COPA – Technology Liberation Front

Celebrating the COPA Report Ten Years Later: A Charter for Sound Consumer Protection Online

Berin Szoka — Fri, 22 Oct 2010 17:28:06 +0000

An important anniversary just passed with little more notice than an email newsletter about the report that played a pivotal role in causing the courts to strike down the 1998 Child Online Protection Act (COPA) as an unconstitutional restriction on the speech of adults and website operators. (COPA required all commercial distributors of “material harmful to minors” to restrict their sites from access by minors, such as by requiring a credit card for age verification.)

The Congressional Internet Caucus Advisory Committee is pleased to report that even after 10 years of its release the COPA Commission’s final report to Congress is still being downloaded at an astounding rate – between 700 and 1,000 copies a month. Users from all over the world are downloading the report from the COPA Commission, a congressionally appointed panel mandated by the Child Online Protection Act. The primary purpose of the Commission was to “identify technological or other methods that will help reduce access by minors to material that is harmful to minors on the Internet.” The Commission released its final report to Congress on Friday, October 20, 2000. As a public service the Congressional Internet Caucus Advisory Committee agreed to virtually host the deliberations of the COPA Commission on the Web site COPACommission.org. The final posting to the site was the actual COPA Commission final report making it available for download. In the subsequent 10 years it is estimated that close to 150,000 copies of the report have been downloaded.

The COPA Report played a critical role in fending off efforts to regulate the Internet in the name of “protecting our children,” and marked a shift towards focusing on what, in First Amendment caselaw is called “less restrictive” alternatives to regulation. This summary of the report’s recommendations bears repeating:

After consideration of the record, the Commission concludes that the most effective current means of protecting children from content on the Internet harmful to minors include: aggressive efforts toward public education, consumer empowerment, increased resources for enforcement of existing laws, and greater use of existing technologies. Witness after witness testified that protection of children online requires more education, more technologies, heightened public awareness of existing technologies and better enforcement of existing laws.

In case you haven’t noticed, this is the message Adam Thierer and I have hammered home relentlessly in all the work we do concerning not only child protection but also privacy, data security and other areas of concern about online consumer protection.

On the child protection side, check out our recent joint comments with CDT and EFF warning the FTC not to expand the Child Online Privacy Protection Act (COPPA), lest it converge with COPA, which the courts have found unconstitutional—and also the lengthy paper we wrote on this subject back in June 2009 well before COPPA reemerged as an issue.

On the privacy side, allow me to quote from my November 2009 comments to the FTC on its Privacy Roundtables (primarily concerning online advertising). Specifically, I laid out a “Principled Pro-Consumer Alternative to Further Regulation:”

The “Privacy Wars” that have waged over how government should regulate online collection and use of data might better be referred to as the “Privacy Proxy Wars” because the most clearly demonstrated “harm” at issue seems to be from government itself, not the private sector. The Fourth Amendment guarantees that “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…” Americans have a legitimate expectation that this “security” extends to their digital “papers and effects,” yet that expectation is not given effect by current restraints on government access to consumer data in American law. Thus, we have proposed the following layered approach to concerns about online privacy, focusing on restraining government access to data, rather than crippling the private sector uses of data that directly benefit consumers:

Erect a higher “Wall of Separation between Web and State” by increasing Americans’ protection from government access to their personal data—thus bringing the Fourth Amendment into the Digital Age.

Educate users about privacy risks and data management in general as well as specific practices and policies for safer computing.

Empower users to implement their privacy preferences in specific contexts as easily as possible.

Enhance self-regulation by industry sectors and companies to integrate with user education and empowerment.

Enforce existing laws against unfair and deceptive trade practices as well as state privacy tort laws.

I look forward to the day when Adam and I aren’t so alone in calling for a unified, consistent approach to online consumer protection across all these issues that begins with demanding a showing of genuine harm or true market failure, but also insists on using (or at least starting with) the least “restrictive” measures to address that problem. In privacy, as with child protection, that means starting with these E-words before rushing to R-words like “regulate, restrict, remove (options),” because those things ultimately retard, rather than encourage, Progress for digital consumers.

What We Didn’t Hear at Yesterday’s FTC COPPA Workshop

Adam Thierer — Thu, 03 Jun 2010 04:07:07 +0000

Yesterday, the Federal Trade Commission (FTC) hosted an all-day workshop on “Protecting Kids’ Privacy Online,” which looked into the Children’s Online Privacy Protection Act of 1998 (COPPA) and challenges posed to its enforcement by new technological developments. The FTC staff did a nice job bringing together and moderating 5 panels worth of participants, all of whom had plenty of interesting things to say about the future of COPPA. But I was more struck by what was not said yesterday. Namely, there was:

ZERO explanation of the supposed harms of advertising, marketing, and data collection. Advertising-bashing is an old sport here in Washington, so I guess I should not have been surprised to hear several panelists yesterday engaging in teeth-gnashing and hand-wringing about advertising, marketing, and the data collection methods that make it possible. But this grousing just went on and on without any explanation by the critics of the supposed harms that would result from it.
ZERO appreciation of the benefits of advertising, marketing, and data collection. Not once yesterday — NOT ONCE — did anyone pause to ask what it is that makes all these wonderful online sites, services and content free (or dirt cheap) to consumers. Everyone at this show was guilty of the “manna fallacy” (that all this stuff just falls magically to Earth from the Net Gods above). Well, back here in the real world, something has to pay for all those goodies, and that something is advertising and marketing, which are facilitated by data collection! Or would you like to pay $19.95 a month for each of those currently free sites and services? Yeah, I didn’t think so.

Almost ZERO discussion of the excellent steps that so many websites are taking today above and beyond COPPA to make sure online communities are safe. What I found most amazing about the day’s discussion was the way many people seem to assume that COPPA is the most important approach to keeping kids safe online. In reality, as I have pointed out in my past work, COPPA is one the least important things that keeps kids safe online. It’s what sites do after kids get into their communities that is really important. And, until the last panel of the day, we heard very little about the important steps that countless online sites and communities take to make sure they offer more safe and secure environments for kids. In particular, beyond basic parental controls, moderation and intervention efforts by site operators are increasing within social networking sites, virtual worlds, and many other sites to ensure that they offer such “well lit” neighborhoods. Failure to integrate this into the discussion was the major failing of the day.

Little discussion of the role of parents should play in mentoring their kids online. So, I’m a parent. Two kids. Ages 8 and 5. Guess what? They love commercial messages! I let them see them. Online and off. We talk about them. I explain to them not to believe everything they see. I explain that sometimes people are just out to sell them silly stuff they don’t need or, worse yet, scam them out of their money. I explain that there’s a lot of crap out there. And I explain to them that they should always consult with mom and dad about purchasing decisions to get our advice and consent. Hey… there’s a word for this: mentoring (otherwise known as “good parenting.”) Yes, yes, I know COPPA is suppose to aid parents in this regard, but honestly, I only think of COPPA as a small speed bump. It can slow people — either kids or marketers — down a bit, but it will never stop companies from wanting to sell products or people (including kids) from wanting to buy them. This is life in a capitalistic society, folks. Unless you want to live in some Marxist “Worker’s Paradise” where we ban all commercial messages and tightly limit consumption and consumer choice (and “wasteful capitalist” competition!), you better get used to it. And, to go back to point #1, you have yet to show me how exposure to commercial messages “harms” kids. I’m not saying I want to subject my kids to an endless bombardment-by-ads, but as with everything else in this world, there is a sensible way to educate them using a combination of good mentoring and media literacy.
ZERO acknowledgment that COPPA expansion puts the law on a collision course with COPA, which has already been litigated and found unconstitutional. During the fourth panel yesterday on “Emerging Parental Verification Access and Methods,” there was some troubling talk of turning schools or mobile phone operators into online credentialing authorities. I’ve discussed the dangers of these approaches to online age verification here before (especially the insanely misguided suggestion that schools should become DMVs for our kids and be passing out digital credentials). Which brings up a broader concern not really discussed at all yesterday: At what point would an expansion of COPPA’s “verifiable parental consent” requirements converge with the unconstitutional mandatory age verification model found in the Children’s Online Protection Act (COPA)? We fought an epic, decade-long legal battle over COPA only to have the entire framework tossed out as a violation of the First Amendment. This issue was at the heart of the COPPA 2.0 paper Berin Szoka and I released last year, and a theme Berin recently explained in his Senate testimony and subsequent answers to questions for the Congressional Record.

Anyway, I could go on but I’ll just stop there and reference a few other things that we’ve been doing on COPPA and age verification issues more generally. But everyone should stay tuned to this debate because the prospect for COPPA expansion is quite real and it will have profound ramifications, as the subtitle to our first paper down below explains:

COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, by Berin Szoka & Adam Thierer
Response of Berin Szoka to Questions from Sen. Mark Pryor Regarding Hearing on “An Examination of Children’s Privacy: New Technologies & the Children’s Online Privacy Protection Act”
Written Testimony of Berin Szoka, Hearing on “An Examination of Children’s Privacy: New Technologies & the Children’s Online Privacy Protection Act” before the Subcommittee on Consumer Protection, Committee on Commerce, Science & Transportation, U.S. Senate, April 29, 2010
Final Statement of Adam Thierer to the Internet Safety Technical Task Force
“USA Today, Age Verification, and the Death of Online Anonymity,” by Adam Thierer, PFF Blog, Jan. 23, 2008
Social Networking and Age Verification: Many Hard Questions; No Easy Solutions, by Adam Thierer, March 21, 2007.
“Age Verification for Social Networking Sites: Is it Possible? Is it Desirable?” event transcript, May 11, 2007.

My Senate Testimony on the Children’s Online Privacy Protection Act (COPPA)

Berin Szoka — Thu, 29 Apr 2010 14:16:19 +0000

I’m testifying this morning before the Senate Commerce Committee’s Consumer Protection Subcommittee on Examining Children’s Privacy: New Technologies and the Children’s Online Privacy Protection Act at 10 am in 253 Russell. I offered an overview of my testimony in a PFF TechCast interview yesterday.

MP3 file: PFF TechCast #4 – Senate COPPA testimony of Berin Szoka

My pre-scripted oral testimony (PDF) follows below, but you can download my somewhat longer written testimony here, which offers an overview of our past work on this subject at PFF, particularly the paper Adam Thierer and I published last summer COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.

Mr. Chairman and Committee members, thank you for inviting me here today. My name is Berin Szoka. ^[1] I’m a Senior Fellow at The Progress & Freedom Foundation. I commend this Committee for studying COPPA, and the FTC for its upcoming COPPA Review and Roundtable.^{^[2]}

Background on COPPA

For an “Internet Jr.” of sites “directed at” children under 13, COPPA requires sites either to age-verify all users or limit functionality to prevent children from making personal information “publicly available”—including the sharing of user-generated content. COPPA imposes the same requirement on general audience sites when they have actual knowledge a user is under 13. Because of this forced separation and the costs of age verification, COPPA may well have unintentionally limited choice and competition by driving increased consolidation in the marketplace for child-oriented sites and services online. On the other hand, COPPA has been reasonably successful in fulfilling Congress’s original goal of “enhancing parental involvement” to protect children’s online privacy and safety.

Whatever this trade-off, I’m here today to caution against expanding COPPA beyond its original, limited purpose. COPPA’s unique value lies in its flexibility, subtlety, and intentional narrowness.

