government. The other factor asks whether the government substantially controls the entity’s day-to-day operations or organizational framework. In using either factor, the court is essentially asking to what degree the entity is performing a government function. In one case, the government is pulling nearly all of the strings; in the other case, the entity is making decisions independently for the government.

Financially, NCMEC is largely a creature of government: 70% of NCMEC’s $42 million budget in 2007 came from the government. But as Feiser notes, funding does not always mean control. Government control over NCMEC’s internal decisions is unclear. Indeed, the very lack of government control over an organization essentially regulating the Internet and imposing criminal sanctions that could follow convicted “sex offenders” for life would by itself be an enormous problem.

But given what NCMEC actually does, it obviously qualifies as an “agency” subject to FOIA under the “functional equivalence factor,” which as Feiser explains,

basically represents the opposite situation from the control factor. Here, the entity is functioning independently, but making decisions for the government, as opposed to having its decisions made by the government. In effect, it is the functional equivalent of the federal government, and, therefore, it should be an “agency” under the FOIA.

I’ll be watching the Lazaridis case closely, hoping that the court sees NCMEC for what it is: a private organization tasked with implementing not just any government function, but the enforcement of laws against the most vulnerable victims in society. Absent such a recognition, NCMEC will continue to grow into an unaccountable regulator for the Internet.

Today, the only public oversight of NCMEC required by law is the requirement that NCMEC (like any non-profit with federal tax-exempt 501(c)(3) non-profit status) file a Form 990 each year disclosing basic information about its finances. That report does not list NCMEC’s donors, because donors have a First Amendment right to remain anonymous, but a more transparent organization would, like my own think tank, at least identify its major donors. The 2006 and 2007 Form 990s do reveal a few interesting things, though, about what NCMEC does with its budget (70% of which comes from the taxpayer):

• NCMEC’s CEO, Ernie Allen, was paid $359,191 plus $411,636 in benefits in 2006 (PDF p. 46) and $409,821 plus $426,540 in benefits in 2007 (PDF p. 19), for a total of $1.6 million in two years (roughly $800,000/year);
• Not counting Allen, NCMEC spent $778,564 on its top five highest-paid employees in 2006 ($155,713/employee), and $875,657 in 2007 ($175,131/employee) (PDF p. 10 in both);
• 31% of NCMEC’s 2006 revenues and 35% of its 2007 revenues went to salaries (PDF pp. 1 & 2 in both); and
• NCMEC had 104 employees paid over $50,000 in 2006 (PDF p. 10) and 116 in 2007 (PDF p. 10).

I’d be reluctant to suggest that anyone at NCMEC was more interested in money than in protecting children, but if given the choice, we’d all prefer to do well while doing good. So if Allen were smart, he’d realize that a court order subjecting NCMEC to FOIA might be the best of all possible worlds: Requiring real accountability would neutralize calls for nationalizing NCMEC, allowing the organization to continue operating as a non-profit that can pay quite a bit better than the Federal civil service. Even the Senior Executive Service, for agency heads, maxes out at a measly $177,000/year.

Of course, if NCMEC’s records and decisions to regulate the Internet were subject to FOIA, the organization might not be able to… “convince” the Internet companies it essentially regulates to write large checks to NCMEC. But even this tax-hating libertarian would be hard-pressed to argue against funding the enforcement of laws against child pornography, abduction and exploitation with taxpayer dollars.

As the grandson of an FBI agent, whose framed credentials hang in a place of pride in my office (stamped “RETIRED” after his 25 years of loyal service), I can’t help but wonder how many more agents the FBI could employ to combat child porn with an extra $1.6 million/year in funding (the salary of Allen and NCMEC’s top-five highest paid employees). It seems that FBI agents today make roughly $48,000-87,000/year. Let’s call it an average of $67,500 and throw in 20% for overhead. That works out to $81,000/year—or:

• 20 new agents for what NCMEC is paying its top six employees; or
• 368 new agents for the $29.82 million NCMEC received in government support in 2007.

I’m sure the solution is far more complicated than simply hiring more FBI agents, and that NCMEC does much good work in the service of a noble cause. But until NCMEC is either nationalized as a direct arm of law enforcement or made significantly more accountable as a private organization, we won’t really have any way of knowing whether the money being spent on NCMEC is being spent in the most effective manner possible to deal with the problems of child pornography, abduction and exploitation. We also won’t know whether draconian alternatives to direct enforcement ( e.g., hiring more FBI agents) like network-level filtering mandates are truly necessary, despite their unintended consequences for the free speech and privacy rights of law-abiding Internet users.

… could be illegal under a proposed Massachusetts (per Boing Boing) law that would make it a crime to “photograph with ‘lascivious intent’ a person over the age of 60 or a person with a disability who has been declared mentally incompetent.”  Like the recent prosections of teens for sending nude pictures of themselves on Myspace under child pornography laws, the Massachusetts proposal would criminalize the sharing of “lascivious” photos regardless of the consent of the person being photographed.

Arthur would be turning in her (recently-dug) grave.  Dorothy Zbornak (her most famous character) might not have been much of a libertarian—it seems safe to assume she, like most progressive Catholics (however fictional) voted for Mondale—but one can easily imagine how her withering sarcasm would lay bare (no pun intended) the noxious paternalism underlying this proposal:  It’s bad enough that the government treats adults like children, assuming we’re all not smart enough to make good decisions for ourselves, but must the State really draw a line in the sand beyond which age (60, in this case) Americans officially lose their status as adults and revert to a second childhood in the eyes of the law?

Dorothy and the other Golden Girls would never stand for it.  One can only imagine the rage of  aging beauty Blanche Devereaux at the crimp this law would have put in her (previously thriving) sex life.

Those who don’t get the title’s reference to the 1994 classic Airheads, or who just plain don’t care for the Golden Girls’ geriatric charms, might nonetheless be crestfallen to realize that the bill could also deny the world naughty pics of  developmentally disabled sex kittens like Susan Boyle, the surprise star of Britain’s “Got Talent” (essentially American Idol with worse teeth).  (Of course, the bill would apply only if Susan were declared mentally incompetent).

Ah, Susan, be still my beating heart!

Caroline Kennedy has abruptly dropped her bid for Hillary Clinton’s Senate seat.  Her father, of course, probably ties with Andrew Mellon and Ronald Reagan as one of the greatest supply-side tax-cutters of all time.  The economic boom JFK unleashed probably makes up for whatever damage—personal or national—done by the Kennedy clan over the years.  

But whatever one thinks of Caroline in particular or the Kennedys in general, her departure from the “race” to succeed Clinton may go down in history as a catastrophe for Internet freedom, since it likely means that NY Attorney General Andrew Cuomo will take the seat.  

Cuomo has cast himself as a hero fighting to protect children by strong-arming ISPs into shutting down Usenets, as Ryan has explained.  Jim correctly points out the “shake down” nature of Cuomo’s operation.  And Adam has explained that this is all part of a broader assault on online free speech.  While few are willing to discuss this taboo subject, it’s fair to ask whether the “solutions” Cuomo are really the most effective way to deal with the scourge of child pornography. 

I’ll bet good money that if Cuomo makes it into the Senate, he’ll continue this fight on a broader scale—perhaps by pushing for legislation to mandate network-level filtering a la Cleanfeed.

Update: Gov. Paterson has decided to appoint Rep. Kirsten Gillibrand to this seat rather than Cuomo. That’s the good news.  The bad news is that this bully is still Attorney General of the Empire State.  I have no doubt he’ll continue his war on free speech in his current position.