COPPA is flexible because it potentially applies to the entire Internet regardless of the access device used—including services scarcely imaginable in 1998.

COPPA is subtle because it requires “verifiable parental consent” not only if site and service operators gather personal information from kids for their own use, but also if sites enable children to make personal information “publicly available” online. Even more subtle is COPPA’s creative solution to the thorny problem of age verification. Unlike the similarly-named Child Online Protection Act,^{^[3]} COPPA only requires age verification of users on sites clearly directed at children, whereas COPA required it for any site offering content deemed “harmful to minors.”

Efforts to Expand COPPA Raise Serious First Amendment Concerns

Back in 1998, Congress wisely chose not to apply COPPA to adolescents. Unfortunately, recent efforts to expand COPPA have put online privacy, child safety, free speech and anonymity on a collision course. Several states have proposed what we at PFF have called “COPPA 2.0” laws, extending COPPA to adolescents under 17 or 18. But once the age threshold rises above 13, it becomes increasingly difficult to distinguish sites “directed at” children below the threshold from general audience sites. With this seemingly small change, COPPA would essentially converge with COPA: COPPA would extend beyond a discrete “Internet, Jr.” to require age verification for sites used by many adults—and, indeed, other states have proposed simply extending COPPA to all social networking sites. But requiring adults and even older teens to prove their age by identifying themselves constitutes a prior restraint on anonymous or pseudonymous communication. This raises the same First Amendment concerns that caused the courts to strike down COPA.

COPPA Expansion Would Undermine Privacy

Ironically, broad age verification mandates would reduce online privacy by requiring more information to be collected from both adolescents and adults, including credit card information. While COPPA’s safe harbors play a valuable role in administering self-regulation under COPPA,^{^[4]} government shouldn’t put them in the awkward position of becoming repositories for huge troves of personal information in the name of protecting privacy.

COPPA Expansion Would Not Enhance Child Safety

Nor would COPPA expansion make adolescents safer online. Some have argued that age verification mandates could protect children by allowing sites to create “safe spaces” that exclude predators. Unfortunately, the reality is that the technology for reliable age verification simply doesn’t exist. Even the FTC has made clear that it doesn’t consider COPPA’s verifiable parental consent methods, such as use of a credit card,^{^[5]} as equivalent to strict age verification.^{^[6]}

Fears of Advertising Should Not Drive COPPA Expansion

COPPA expansion could also undermine the viability of many online sites and services. Some consider marketers the “real predators”—even though advertising is the great “Hidden Benefactor”^{^[7]} that funds the overwhelming majority of “free” Internet content and services. COPPA already applies to the collection of information that could potentially allow the contacting of a child under 13. The Network Advertising Initiative already requires verifiable parental consent for behavioral advertising to children under 13. But if COPPA were expanded to require general audience sites funded by tailored advertising to age-verify all users, it would devolve into the unconstitutional approach found in COPA. Importantly, COPPA expansion would also raise costs for smaller or new sites and services geared toward minors. This could discourage new innovation, limit choice, and raise prices for consumers.^{^[8]}

Ultimately, concerns about tailored advertising may be less about privacy than about what advertising scholar Jack Calfee has dubbed the “Fear of Persuasion”—the idea that advertising is inherently manipulative and only grows more so with increased relevance. But as Calfee notes, “by the age 10 or so, children develop a full understanding of the purpose of advertising and equally important, an active suspicion of what advertisers say.”^{^[9]} If government has a role to play in addressing concerns about tailored marketing, it lies in educating kids about advertising to help them become smarter consumers. Last week, the FTC launched just such an education campaign with its AdMongo tutorial website (www.admongo.gov).[10] The FTC excels in consumer education, and should be encouraged in these efforts as a less restrictive alternative to regulation.^{^[11]}

Opening the Door to COPPA Expansion through FTC Overhaul via Financial Reform

Finally, financial reform legislation recently passed by the House would give the FTC sweeping new rulemaking powers. H.R. 4173 would allow the FTC to unilaterally change COPPA, including its age range. Such decisions should be made by Congress, not the FTC. If Congress wants to help the FTC implement COPPA, it should consider additional funding for education and enforcement.

Thank you again for inviting me here to testify.

[1] The views expressed here are his own, and not necessarily the views of the PFF board, other fellows or staff.

[2] Federal Trade Commission, Request for Public Comment on the FTC’s Implementation of the Children’s Online Privacy Protection Rule, April 5, 2010, http://www.ftc.gov/os/2010/03/100324coppa.pdf; see also COPPA Rule Review Roundtable, http://www.ftc.gov/bcp/workshops/coppa/index.shtml.

[3] 47 U.S.C. § 231.

[4] See Federal Trade Commission, Safe Harbor Program, www.ftc.gov/privacy/privacyinitiatives/childrens_shp.html.

[5] Under the FTC’s “sliding scale” approach to obtaining parental consent, other acceptable methods include print-and-fax forms, follow-up phone calls and e-mails, and using encryption certificates. 16 C.F.R. § 312.5(b)(2).

[6] In a February 2007 report to Congress about the status of the law and its enforcement, the FTC said that no changes to COPPA were then necessary because the law had “been effective in helping to protect the privacy and safety of young children online.” Federal Trade Commission, Implementing the Children’s Online Privacy Protection Act: A Report to Congress at 1, Feb. 2007, www.ftc.gov/reports/coppa/07COPPA_Report_to _Congress.pdf. In discussing the effectiveness of the parental consent verification methods authorized in the FTC’s sliding scale approach, however, the agency acknowledged that “none of these mechanisms is foolproof.” Id. at 13. The FTC attempts to distinguish these parental consent verification methods from other kinds of age verification tools in noting that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” Id. at 12.

[7] Adam Thierer & Berin Szoka, The Hidden Benefactor: How Advertising Informs, Educates & Benefits Consumers, Progress on Point 6.5, Feb. 2010, www.pff.org/issues-pubs/ps/2010/pdf/ps6.5-the-hidden-benefactor.pdf.

[8] In 2005, the FTC has cited an estimate of $45/child as the cost of obtaining verifiable parental consent for child-oriented sites to comply with COPPA. See Comments of Parry Aftab, Request for Public Comment on the Implementation of COPPA and COPPA Rule’s Sliding Scale Mechanism for Obtaining Verifiable Parental Consent Before Collecting Personal Information from Children at 2, June 27, 2005, www.ftc.gov/os/comments/COPPArulereview/516296-00021.pdf.

[9]/a>Jack Calfee Fear of Persuasion: A New Perspective on Advertising and Regulation, 59 (1997).

[10] Federal Trade Commission to Launch Advertising Literacy Campaign National Program Gives ‘Tweens’ Ages 8 to 12 Skills to Recognize, Understand Advertising, April 26, 2010, www.ftc.gov/opa/2010/04/admongo.shtm.

[11] See, e.g., onguardonline.gov; NetCetera: Chatting With Kids About Being Online, onguardonline.gov/pdf/ tec04.pdf; You Are Here: Where Kids Learn to be Smarter Consumers, ftc.gov/youarehere/.

Son of COPA?: H.R. 4059, “The Online Age Verification and Child Safety Act”

Adam Thierer — Wed, 18 Nov 2009 20:22:10 +0000

Rep. Bart Stupak, (D-MI) recently introduced the ‘‘Online Age Verification and Child Safety Act’’ (H.R. 4059), which would require mandatory online age verification for “any pornographic website accessible by any computer located within the United States to display any pornographic material, including free content that may be available prior to the purchase of a subscription or product.” The measure does not specify how such verification is to be administered, saying only that “any website or online service” must “establish and maintain a system of internal policies, procedures and controls to ensure that no such material is displayed to any user attempting to access their site without first verifying that the user is 18 years or older.”

In essence, the Stupak bill is the “Son of COPA,” or the Child Online Protection Act of 1998, a law that has been constitutionally tested and come up short during an epic, decade-long legal battle in which it was made clear that mandatory age verification is unwise, unworkable, and unconstitutional under the First Amendment.

COPA sought to make it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. COPA was immediately challenge, however, and a 10-year court battle ensued. The law was blocked by lower courts because it was too sweeping in effect and because courts held that there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

COPA’s decade-long legal battle finally concluded in January 2009 when the U.S. Supreme Court refused to revisit the law. COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004. Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal in January, lower court rulings stood and COPA remained unconstitutional and unenforceable. The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

Many, many times here before I have documented my serious ongoing reservations about mandatory age verification. [In particular, see this lengthy white paper and this event transcript for all the details.] Moreover, as I pointed out in a recent PFF white paper (“Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer“), every major online safety task force that has studied the possibility of mandatory age verification for the Internet has come to the same conclusion: It won’t work, it’s unconstitutional, and it raises serious privacy concerns. Down below the fold I have pulled some of the relevant language from the five online safety task forces that have met since 2000 and considered this issue. Some of the very best minds in academia, industry, government, and the child safety community sat on these task forces. And, taken together, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety.

I would hope that Mr. Stupak and other lawmakers would heed the warnings about mandatory age verification that these task forces issued. Read on for brief look at what the experts had to say. And as you do, remember that every dollar spent litigating another misguided attempt to mandate online age verification is another dollar that could be spent on education and empowerment solutions or other law enforcement strategies, all of which could be put in place immediately to make our kids safer online.

2000 – Commission on Online Child Protection (“COPA Commission”)

[Age verification] imposes moderate costs on users, who must get an I.D. It imposes high costs on content sources that must install systems and might pay to verify I.D.s. The adverse effect on privacy could be high. It may be lower than for credit card verification if I.D.s are separated from personally-identifiable information. Uncertainty about the application of a harmful to minors standard increases the costs incurred by harmful to minors sites in connection with such systems. An adverse impact on First Amendment values arises from the costs imposed on content providers, and because requiring identification has a chilling effect on access. Central collection of credit card numbers coupled with the “embarrassment effect” of reporting fraud and the risk that a market for I.D.s would be created may have adverse effect on law enforcement.[1]

2002 – Youth, Pornography, and the Internet (“Thornburgh Commission”)

In an online environment, age verification is much more difficult because a pervasive nationally available infrastructure for this purpose is not available. […] Note that each of these [age verification] methods imposes a cost in convenience of use, and the magnitude of this cost rises as the confidence in age verification increases.[2]

2008 – Safer Children in a Digital World (“Byron Review”)

[N]o existing approach to age verification is without its limitations, so it is important that we do not fixate on age verification as a potential ‘silver bullet’.[3]

2009 – Internet Safety Technical Task Force (ISTTF)

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness. Any system that relies on remote verification of information has potential for inaccuracies. For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s. Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records. Any system that focuses on third-party in-person verification would require significant political backing and social acceptance. Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.[4]

2009 – “Point Smart. Click Safe.” Blue Ribbon Working Group

The task force acknowledges that the issues of identity authentication and age verification remain substantial challenges for the Internet community due to a variety of concerns including privacy, accuracy, and the need for better technology in these areas.[5]

[1] COPA Commission, Report to Congress, Oct. 20, 2000, www.copacommission.org

[2] Computer Science and Telecommunications Board, National Research Council, Youth, Pornography and the Internet (Washington, DC: National Academy Press, 2002), at 63-4, www.nap.edu/html/youth_internet/

[3] Safer Children in a Digital World: The Report of the Byron Review, March 27, 2008, at 99. www.dcsf.gov.uk/byronreview

[4] Internet Safety Technical Task Force, Enhancing Child Safety & Online Technologies: Final Report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States, Dec. 31, 2008, at 10, http://cyber.law.harvard.edu/pubrelease/isttf.

[5] www.pointsmartclicksafe.org/report

[NOTE: Follow H.R. 4059 and comment on it over at Washington Watch.]

ATTACHMENT: Final Statement of Adam D. Thierer on Age Verification to the Internet Safety Technical Task Force

ISTTF Thierer Closing Statement http://d1.scribdassets.com/ScribdViewer.swf?document_id=10275410&access_key=key-2arwch33v27rw4obom5&page=1&version=1&viewMode=list

Transcript of 7/27 PFF Event on Child Safety, Privacy, and Free Speech

Adam Thierer — Tue, 18 Aug 2009 18:41:21 +0000

On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:

Parry Aftab, Executive Director, WiredSafety.org
Todd Haiken, Senior Manager of Policy, Common Sense Media
Jim Halpert, Partner, DLA Piper
Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:

Download mp3

Here is the full event description:

Online child safety, privacy, and free speech remain hotly debated issues at both the federal and state level. Bills introduced in Congress to address cyberbullying concerns propose either educational initiatives or a criminalization approach. Access to objectionable content also remains a concern and a new, government-mandated task force is looking into those issues. Meanwhile, state officials, including many state attorneys general, continue to explore age verification mandates for social networking sites and some have considered building on the federal Children’s Online Privacy Protection Act (COPPA) to expand “parental notification” mandates. The Federal Trade Commission (FTC) has recently announced an expedited review of COPPA to see if it is keeping up with new developments. The FTC is also exploring child safety in virtual worlds. New concerns about “sexting,” or the sending of sexual explicit images over mobile devices, has also raised new concerns led some lawmakers to ponder penalties.

How serious are these concerns? Is legislation or regulation needed to address them? What free speech issues are at stake? Should Congress take the lead or leave it to the States to experiment with different models? These and other issues were discussed by a panel of leading experts in the field of online safety and privacy policy.

Transcript PFF Online Child Safety Privacy Hill Event (7-27-2009) http://d.scribd.com/ScribdViewer.swf?document_id=18756666&access_key=key-1blb7az1ag406howibuk&page=1&version=1&viewMode=

Cyber-Libertarianism: The Case for Real Internet Freedom

Adam Thierer — Wed, 12 Aug 2009 16:08:38 +0000

by Adam Thierer & Berin Szoka — (Ver. 1.0 — Summer 2009)

We are attempting to articulate the core principles of cyber-libertarianism to provide the public and policymakers with a better understanding of this alternative vision for ordering the affairs of cyberspace. We invite comments and suggestions regarding how we should refine and build-out this outline. We hope this outline serves as the foundation of a book we eventually want to pen defending what we regard as “Real Internet Freedom.” [Note: Here’s a printer-friendly version, which we also have embedded down below as a Scribd document.]

I. What is Cyber-Libertarianism?

Cyber-libertarianism refers to the belief that individuals—acting in whatever capacity they choose (as citizens, consumers, companies, or collectives)—should be at liberty to pursue their own tastes and interests online.

Generally speaking, the cyber-libertarian’s motto is “Live & Let Live” and “Hands Off the Internet!” The cyber-libertarian aims to minimize the scope of state coercion in solving social and economic problems and looks instead to voluntary solutions and mutual consent-based arrangements.

Cyber-libertarians believe true “Internet freedom” is freedom from state action; not freedom for the State to reorder our affairs to supposedly make certain people or groups better off or to improve some amorphous “public interest”—an all-to convenient facade behind which unaccountable elites can impose their will on the rest of us.

B. Application in Social & Economic Contexts

The cyber-libertarian draws no distinction between social and economic freedom when applying this vision:

Social Freedom: Individuals should be granted liberty of conscience, thought, opinion, speech, and expression in online environments.
Economic Freedom: Individuals should be granted liberty of contract, innovation, and exchange in online environments.

Cyber-libertarians also argue that social and economic freedoms are inextricably intertwined: It is not enough to support liberty of action in one sphere; foreclosing freedom in one sphere will eventually affect freedom in the other.

C. How “Code Failures” Are to Be Addressed

The cyber-libertarian believes that “code failures” (the digital equivalent of so-called “market failures”) are better addressed by voluntary, spontaneous, bottom-up, marketplace responses than by coerced, top-down, governmental solutions. From a practical perspective, the decisive advantage of the market-driven approach to correcting code failure comes down to the rapidity and nimbleness of those responses. Stated differently, cyber-libertarians have a strong aversion to the politicization of technology issues and efforts to replace market processes with bureaucratic processes.

Importantly, the cyber-libertarian defines “markets” broadly to include monetary and non-monetary transactions as well as proprietary and non-proprietary modes of production. To be clear, collaborative, non-proprietary technologies and efforts ( e.g., Wikipedia and open source software) are not at odds with cyber-libertarianism. But the cyber-libertarian does reject the notion these models are the only acceptable model or that they should be imposed on us by law. The proper policy position with regards to the “open vs. closed” or “proprietary vs. non-proprietary” debate should be one of techno-agnosticism. Lawmakers and courts should not be tilting the balance in one direction or the other.

More generally speaking, instead of seeking to define or impose a single utopian vision, the cyber-libertarian seeks to enable what libertarian philosopher Robert Nozick called a “Utopia of Utopias:” a framework within which many different models of organizing commerce and community can flourish alongside, and in competition with, each other.

D. General Relationship to “Internet Exceptionalism”

Internet exceptionalists are first cousins to cyber-libertarians: They believe that the Internet has changed culture and history profoundly and is deserving of special care before governments intervene. [See Section IV for an expanded discussion.]

II. The Intellectual Foundations of Cyber-Libertarianism

A. Traditional Libertarian Philosophy

Natural Rights philosophers –John Locke, Ayn Rand, The Founders
Utilitarian philosophers – John Stuart Mill (On Liberty), Herbert Spencer
“Austrian School” of Economics – Ludwig von Mises, F.A. Hayek, Murray Rothbard
Milton Friedman (Free to Choose)
Robert Nozick – argument for a minimalist state; “utopia of utopias” notion
Thomas Sowell – critique of “The Vision of the Anointed”
Richard Epstein – vision of “Simple Rules for a Complex World

B. Modern Cyber-Libertarian Theorists

Ithiel de Sola Pool (Technologies of Freedom)
Alvin Toffler (The Third Wave , Future Shock)
George Gilder (Microcosm , Telecosm)
Peter Huber (Law & Disorder in Cyberspace)
Tom W. Bell
Technology Liberation Front bloggers

C. Internet Exceptionalists[see Sec. IV below]

III. The Contrast with Cyber-Collectivism

A. Cyber-Collectivism Defined

Cyber-collectivism is the opposite of cyber-libertarianism. Cyber-collectivism refers to the general belief that cyber-choices should be guided by the State or an elite class according to some amorphous “general will” or “public interest.” The distant influence of Plato, Rousseau, and Marx can often been seen in the work of cyber-collectivists.

Cyber-collectivism comes in many flavors, however. “Left”-leaning cyber-collectivists, for example, are more focused on social concerns than economic ones. Some “Right”-leaning cyber-collectivists are focused on controlling the impact of the Internet on culture or security. In other words, cyber-collectivism is not as philosophically coherent as cyber-libertarianism—which, though it comes in many flavors, shares a larger core of common agreement

B. General Relationship to “Information Commons” Movement

There is a close relationship between the Leftist variant of cyber-collectivism and the “digital commons” or “information commons” movement, which generally refers to the belief that digital resources should be shared or perhaps commonly owned instead of held privately—both because cyber-collectivists think this is more equitable and because they generally think such arrangements will ultimately work better.

Cyber-collectivists are typically not Marxists; few of them call for state ownership of the information means of production. Rather, cyber-collectivists might better be thought of a “cyber social Democrats” (in a European sense) or “Digital New Dealers” (in the American tradition). They advocate a generous role for law and regulation in many online matters, but do not typically resort to full-blown nationalization.

C. Exponents of Cyber-Collectivism

Some notable cyber-collectivists or information commons adherents (and their key works):

(*We are, of course, generalizing a bit here. Not everyone in these institutions is a cyber-collectivist and, again, there are many flavors of cyber-collectivism, just as there are many flavors of cyber-libertarianism. Individuals in some of these organizations diverge significantly in attitudes towards technological change and the proper scope of government influence throughout the high-tech sector.)

IV. Relationship Between Cyber-Libertarianism & Internet Exceptionalism

Some non-libertarians occasionally join ranks with cyber-libertarians out of a belief that the Internet is different and deserving of special consideration and care. This is commonly referred to as “Cyber-Exceptionalism” or “Internet Exceptionalism.” John Perry Barlow’s 1996 “Declaration of the Independence of Cyberspace” was probably the earliest (and most extreme) articulation of “Internet Exceptionalism”:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions. You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don’t exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Similarly, in 1994, The Progress & Freedom Foundation brought together four leading technology visionaries (Esther Dyson, George Gilder, George Keyworth, and Alvin Toffler) to pen A Magna Carta for the Knowledge Age. In that manifesto, the authors argued:

Cyberspace is the land of knowledge, and the exploration of that land can be a civilization’s truest, highest calling. The opportunity is now before us to empower every person to pursue that calling in his or her own way. The challenge is as daunting as the opportunity is great. The Third Wave has profound implications for the nature and meaning of property, of the marketplace, of community and of individual freedom. As it emerges, it shapes new codes of behavior that move each organism and institution—family, neighborhood, church group, company, government, nation—inexorably beyond standardization and centralization, as well as beyond the materialist’s obsession with energy, money and control. Turning the economics of mass-production inside out, new information technologies are driving the financial costs of diversity—both product and personal—down toward zero, “demassifying” our institutions and our culture. Accelerating demassification creates the potential for vastly increased human freedom. It also spells the death of the central institutional paradigm of modern life, the bureaucratic organization. (Governments, including the American government, are the last great redoubt of bureaucratic power on the face of the planet, and for them the coming change will be profound and probably traumatic.)

As that last paragraph suggests, this “Magna Carta” for cyberspace contained some hints of cyber-libertarian thinking, but the general thrust of the document was more generally of the Internet Exceptionalist school of thought.

Internet Exceptionalists are sometime critiqued for sounding like techno-utopians, but it is a mistake to conflate the two. There are not always synonymous.

V. Cyber-Libertarianism’s Early Legal Foundations & Victories

Section 230 of the Communications Decency Act of 1996 is probably the best example of cyber-exceptionalism in practice. It grants broad immunity to online intermediaries for third party content except for criminal and IP law—breaking with traditional tort liability standards. Specifically, Sec. 230 rejected the “deputization of the middleman” model of liability.
Overturning of the Communications Decency Act’s indecency & obscenity provisions in Reno v. ACLU decision
Various court decisions blocking enforcement of the Child Online Protection Act (COPA) of 1999
The encryption wars & the defeat of the “Clipper Chip”
The Internet Tax Freedom Act of 1998

VI. Applications: How Cyber-Libertarians Think about Various Policy Issues

Free speech & online child safety: Favor parental empowerment and industry self-regulation over censorship. “Household standards” should trump “community standards.”
Privacy policy & online advertising: Privacy is a subjective condition and efforts to regulate to “protect privacy” could have unintended consequences for freedom of speech and the growth of online content and commerce. User empowerment and industry self-regulation represent the superior way to address privacy concerns.
Net neutrality / infrastructure regulation: “Open access” regulation is nothing more the infrastructure socialism. Network operators should be free to own, operate, and price their systems and services as they see fit, subject only to enforcement of their terms of service and other voluntary disclosures as contracts with their users. New entry and innovation are better alternative to regulating yesterday’s networks and technologies.
Internet taxation: No special taxes should be imposed on online services or Internet access. To the extent the Net disrupts traditional tax bases that should be seen as an opportunity to reform those tax systems.
Online gambling: People should be free to do what they want with their money and Internet gambling is likely impossible to shut down entirely anyway, given the nature of the Internet.
Antitrust: “Market power” and “code failures” are best dealt with by spontaneous evolution of markets and new entry, not bureaucratic micro-management of old technologies or market structures. Regulation often creates, or tends to foster, most monopolies. As Ithiel de Sola Pool once noted, “The force that preserves most monopoly privilege is law… most would vanish in the absence of enforcement.”
IP issues: Cyber-libertarians are deeply divided over IP issues (especially copyright) and this reflects a long-standing division within libertarian ranks on these issues more generally. Some believe IP rights are a natural extension of traditional property rights and/or a sensible way to incentivize scientific and artistic creativity. Others believe no one has a right to “property-tize” intangible creations or that copyright is simply industrial protectionism. And there are many views in between.

VII. Prospects for Cyber-Libertarianism

A. The Pessimistic View

Government’s will quash online freedom and bring the Internet under their thumbs.
Regulatory efforts are expanding at a breathtaking pace and will not slow anytime soon.

B. The Optimistic View

“Technologies of Freedom” (tools and methods to avoid online regulation, censorship and control) will ultimately triumph.
Technology is evolving faster than government’s ability to regulate it.

VIII. Related Reading on Cyber-Libertarianism & Internet Exceptionalism

John Perry Barlow, Declaration of the Independence of Cyberspace (1996).
Tom W. Bell, Free Speech, Strict Scrutiny, and Self-Help: How Technology Upgrades Constitutional Jurisprudence , 87 U. Minn. L. Rev. 743 (2003).
Esther Dyson, George Gilder, George Keyworth, & Alvin Toffler, The Progress & Freedom Foundation, A Magna Carta for the Knowledge Age (1994).
Eric Goldman, The Third Wave of Internet Exceptionalism, Santa Clara Magazine (Winter 2008).
H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, Kansas L. Rev. (2007).
Peter Huber, Law & Disorder in Cyberspace: Abolish the FCC and Let Common Law Rule the Telecosm (1997).
Ithiel de Sola Pool, Technologies of Freedom (1983).
David Post, In Search of Jefferson’s Moose: Notes on the State of Cyberspace (2009).
Adam Thierer, The Pragmatic Internet Optimist’s Creed, Technology Liberation Front Blog (Nov. 11, 2008).
Technology Liberation Front Blog, About the Technology Liberation Front (August 2004, revised 2008).

http://d1.scribdassets.com/ScribdViewer.swf?document_id=20069036&access_key=key-1l2n967ftjmtskn7lf95&page=1&version=1&viewMode=slideshow

Cyber-Libertarianism: The Case for Real Internet Freedom [Ver 1.0 – Thierer & Szoka] http://d.scribd.com/ScribdViewer.swf?document_id=18490847&access_key=key-14tt6eb4f2cdcil8wnf2&page=1&version=1&viewMode=

What Unites Advocates of Speech Controls & Privacy Regulation?

Adam Thierer — Tue, 11 Aug 2009 17:31:04 +0000

What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]

by Adam Thierer & Berin Szoka The Progress & Freedom Foundation, Progress on Point No. 16.19

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”^[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families.

I. The Elitism of Speech Regulation

First, consider how those two elitist beliefs identified above are on display when lawmakers or regulatory advocates make efforts to control speech or content.^{^[2]} Calls to regulate free speech are often premised on the belief that something must be done to “protect The Children.”^{^[3]} Personal and parental responsibility ^{^[4]} are regarded as inadequate safeguards ^{^[5]} since some parents will inevitably fall down on the job by not adequately shielding their children’s eyes and ears from potentially objectionable (or supposedly harmful) speech. Therefore, government must regulate content that is indecent, profane, excessively violent, and so on. The definition of those things is then left to unelected bureaucrats and judges to make on our behalf.

But it’s not just about “The Children.” Some regulatory advocates believe that even the choices made by consenting adults must be disregarded because some people fail to understand the supposedly destructive nature of the speech they are consuming. Government must act to protect people from making what some regulatory advocates regard as destructive or even immoral choices that could bring harm to them or their loved ones.

In sum, regulatory advocates are essentially saying that people cannot be trusted or left to their own devices and, therefore, government must intervene and establish a baseline “community standard” on behalf of the entire citizenry to tell them what‘s best for them.^{^[6]} Even if those citizens have tools and information at their disposal to make sensible decisions about objectionable content, that’s not good enough because they might not do the job properly. Government must do it for them!

II. The Elitism of Privacy Regulation

This same mentality motivates calls for privacy regulations. Those who call for government interventions to “protect privacy” often claim that people too willingly surrender personal information about themselves and that they don’t understand the adverse consequences of those actions.^{^[7]} Alternatively, regulatory advocates claim that advertising and marketing efforts are inherently “manipulative” and that people do not realize they are being duped into surrendering personal information or into buying products or services they supposedly don’t need.^{^[8]} Of course, those regulatory advocates rarely pause to explain to us how it is that they were not also duped and manipulated by the same things—again revealing their deeply-rooted elitism! (As discussed below, this makes it clear how the psychological phenomenon of “third-person effect hypothesis” is driving much of this debate.)

“Protecting The Children” is also used as a rhetorical cover for regulation here, but not as often in debates over speech controls.^{^[9]} Instead, regulatory advocates mostly focus on adults who are presumed not to know what is in their own best interest—necessitating paternalistic government intervention on their behalf.

III. Intellectual Schizophrenia on Both the Left & Right

What is particularly interesting about all this is the way these two issues expose a sort of intellectual schizophrenia at work on both the Left and Right of the political spectrum. Left-leaning policymakers and intellectuals typically decry censorship efforts (except where “commercial speech,” “hate speech” and “bias” are at issue), but are quick to rally around proposals to layer privacy regulations on the Internet. The opposite is often true of many on the Right of the political spectrum: They typically declare privacy regulations to be paternalistic and antithetical to free enterprise (or perhaps just erosive of efforts to legislate morality),^[10] but in the next breath advocate controls on content they find objectionable.

Few on either side stop to consider the relationship between speech and privacy. In fact, they are but two sides of the same coin. After all, what is your “right to privacy” but a right to stop me from observing you and speaking about you?^{^[11]} “Protecting privacy,” therefore, typically means restricting speech rights in the process. Advocates of privacy regulation often insist that the use, processing and collection of information are “conduct” unprotected by the First Amendment, but in fact, the First Amendment broadly protects the gathering and distribution of information as part of the process of communication (“speech”).^[12] Similarly, attempts to “clean up” speech or “protect The Children,” often require regulations that would betray the privacy of adults by expanding the role of government, and impose serious burdens on businesses and markets—such as age verification mandates ^[13] or extensive data retention requirements.^[14]

IV. Common Tactics & Regulatory Mechanisms

The two movements also share common political tactics and regulatory approaches. Privacy advocates generally favor “opt-in” mandates as the federal “baseline standard” for any website collecting information about users, especially their browsing habits (regardless of whether the information is “personally identifiable”). In other words, the law would create a property right in such “personal information” (ironically, many advocates of this approach criticize or reject intellectual property.) In a similar vein, many advocates of speech controls push for mandatory parental control tools or restrictive default settings.^{^[15]} That is, if government won’t censor speech outright, regulatory advocates want lawmakers to at least (1) require that media, computing and communications devices be shipped to market with parental controls embedded or included (as proposed in Australia and with China’s “Green Dam” filter),^[16] and possibly, (2) that such controls be defaulted to their most restrictive position—forcing users to opt-out of the controls later if they want to consume media rated above a certain threshold.

More sophisticated advocates of speech controls and privacy regulation will likely argue that their paternalism is less elitist or intrusive because they merely want to “nudge” the public into making “better” decisions. Economist Richard Thaler and legal scholar Cass Sunstein (director of President Obama’s Office of Information and Regulatory Affairs, responsible for analyzing most new federal regulations) popularized this approach with their 2008 book Nudge: Improving Decisions about Health, Wealth, and Happiness. Based on behavioral economics studies, they argue that both government and private actors must inevitably make decisions about “choice architecture” and that, by setting defaults, incentives and rules smartly, “choice architects” can and should improve decision-making without blocking, fencing-off or significantly burdening choices.^[17]

In this regard, Sunstein and Thaler’s approach parallels the work of Lawrence Lessig, one of the most influential Internet policy thinkers. Lessig has argued that the “architecture” of “code” (how software is written) “regulates” all online activities and requires government oversight and intervention to keep in check. Otherwise, he warned ominously a decade ago, “Left to itself, cyberspace will become a perfect tool of control.”^[18] Lessig’s hyper-pessimistic predictions have proven unwarranted, however. Far from fostering a world of “perfect control,” code and cyberspace have proven remarkably difficult to regulate, but nonetheless has generally benefited consumers and citizens without centralized direction.^[19] Still, Lessig, Sunstein, and others of this ilk persist in their advocacy of “nudges” of many varieties to impose their will on cyberspace through mandates from above.

But while it might be possible to define “better decisions” and argue that poor choice architecture leads people to choose things they clearly don’t want in contexts like investment decisions and mortgages, how can elites know what other people really want in highly subjective contexts like privacy and speech? Should they rely on opinion polls—the highly subjective results of which depend heavily on “choice architecture” of question-crafting—to guess what the right default should be?^[20] Was the Chinese proposal to mandate deployment of “Green Dam” just a harmless “nudge” because users weren’t barred from uninstalling the filtering software that must accompany their computers (i.e., “opting-out”)? The problem becomes even more difficult where trade-offs among competing values are inevitable. For example, data collection about Internet users raises privacy concerns for some but benefits all, creating more funding for “free” content (i.e., speech) and services users prefer by making more valuable the advertising that supports online publishers. In short, regulations of speech and privacy are likely to be pure paternalism, even when billed as “libertarian paternalism as Thaler and Sunstein label their approach.^[21]

What might be called “regulatory blackmail” is also a time-honored tradition among both advocates of speech controls and privacy regulation. When censorship advocates have previously been impeded by the First Amendment, they have worked behind the scenes with lawmakers or regulatory agencies to use indirect pressure and strong-arming tactics to extract “voluntary concessions” from companies or others.^[22] For example, in 2004, the FCC strong-armed radio giant Clear Channel into agreeing to a “voluntary” consent decree that involved taking Howard Stern off the air.^[23] Similarly, in 2008, XM and Sirius Satellite Radio finally agreed to set aside 4% of their system capacity for use by politically favored racial minorities (a kind of speech control) as a “voluntary condition” of their merger—after the FCC had sat on their application for nearly 16 months.^[24] This race-based preference would have been unconstitutional if the FCC had imposed it directly.^{^[25]} While the FTC has been far less prone to such abuse and actually plays a key role in holding companies to their promises, its current Chairman, Jon Leibowitz, has hung the “regulatory sword of Damocles” over the heads of the online advertising industry, threatening them with a “day of reckoning” if he doesn’t get what he wants from industry self-regulatory efforts.”^[26] The sword could actually fall if the FTC turns self-regulation into the European model of “co-regulation,” where the government steers and industry simply rows.^[27]

V. The Crisis Mentality that Drives Regulation

Speech and privacy regulatory advocates share another trait in common: an affinity for the use of a crisis mentality as a method of spurring political action. In his 1995 book The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy, political philosopher and economist Thomas Sowell formulated a model that he argued drives ideological crusades to expand government power over our lives and economy. “The great ideological crusades of the twentieth-century intellectuals have ranged across the most disparate fields,” noted Sowell. But what they all had in common, he argued, was “their moral exaltation of the anointed above others, who are to have their different views nullified and superseded by the views of the anointed, imposed via the power of government.”^[28] These government-expanding crusades shared several key elements, which Sowell identified as follows:

Assertion of a great danger to the whole society, a danger to which the masses of people are oblivious.
An urgent need for government action to avert impending catastrophe.
A need for government to drastically curtail the dangerous behavior of the many, in response to the prescient conclusions of the few.
A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes.

We see this model at work on a daily basis today with our government’s various efforts to reshape our economy, but the model is equally applicable to debates over speech controls and privacy regulation. In particular, the various “technopanics”^[29] we have witnessed in recent years fit this model. For example, consider how this model plays out in the debate over online social networking:

Assertion of a great danger to the whole society [online sexual predators], a danger to which the masses of people are oblivious.
An urgent need for government action [such as mandatory online age verification ^[30] or the Deleting Online Predators Act ^[31]] to avert impending catastrophe.
A need for government to drastically curtail the dangerous behavior of the many [must stop kids and adults from being online together on same sites], in response to the prescient conclusions of the few [some state Attorneys General].^[32]
A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [child safety researchers and others are told that their research is meaningless or offbase].^[33]

We also see this model in play in other debates, such as efforts to regulate “excessively violent” video games and television programming.^[34] And consider how this model plays out on the privacy front:

Assertion of a great danger to the whole society [amorphous privacy violations], a danger to which the masses of people are oblivious.
An urgent need for government action [“baseline federal privacy regulation”] to avert impending catastrophe.
A need for government to drastically curtail the dangerous behavior of the many [anyone who shares information online], in response to the prescient conclusions of the few [a handful of privacy advocacy groups].
A disdainful dismissal of arguments to the contrary as either uninformed, irresponsible, or motivated by unworthy purposes [any suggestion that privacy concerns are being overblown and that most information-sharing is socially beneficial is dismissed out-of-hand].

Worse yet, regulatory intervention in these cases simply begets more and more intervention to correct the inevitable failures of, or dissatisfaction with, previous interventions.^[35] Thus, the “crisis” cycle never ends.

VI. Third-Person Effect Hypothesis as an Explanation

Something more profound than simple political elitism seems to be at work here, however. A phenomenon psychologists refer to as the “third-person effect hypothesis” can explain many calls for government intervention, especially in the media world.^{^[36]} Simply stated, speech and privacy critics sometimes seem to only see and hear in media or communications what they want to see and hear—or what they don’t want to see or hear. When they encounter perspectives or preferences that are at odds with their own, they are more likely to be concerned about the impact of those things on others throughout society and come to believe that government must “do something” to correct those perspectives. Many people desire regulation because they think it will be good for others, not necessarily for themselves. The regulation they desire has a very specific purpose in mind: “re-tilting” speech or market behavior in their desired direction.

The third-person effect hypothesis was first formulated by W. Phillips Davison in a seminal 1983 article:

In its broadest formulation, this hypothesis predicts that people will tend to overestimate the influence that mass communications have on the attitudes and behavior of others. More specifically, individuals who are members of an audience that is exposed to a persuasive communication (whether or not this communication is intended to be persuasive) will expect the communication to have a greater effect on others than on themselves.^[37]

Davison used this hypothesis to explain how media critics on both the Left and Right seemed to simultaneously find “bias” in the same content or reports when they couldn’t possibly both be correct. In reality, their own personal preferences were biasing their ability to fairly evaluate that content. Davison’s article prompted further research by many other psychologists, social scientists, and public opinion experts to test just how powerful this phenomenon was in explaining calls for censorship and other social phenomena.^{^[38]} In these studies, third-person effect has been shown to be the primary explanation for why many people fear—or even want to ban—various types of speech or expression, including news,^{^[39]} misogynistic rap lyrics,^{^[40]} television violence,^{^[41]} video games,^{^[42]} and pornography.^{^[43]} In each case, the subjects surveyed expressed strong misgivings about allowing others to see or hear too much of the speech or expression in question, but greatly discounted the impact of that speech on themselves. Such studies thus reveal the strong paternalistic instinct behind proposals to regulate speech. As Davison notes:

Insofar as faith and morals are concerned… it is difficult to find a censor who will admit to having been adversely affected by the information whose dissemination is to be prohibited. Even the censor’s friends are usually safe from the pollution. It is the general public that must be protected. Or else, it is youthful members of the general public, or those with impressionable minds.^{^[44]}

It’s easy to see how this same phenomenon is at work in debates about privacy. Regulatory advocates imagine their preferences are “correct” (right for everyone) and that the masses are being duped by external forces beyond their control or comprehension, even though the advocates themselves are somehow immune from the brain-washing and privy to some higher truth that the hoi polloi simply cannot fathom. Again, this is Sowell’s “Vision of the Anointed” at work.

Consider the flare-up in 2004 over the introduction of Gmail, Google’s free email service. At a time when Yahoo! mail (then as now the leading webmail provider) offered customers less than 10 megabytes of email storage, Gmail offered an astounding gigabyte of storage that would grow over time (now over 7 GB). Rather than charging some users for more storage or special features, Google paid for the service by showing advertisements next to each email “contextually” targeted to keywords in that email—a far more profitable form of advertising than “dumb banner” ads previously used by other webmail providers.^[45] Self-appointed (or, to extend Sowell’s framework, “self-anointed”) privacy advocates howled that Google was going to “read users’ email,” and led a crusade to ban such algorithmic contextual targeting.^[46] Thierer responded to these critics by pointing out that the service was purely voluntary and noted:

you don’t speak for me and a lot of other people in this world who will be more than happy to cut this deal with Google. So do us a favor and don’t ask the government to shut down a service just because you don’t like it. Privacy is a subjective condition and your value preferences are not representative of everyone else’s values in our diverse nation. Stop trying to coercively force your values and choices on others. We can decide these things on our own, thank you very much.^[47]

Interestingly, however, the frenzy of hysterical indignation about Gmail was followed by a collective cyber-yawn: Users increasingly understood that algorithms, not humans, were doing the “reading” and that, if they didn’t like it, they didn’t have to use it. Today, nearly 150 million of people around the world use Gmail, and it has a steadily growing share of the webmail market. Even though cyber-consumers have embraced the service, some privacy advocates persist in their effort to shut down Gmail. They appear determined to stop at nothing to impose their will on others—the essence of political elitism—even if that means cutting off free email service for 150 million people!^{^[48]}

A similar debate has played out more recently regarding targeted online advertising in general. Advertising on search engines is, much like Gmail, targeted “contextually” based on search terms entered by users and most advertising on other websites is based on the nature of content on a site or page. But certain data is collected about users as they browse to make that advertising more effective—by measuring its performance, reducing fraud, preventing over-exposure, etc. Some privacy advocates have insisted that industry self-regulation of such practices (even if enforced by the FTC) is inadequate and have called for preemptive regulation. They are even more offended by “behavioral advertising” which allows publishers whose content would have little value as the basis for contextually targeting advertising on their own sites to compete for more highly valued advertising by showing ads to users based on other sites they’ve visited. In both cases, data collection can increase the funding available to publishers to produce more of the content and services preferred by users, thus conferring an enormous indirect benefit on users, but also directly benefits users by increasing the relevance of the advertising they see.^[49] For some of the more extreme advocates of privacy regulation, however, there are no trade-offs, only absolutist “solutions:” To them, privacy is so obviously desirable that they feel at ease in deciding what’s best for everyone else. Such absolutists often respond with righteous indignation and conspiratorial fulmination when challenged to identify the harm against which they’re protecting consumers, while disdainfully dismissing all talk of the benefits of online advertising as self-serving industry propaganda.^[50]

VII. The Principled Alternative: Trust People & Empower Them

There is an alternative to this elitist mentality: freedom and personal responsibility. Individuals should be permitted to live a life of their own, even if they sometimes make mistakes or choices that are at odds with what elites think is best for them. ^[51]

Of course, the world isn’t perfect. In an ideal world, adults would be fully empowered to tailor speech and privacy decisions to their own values and preferences. Specifically, in an ideal world, adults (and parents) would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to not only block the things they don’t like—objectionable content, annoying ads or the collection of data about them—while also finding the things they want.

Achieving that ideal is likely impossible, but the good news is that we are moving closer to it with each passing day. Citizens have more tools and methods at their disposal than ever before which enable them to make decisions for themselves and their families. And this is true for both parental controls ^{^[52]} and privacy controls.^{^[53]}

Of course, some speech and privacy elitists will argue that we can’t trust empowerment tools ( e.g., filters, rating systems, or other controls) that are created by companies or other affected parties. But rather than trying to enhance those tools and educate users about how to use them, these elitists skip right past user empowerment and channel their energies into regulations that would impose a top-down, one-size-fits all standard on all adults and families—or even into trying to craft the perfect “nudge” that will help users make what elites believe to be the “right” decisions. Of course, these tools can, and should, be improved. Those groups worried about speech/content and privacy issues should focus on how we might drive such protections from the bottom-up by empowering individuals instead of government bureaucrats. The goal in both cases should be a “let-a-thousand-flowers-bloom” approach, which offers diverse tools and strategies for our diverse citizenry.^{^[54]} We need not accept “one-size-fits” all approaches, whether they be regulatory mandates or “nudges,” based on the presumption that elites know best.

Finally, it is vital not to lose sight of what’s ultimately at stake here. If regulatory approaches trump the empowerment agenda we have described, the future of a free and open Internet—indeed, as technology converges, the future of all media—is at risk.^[55] By imposing technological solutions from the top-down that can never keep pace with technological change, regulation necessarily forecloses freedom and innovation.^[56] By contrast, individual empowerment allows innovation to flourish. The better approach across the board is education, not regulation.^{^[57]} Empowerment, not elitism, is the path forward. The digital elite should be leading this effort by developing and promoting technologies of empowerment, not crafting regulatory mandates to force their will upon us.^[58]

#

Adam Thierer is a Senior Fellow with The Progress & Freedom Foundation and the director of its Center for Digital Media Freedom. Berin Szoka is a Senior Fellow with PFF and the Director of PFF’s Center for Internet Freedom.

[1] . William A. Henry, In Defense of Elitism (1995) at 2-3.

[2] . See Adam Thierer, The Progress & Freedom Foundation, Congress, Content Regulation, and Child Protection: The Expanding Legislative Agenda, Progress Snapshot 4.4, Feb. 2008, www.pff.org/issues-pubs/ps/2008/ps4.4childprotection.html. Like American courts, we use the term “speech” as a broad catch-all for communications, including both actual speaking as well as other forms of transmitting, as well as receiving, information (“content”).

[3] . See generally Adam Thierer, Don’t Scapegoat Media, USA Today, Dec. 4, 2008, www.pff.org/issues-pubs/ps/2008/ps4.24scapegoatmedia.html; Marjorie Heins, Not in Front of the Children, “Indecency,” Censorship, and the Innocence of Youth (2001); Karen Sternheimer, It’s Not the Media: The Truth about Pop Culture’s Influence on Children (2003); Karen Sternheimer, Kids These Days: Facts and Fictions about Today’s Youth (2006).

[4] . See Adam Thierer, The Progress & Freedom Foundation, FCC Violence Report Concludes that Parenting Doesn’t Work, PFF Blog, Apr. 26, 2007, http://blog.pff.org/archives/2007/04/fcc_violence_re.html.

[5] . See Adam Thierer, The Progress & Freedom Foundation, Sen. Rockefeller Gives Up on Parenting at Senate Violence Hearing, PFF Blog, June 26, 2007, blog.pff.org/archives/2007/06/sen_rockefeller_1.html.

[6] . Adam Thierer, Conservatives, Porn, and “Community Standards,” The Technology Liberation Front, March 2, 2009, http://techliberation.com/2009/03/02/conservatives-porn-and-community-standards.

[7] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Online Advertising & User Privacy: Principles to Guide the Debate, Progress Snapshot 4.19, Sept. 2008, www.pff.org/issues-pubs/ps/2008/ps4.19onlinetargeting.html.

[8] . Jeff Chester, for decades the great gadfly of American advertising, has decried “the system … developed to track each and every one of us and our behavior for one-on-one marketing efforts” as “manipulative, intrusive and un-democratic.” Wendy Melillo, Q&A: Chester Writes the Book on Privacy, Dec. 11, 2007, www.gfem.org/node/227. For instance, Chester and other leading “privacy advocates” ridicule the idea of smart phones as a “liberating technology” and insist that,

Despite the glowing words about customization and personalized service, what marketers and advertisers are increasingly offering consumers is merely the illusion of free choice. Mobile operators offer their various options and services, not on an individual basis, but preconfigured according to segmented demographic profiles.

Center for Digital Democracy and U.S. Public Interest Research Group, Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Mobile Marketing Practices, Jan. 13, 2009 (emphasis original), www.democraticmedia.org/files/FTCmobile_complaint0109.pdf. See generally Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, Targeted Online Advertising: What’s the Harm & Where Are We Heading?, Progress on Point 16.2, Feb. 2009, www.pff.org/issues-pubs/pops/2009/pop16.2targetonlinead.pdf.

[9] . Berin Szoka & Adam Thierer, The Progress & Freedom Foundation, COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, Progress on Point 16.11, May 2009, www.pff.org/issues-pubs/pops/2009/pop16.11-COPPA-and-age-verification.pdf.

[10] . The Supreme Court has used a “right to privacy” to strike down laws against the use of contraception by married couples, Griswold v Connecticut, 381 U.S. 479 (1965), and abortion, Roe v. Wade, 410 U.S. 113 (1973).

[11] . Eugene Volokh, Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People From Speaking About You, 52 Stanford L. Rev. 1049 (2000), available at www.pff.org/issues-pubs/pops/pop7.15freedomofspeech.pdf.

[12] . See , Amicus Brief for Association Of National Advertisers, Cato Institute, Coalition For Healthcare Communication, Pacific Legal Foundation And The Progress & Freedom Foundation In Support Of Appellants, IMS Health v. Sorrell, No. 09-1913-cv(L), 09-2056-cv(CON) (2nd Cir. 2009), available at www.pff.org/issues-pubs/filings/2009/071309-Brief-Amici-Curiae-ANA-et-al-Second-Circuit-(09-1913-cv).pdf.

[13] . See Adam Thierer, The Progress & Freedom Foundation, Social Networking and Age Verification: Many Hard Questions; No Easy Solutions, Progress on Point No. 14.5, March 2007, www.pff.org/issues-pubs/ pops/pop14.8ageverificationtranscript.pdf; www.pff.org/issues-pubs/pops/pop14.5ageverification.pdfAdam Thierer, The Progress & Freedom Foundation, Statement Regarding the Internet Safety Technical Task Force’s Final Report to the Attorneys General, Jan. 14, 2008, www.pff.org/issues-pubs/other/090114ISTTFthiererclosingstatement.pdf; Nancy Willard, Why Age and Identity Verification Will Not Work—And is a Really Bad Idea, Jan. 26, 2009, www.csriu.org/PDFs/digitalidnot.pdf; Jeff Schmidt, Online Child Safety: A Security Professional’s Take, The Guardian, Spring 2007, www.jschmidt.org/AgeVerification/Gardian_JSchmidt.pdf.

[14] . Adam Thierer, The Progress & Freedom Foundation, Mandatory Data Retention: How Much is Appropriate, PFF Blog, June 26, 2006, http://blog.pff.org/archives/2006/06/mandatory_data.html

[15] . Adam Thierer, The Progress & Freedom Foundation, The Perils of Mandatory Parental Controls and Restrictive Defaults, Progress on Point 14.4, Apr. 11, 2008, www.pff.org/issues-pubs/pops/2008/pop15.4defaultdanger.pdf.

[16] . Adam Thierer, China’s Green Dam Filter and the Threat of Rising Global Censorship, PFF Blog, June 17, 2009, http://blog.pff.org/archives/2009/06/chinas_green_dam_filter_and_threat_of_rising_globa.html

[17] . They define choice architecture as follows: “A structure designed by a choice architect(s) to improve the quality of decisions made by homo sapiens. Often invisible, choice architecture is the specific user-friendly shape of an organization’s policy or physical building when homo sapiens come into contact with it. Examples of choice architecture include a voter ballot, a procedure for handling well-meaning people who forget a deadline, or a skyscraper.” Nudge Glossary of Terms, www.nudges.org/glossary.cfm.

[18] . Lawrence Lessig, Code and Other Laws of Cyberspace (1999) at 6.

[19] . See Adam Thierer, Code, Pessimism, and the Illusion of “Perfect Control,” Cato Unbound, May 2009, www.cato-unbound.org/2009/05/08/adam-thierer/code-pessimism-and-the-illusion-of-perfect-control

[20] . See Solveig Singleton & Jim Harper, With A Grain of Salt: What Consumer Privacy Surveys Don’t Tell Us, 2001, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=299930.

[21] . As Cato Institute scholar Will Wilkinson has argued, the book’s “agreeably banal doctrine of choice-preserving helpfulness” blurs the lines between paternalism and libertarianism, and thus “the thrust of the conceptual renovation behind the term libertarian paternalism is to empower, not limit, political elites.” Why Opting Out Is No “Third Way,” Reason, October 2008, www.reason.com/news/show/128916.html. See also Adam Thierer, The Progress & Freedom Foundation, Sunstein’s “Libertarian Paternalism” is Really Just Paternalism, PFF Blog, April 7, 2008, http://blog.pff.org/archives/2008/04/sunsteins_liber.html.

[22] . See Robert Corn-Revere, “’Voluntary’ Self-Regulation and the Triumph of Euphemism,” in Rationales & Rationalizations: Regulating the Electronic Media (Robert Corn-Revere, ed., 1997), at 183-208.

[23] . Telecom Policy Report, Commission Settles Indecency Charges, But At What Cost?, June 30, 2004, http://findarticles.com/p/articles/mi_m0PJR/is_25_2/ai_n6091525.

[24] . See Adam Thierer, XM-Sirius, Regulatory Blackmail, and Diversity, June 17, 2008, http://blog.pff.org/archives/2008/06/xmsirius_regula.html.

[25] . See Comments of W. Kenneth Ferree on Implementation of Sirius-XM Merger Condition, The Progress & Freedom Foundation, MB Docket No. 07-57, March 30, 2009, www.pff.org/issues-pubs/filings/2009/033009siriusXMconditionfiling.pdf.

[26] . See Szoka & Adam Thierer, supra note 8 at 3.

[27] . See id. at 2.

[28] . Thomas Sowell, The Vision of the Anointed: Self-Congratulation as a Basis for Social Policy (1995) at 5.

[29] . Alice Marwick, To Catch a Predator? The MySpace Moral Panic, First Monday, Vol. 13, No. 6-2, June 2008, www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2152/1966; Wade Roush, The Moral Panic over Social Networking Sites, Technology Review, Aug. 7, 2006, www.technologyreview.com/communications/17266; Anne Collier, Why Techopanics are Bad, Net Family News, April 23, 2009, www.netfamilynews.org/2009/04/why-technopanics-are-bad.html; Adam Thierer, Parents, Kids & Policymakers in the Digital Age: Safeguarding Against ‘Techno-Panics,’ Inside ALEC, July 2009, at 16-17, www.alec.org/am/pdf/Inside_July09.pdf; Adam Thierer, Progress & Freedom Foundation, Technopanics and the Great Social Networking Scare, PFF Blog, June 10, 2008, http://techliberation.com/2008/07/10/technopanics-and-the-great-social-networking-scare.

[30] . Supra note 13.

[31] . In the 109th Congress, former Rep. Michael Fitzpatrick (R-PA) introduced the Deleting Online Predators Act (DOPA), which proposed a ban on social networking sites in public schools and libraries. DOPA passed the House of Representatives shortly thereafter by a lopsided 410-15 vote, but failed to pass the Senate. The measure was reintroduced just a few weeks into the 110th Congress by Senator Ted Stevens (R-AK), the ranking minority member and former chairman of the Senate Commerce Committee. It was section 2 of a bill that Sen. Stevens sponsored titled the “Protecting Children in the 21st Century Act” (S. 49), but was later removed from the bill. See Declan McCullagh, Chat Rooms Could Face Expulsion, CNet News.com, July 28, 2006, http://news.com.com/2100-1028_3-6099414.html?part=rss&tag=6099414&subj=news.

[32] . See Emily Steel & Julia Angwin, MySpace Receives More Pressure to Limit Children’s Access to Site, Wall Street Journal, June 23, 2006, online.wsj.com/public/article/SB115102268445288250-YRxkt0rTsyyf1QiQf2EPBYSf7iU_20070624.html; Susan Haigh, Conn. Bill Would Force MySpace Age Check, Yahoo News.com, March 7, 2007, www.msnbc.msn.com/id/17502005.

[33] . See, e.g., Letter of Henry McMaster, Attorney General, South Carolina to Attorney General Richard Blumenthal and Attorney General Roy Cooper Regarding Internet Safety Task Force (“ISTTF”) Report, January 14, 2009, www.scag.gov/newsroom/pdf/2009/internetsafetyreport.pdf

[34] . See Adam Thierer, The Progress & Freedom Foundation, Video Games and “Moral Panic,” PFF Blog, Jan. 23, 2009, http://blog.pff.org/archives/2009/01/video_games_and_moral_panic.html ; Adam Thierer, The Progress & Freedom Foundation, Fact and Fiction in the Debate over Video Game Regulation, Progress Snapshot 13.7, March 2006, www.pff.org/issues-pubs/pops/pop13.7videogames.pdf.

[35] . “All varieties of interference with the market phenomena not only fail to achieve the ends aimed at by their authors and supporters, but bring about a state of affairs which—from the point of view of their authors’ and advocates’ valuations—is less desirable than the previous state affairs which they were designed to alter. If one wants to correct their manifest unsuitableness and preposterousness by supplementing the first acts of intervention with more and more of such acts, one must go farther and farther until the market economy has been entirely destroyed and socialism has been substituted for it.” Ludwig von Mises, Human Action, at 858 (3rd ed. 1963) (1949).

[36] . See generally Adam Thierer, The Progress & Freedom Foundation, Media Myths: Making Sense of the Debate over Media Ownership (2005) at 119-123, www.pff.org/issues-pubs/books/050610mediamyths.pdf (Explaining how the third-person effect serves as a powerful explanation for the heated backlash that followed an FCC effort to moderately liberalize media ownership rules in 2003-04).

[37] . W. Phillips Davison, The Third-Person Effect in Communication, 47 Public Opinion Quarterly 1, Spring 1983, at 3.

[38] . For the best overview of third-person effect research, see Douglas M. McLeod, Benjamin H. Detenber, and William P. Eveland., Jr., Behind the Third-Person Effect: Differentiating Perceptual Processes for Self and Other, 51 Journal of Communication, Vol. 51, No. 4, 2001, at 678-695.

[39] . Vincent Price, David H. Tewksbury & Li-Ning Huang, Third-person Effects of News Coverage: Orientations Toward Media, Journalism & Mass Communications Quarterly, Vol. 74, at 525-540.

[40] . Douglas M. McLeod, William P. Eveland & Amy I. Nathanson, Support for Censorship of Violent and Misogynic Rap Lyrics: And Analysis of the Third-Person Effect, Communications Research, Vol. 24, 1997, at 153-174.

[41] . Hernando Rojas, Dhavan V. Shah, and Ronald J. Faber, For the Good of Others: Censorship and the Third-Person Effect, International Journal of Public Opinion Research, Vol. 8, 1996, at 163-186.

[42] . James D. Ivory, Addictive, But Not For Me: The Third-Person Effect and Electronic Game Players’ Views Toward the Medium’s Potential for Dependency and Addiction, University of North Carolina at Chapel Hill, School of Journalism and Mass Communication, Aug. 2002.

[43] . Albert C. Gunther, Overrating the X-rating: The Third-person Perception and Support for Censorship of Pornography, Journal of Communication, Vol. 45, No. 1, 1995, at 27-38

[44] . Supra note 37 at 14. Along these lines, a December 2004 Washington Post article documented the process by which the Parents Television Council, a vociferous censorship advocacy group, screens various television programming. One of the PTC screeners interviewed for the story talked about the societal dangers of various broadcast and cable programs she rates, but then also noted how much she personally enjoys HBO’s “The Sopranos” and “Sex and the City,” as well as ABC’s “Desperate Housewives.” Apparently, in her opinion, what’s good for the goose is not good for the gander! See Bob Thompson, Fighting Indecency, One Bleep at a Time, The Washington Post, Dec. 9, 2004, at C1, www.washingtonpost.com/wp-dyn/articles/A49907-2004Dec8.html.

[45] . See Chris Anderson, Free: The Future of a Radical Price at 112-118 (2009).

[46] . See Letter from Chris Jay Hoofnagle, Electronic Privacy Information Center, Beth Givens, Privacy Rights Clearinghouse, Pam Dixon, World Privacy Forum, to California Attorney General Lockyer, May 3, 2004, http://epic.org/privacy/gmail/agltr5.3.04.html.

[47] . See email from Adam Thierer to Declan McCullaugh on Politech Email discussion group, April 30, 2004, http://lists.jammed.com/politech/2004/04/0083.html (emphasis added).

[48] . See Complaint and Request for Injunction of the Electronic Privacy Information Center against Google, Inc., March 17, 2009, http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf; see also Ryan Radia, Should the FTC Shut Down Gmail and Google Docs Because of an Already-Fixed Bug?, Technology Liberation Front Blog, March 18, 2009, http://techliberation.com/2009/03/18/should-the-ftc-shut-down-gmail-and-google-docs-because-of-an-already-fixed-bug/.

[49] . See Berin Szoka & Mark Adams, The Progress & Freedom Foundation, The Benefits of Online Advertising & the Costs of Regulation, PFF Working Paper, forthcoming.

[50] . Anti-advertising crusader Jeff Chester often resorts to questioning the motives of those who question whether his regulatory prescriptions would actually benefit consumers, see, e.g., http://techliberation.com/2009/06/17/behavioral-advertising-industry-practices-hearing-some-issues-that-need-to-be-discussed/#comment-11698840. See generally Jeff Chester, Digital Destiny: New Media and the Future of Democracy (2007).

[51] . “The only freedom which deserves the name is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs or impede their efforts to obtain it. Each is the proper guardian of his own health, whether bodily or mental and spiritual.” John Stuart Mill, On Liberty (Penguin Classics, 1859, 1986) at 72.

[52] . Adam Thierer, The Progress & Freedom Foundation, Parental Controls & Online Child Protection, Special Report, Version 4.0, Summer 2009, www.pff.org/parentalcontrols.

[53] . Adam Thierer, Berin Szoka & Adam Marcus, The Progress & Freedom Foundation, Privacy Solutions, PFF Blog, Ongoing Series, http://blog.pff.org/archives/ongoing_series/privacy_solutions.

[54] . Comments of Adam Thierer, The Progress & Freedom Foundation, In the Matter of Implementation of the Child Save Viewing Act; Examination of Parental Control Technologies for Video or Audio Programming; MB Docket No. 09-26, April 16, 2009, www.pff.org/issues-pubs/filings/2009/041509-%5bFCC-FILING%5d-Adam-Thierer-PFF-re-FCC-Child-Safe-Viewing-Act-NOI-(MB-09-26).pdf.

[55] . See Adam Thierer, FCC v. Fox and the Future of the First Amendment in the Information Age, Engage, Feb. 20, 2009, www.fed-soc.org/doclib/20090216_ThiererEngage101.pdf

[56] . “To act on the belief that we possess the knowledge and the power which enable us to shape the processes of society entirely to our liking, knowledge which in fact we do not possess, is likely to make us do much harm.” Friedrich von Hayek, “The Pretence of Knowledge,” in The Essence of Hayek, (Hoover Inst., 1984), at 276.

[57] . Adam Thierer, The Progress & Freedom Foundation, Two Sensible, Education-Based Legislative Approaches to Online Child safety, Progress Snapshot 3.10, Sept. 2007, www.pff.org/issues-pubs/ps/2007/ps3.10safetyeducationbills.pdf.

[58] . See, e.g., Berin Szoka, Google, CDT, Online Advertising & Preserving Persistent User Choice Across Ad Networks Through Plug-ins, Technology Liberation Front Blog, March 13, 2009, http://techliberation.com/2009/ 03/13/google-cdt-online-advertising-preserving-persistent-user-choice-across-ad-networks-through-plug-ins/.

Mill’s On Liberty at 150: Its Legacy for Freedom of Speech & Expression

Adam Thierer — Fri, 10 Jul 2009 21:16:15 +0000

John Stuart Mill’s On Liberty turns 150 this year. Published in 1859, this slender manifesto for human liberty went on to become a classic of modern philosophy and political science. It remains a beautiful articulation of the core principles of human liberty and a just society.

Anyone familiar with the book recognizes the importance of the opening chapter and Mill’s “one very simple principle” for “the dealings of society with the individual in the way of compulsion and control, whether the means used be physical force in the form of legal penalties, or the moral coercion of public opinion”:

That principle is, that the sole end for which mankind are warranted, individually or collectively, in interfering with the liberty of action of any of their number, is self-protection. That the only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant. He cannot rightfully be compelled to do or forbear because it will be better for him to do so, because it will make him happier, because, in the opinions of others, to do so would be wise, or even right. These are good reasons for remonstrating with him, or reasoning with him, or persuading him, or entreating him, but not for compelling him, or visiting him with any evil in case he do otherwise. To justify that, the conduct from which it is desired to deter him, must be calculated to produce evil to some one else. The only part of the conduct of any one, for which he is amenable to society, is that which concerns others. In the part which merely concerns himself, his independence is, of right, absolute. Over himself, over his own body and mind, the individual is sovereign.

Mill went on to outline “the appropriate region of human liberty,” and divided it into:

“liberty of conscience, in the most comprehensive sense; liberty of thought and feeling; absolute freedom of opinion and sentiment on all subjects, practical or speculative, scientific, moral, or theological. The liberty of expressing and publishing opinions may seem to fall under a different principle, since it belongs to that part of the conduct of an individual which concerns other people; but, being almost of as much importance as the liberty of thought itself, and resting in great part on the same reasons, is practically inseparable from it.”
“liberty of tastes and pursuits; of framing the plan of our life to suit our own character; of doing as we like, subject to such consequences as may follow: without impediment from our fellow-creatures, so long as what we do does not harm them, even though they should think our conduct foolish, perverse, or wrong”
“freedom to unite, for any purpose not involving harm to others”

Bringing it altogether, he argued:

The only freedom which deserves the name, is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs, or impede their efforts to obtain it. Each is the proper guardian of his own health, whether bodily, or mental and spiritual. Mankind are greater gainers by suffering each other to live as seems good to themselves, than by compelling each to live as seems good to the rest.

To this day, I do not believe there has been a more eloquent or concise summation of the central principles of libertarianism than those passages from Chapter 1 of the book. But what many fail to remember or appreciate is the equally powerful second chapter of Mill’s treatise, “On the Liberty of Thought and Discussion.” It was a bold defense of freedom of speech and expression that was many decades ahead of its time. And it still has lessons and warnings worth heeding in our modern Information Age.

Mill opened that chapter by noting that:

The time, it is to be hoped, is gone by, when any defence would be necessary of the “liberty of the press” as one of the securities against corrupt or tyrannical government. No argument, we may suppose, can now be needed, against permitting a legislature or an executive, not identified in interest with the people, to prescribe opinions to them, and determine what doctrines or what arguments they shall be allowed to hear.

Alas, Mill knew that we weren’t quite there yet in 1859. Efforts to suppress speech and expression were alive and well. And so he marshaled all his intellectual forces to construct a powerful critique of censorship in all its forms:

The power itself is illegitimate. The best government has no more title to it than the worst. It is as noxious, or more noxious, when exerted in accordance with public opinion, than when in opposition to it. If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind. Were an opinion a personal possession of no value except to the owner; if to be obstructed in the enjoyment of it were simply a private injury, it would make some difference whether the injury was inflicted only on a few persons or on many. But the peculiar evil of silencing the expression of an opinion is, that it is robbing the human race; posterity as well as the existing generation; those who dissent from the opinion, still more than those who hold it. If the opinion is right, they are deprived of the opportunity of exchanging error for truth: if wrong, they lose, what is almost as great a benefit, the clearer perception and livelier impression of truth, produced by its collision with error. … We can never be sure that the opinion we are endeavouring to stifle is a false opinion; and if we were sure, stifling it would be an evil still.

Mill went on to show how, at root, censorship is based on arrogance and elitism:

Those who desire to suppress [an opinion], of course deny its truth; but they are not infallible. They have no authority to decide the question for all mankind, and exclude every other person from the means of judging. To refuse a hearing to an opinion, because they are sure that it is false, is to assume that their certainty is the same thing as absolute certainty. All silencing of discussion is an assumption of infallibility. Its condemnation may be allowed to rest on this common argument, not the worse for being common.

More profoundly, Mill taught us that the right to freedom of thought and expression was a core right upon which almost all our other rights depended:

Complete liberty of contradicting and disproving our opinion, is the very condition which justifies us in assuming its truth for purposes of action; and on no other terms can a being with human faculties have any rational assurance of being right.

In other words, if you care about any other rights and wish to exercise them to their fullest, you must first have the right to express opinions and, importantly, have them subjected to the opinions of others. This is how truth is discovered.

[Man] is capable of rectifying his mistakes by discussion and experience. Not by experience alone. There must be discussion, to show how experience is to be interpreted. Wrong opinions and practices gradually yield to fact and argument: but facts and arguments, to produce any effect on the mind, must be brought before it. Very few facts are able to tell their own story, without comments to bring out their meaning.

And Mill taught us that it is essential we be vigilant in defending our rights of speech and expression because, sadly, “the dictum that truth always triumphs over persecution, is one of those pleasant falsehoods which men repeat after one another till they pass into commonplaces, but which all experience refutes. History teems with instances of truth put down by persecution,” he correctly noted.

Mill’s words are every bit as relevant in 2009 as they were 1859. While we enjoy significant speech and press freedoms here in the United States today, censorial threats persist. Just a few years ago, the House of Representatives passed the Deleting Online Predators Act (DOPA), which proposed a ban on all social networking sites in public schools and libraries. DOPA passed the House of Representatives shortly thereafter by a remarkably lopsided 410-15 vote, but luckily failed to get through the Senate. However, Congress did pass several other online censorship measures in the 1990s, including the Communications Decency Act of 1996 and the Child Online Protection Act (COPA) of 1998, which luckily were both struck down by the courts.

Of course, we have it pretty good here in the States thanks the existence of the First Amendment to our Constitution. Most speech-restricting enactments get struck down today because they cannot withstand strict scrutiny under the First Amendment. But think about all those less fortunate in other countries who struggle on a regular basis to express themselves and learn the truth about the world and culture around them without interference from above.

Anyway, go give On Liberty another read if you haven’t done so in some time. It’s a timeless statement of the principles that should guide a just society. I’ll close with this apt warning from Mill about how history will remember those who fail to appreciate the importance of openness to new ideas:

And so far from the assumption being less objectionable or less dangerous because the opinion is called immoral or impious, this is the case of all others in which it is most fatal. These are exactly the occasions on which the men of one generation commit those dreadful mistakes, which excite the astonishment and horror of posterity.

Update: A colleague of mine just brought to my attention this essay of “150 Years of On Liberty” by Jonathan M. Riley that appeared in this month’s edition of TPM: The Philosopher’s Magazine.

Free Speech Implications of COPPA Expansion

Adam Thierer — Mon, 01 Jun 2009 03:23:18 +0000

As Berin mentioned last week, we have a new paper out on proposals to expand the Children’s Online Privacy Protection Act (COPPA) of 1998. We generically refer to those COPPA-expansion efforts as “COPPA 2.0.” Hence, the title of our paper: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.” To recap what Berin already noted, in the name of improving online child safety, some legislators and state attorneys general (AGs) are advocating the expansion of COPPA’s “verifiable parental consent” model of age verification before certain sites or services may collect, or enable the sharing of, personal information for children.

Unlike “COPPA 1.0,” however, which only applied to children under the age of 13, “COPPA 2.0” would apply to all minors up to age 17. Moreover, the range of sites covered by the new law would generally be expanded to include just about any site or service with social networking functionality.

Since Berin has already summarized our general concerns with efforts to expand COPPA’s “verifiable parental consent” online age verification system to cover more online users and sites, I thought I would focus here on what I believe will be the most controversial (and important) part of our paper — our discussion about how COPPA 2.0 affects the speech rights of both adults and adolescents.

Remember COPA?

To understand why COPPA expansion will raise serious First Amendment issues, we first need to step back and recall the legal battle over the Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA. Both COPPA and COPA rest on a stratification of users by age, but the approach of the two laws is very different: While COPPA requires age verification if content is “directed at” minors under age 13, COPA would have required that all website operators restrict access to material deemed “harmful to minors” by minors under the age of 17 and therefore requires age verification of all users who attempt to access such content (in order to identify minors). COPPA is focused on certain kinds of potentially harmful contacts while COPA is focused on potentially harmful content.

But by expanding the age range of COPPA to include adolescents, COPPA 2.0 proposals essentially converge with COPA, reaching the same practical consequence: age verification mandates for large numbers of adults as users (not as parents). Only the scope of sites covered by the laws is different: under COPA, sites deemed “harmful to minors,” and, under COPPA 2.0, adolescent-oriented or certain social networking sites. Thus, to the extent that COPPA 2.0 proposals require age verification of adults, they would be subject to constitutional attacks similar to those against COPA. But COPPA 2.0 proposals would also burden the rights of adults to communicate with adolescents and the free speech rights of adolescents.

Finally, the fact that COPPA (like COPA) applies only to commercial sites would do little to protect it from constitutional attack, because in a world of user-generated content, the commercial nature of a site has little to do with the commercial/non-commercial nature of the speech carried on it. For example, obviously commercial sites like MySpace and Facebook serve as platforms for a wide variety of not-for-profit and political communications.

How COPPA 2.0 Would Impact the Free Speech Rights of Adults

After a decade-long court battle over the constitutionality of COPA, the U.S. Supreme Court in January 2009 rejected the government’s latest request to revive the law, meaning it is likely dead. Three of the key reasons the courts struck down COPA would also apply to COPPA 2.0 proposals.

(1) First, like COPA, COPPA 2.0 would raise burden the speech rights of adults to access information subject to age verification requirements, both by making speech more difficult and by stigmatizing it. In 2003, the Third Circuit noted that age verification requirements “will likely deter many adults from accessing restricted content, because many Web users are simply unwilling to provide identification information in order to gain access to content, especially where the information they wish to access is sensitive or controversial.” In 2008, in striking down COPA for the third and final time, the Third Circuit approvingly quoted the district court, which had noted that part of the reason age verification requirements deterred users from accessing restricted content was “because Internet users are concerned about security on the Internet and because Internet users are afraid of fraud and identity theft on the Internet.” The district court had held that: “Requiring users to go through an age verification process would lead to a distinct loss of personal privacy” by threatening their anonymity.

By imposing broad age verification requirements, COPPA 2.0 would restrict the rights of adults to send and receive information anonymously just as COPA did. If anything, the speech burdened by COPPA 2.0 deserves more protection, not less, than the speech burdened by COPA: Where COPA merely burdened access to content deemed “harmful to minors” (viz., pornography), COPPA 2.0 would burden access to material by adults as well as minors not because that material is harmful or obscene but merely because it is “directed at” minors! Thus, the content covered by COPPA 2.0 proposals could include not merely pornography, but communications about political nature, which deserved the highest degree of First Amendment protection.

(2) Second, like COPA, COPPA expansion threatens the speech rights of website operators. The necessary corollary of blocking adults from accessing certain content anonymously — and thereby deterring some users from accessing that content — is that COPPA 2.0, like COPA, would necessarily reduce the audience size of websites subject to age verification mandates. Furthermore, such mandates would encourage websites to self-censor themselves to avoid offering content they fear could be considered “directed at” adolescents because doing so might subject them to an age verification mandate — or to legal liability if they fail to implement age verification. The substantial cost of age verification could significantly impact, if not make impossible, the business models of many personal information-collecting (PI) sites, which generally do not charge for content and rely instead on advertising revenues. The Third Circuit cited all of these burdens on the free speech rights of website operators in striking down COPA.

(3) Third, less restrictive alternatives are available to COPPA 2.0, just as they were for COPA.

The Third Circuit drew on the Supreme Court’s 2004 decision striking down COPA on the grounds that “blocking and filtering software is an alternative that is less restrictive than COPA, and, in addition, likely more effective as a means of restricting children’s access to materials harmful to them.” Similarly, parental control software already empowers parents to restrict their kids’ access to PI-collecting sites. (It’s particularly easy for parents to restrict access to the leading social networking sites that seem to be driving so much of the push for COPPA 2.0, so that their kids.)

Thus, the free speech rights burdened COPPA 2.0 proposals are at least as important as those burdened by COPA, and blocking software already empowers parents to restrict their kids’ access to PI-collecting sites, just as it allows parents to restrict access to pornography. Of course, if COPPA 2.0 laws were actually enacted and subject to legal challenge, the outcome of the case would depend largely on the level of constitutional scrutiny involved. COPPA 2.0 advocates might argue that, whatever the rights at stake, a lower level of constitutional scrutiny should apply because COPPA 2.0 does not target a special category of content. If true, this could mean that, although age verification mandates to restrict access to “harmful” material are unconstitutional, far more sweeping mandates restricting access to non-harmful information could be constitutional. Such inconsistency is indeed a perverse consequence of the fact that our First Amendment jurisprudence focuses not on the rights at stake, but on whether a regulation is “content-neutral” in deciding what level of scrutiny to apply—which, in turn, often determines the outcome of the case. But in this case, COPPA 2.0 proposals likely would be subject to strict scrutiny to the extent that they are, like COPA, focused on a certain category of content: that “directed at” adolescents (rather than “harmful to minors”).

Legislators who attempt to escape strict scrutiny by defining the scope of their bill not by its targeted audience but by reference to specific functional capabilities (in the definition of “social networking site”) will likely find that a court will see through such window-dressing: If they recognize that such bills are nonetheless aimed at a certain category of adolescent-oriented content, they will apply strict scrutiny anyway. But even under intermediate scrutiny, COPPA 2.0 proposals would be subject to serious attack.

Minors Have Speech Rights, Too!

In addition, in COPPA 2.0 approaches, the government would restrict the ability of adolescents to access content, not because it could be harmful to them or because it is obscene, but merely because it is “directed to” them. While the First Amendment rights of minors may not be on par with those of adults, adolescents do have the right to access certain types of information and express themselves in certain ways. The Supreme Court has held (in Planned Parenthood of Cent. Mo. v. Danforth) that “constitutional rights do not mature and come into being magically only when one attains the state-defined age of majority.” It remains unclear how an expanded COPPA model might interfere with the First Amendment rights of adolescents, but it is clear that privacy and speech rights would come into conflict under COPPA 2.0, as they do in other contexts.

For example, how might the parental-consent based model limit the ability of adolescents to obtain information about “safer sex” or how to deal with trauma, depression, family abuse, or addiction. Would an abusive father authorize a teen to visit a website about how to report child abuse? Would a parent of an adolescent struggling with their sexual identity let their kid participate in a self-help social networking page for gay and lesbian youth? What rights are at play here and how do we reconcile them?

Maintaining the ability of kids to participate online interactions goes beyond content that most people would recognize as “serious”—from the perspective of both First Amendment values and the education of children. As a recent MacArthur Foundation study of the online youth Internet use concluded:

Contrary to adult perceptions, while hanging out online, youth are picking up basic social and technological skills they need to fully participate in contemporary society. Erecting barriers to participation deprives teens of access to these forms of learning. Participation in the digital age means more than being able to access “serious” online information and culture.

It was at least in part in recognition of such difficult First Amendment questions that Congress removed the requirement in the initial legislative draft of COPPA that would have required PI-based sites to “use reasonable efforts to provide the parents with notice and an opportunity to prevent or curtail the collection or use of personal information collected from children over the age of 12 and under the age of 17.”

Even if parents have an absolute right to block their adolescents’ access to such data, they can already exercise that right by applying strict controls on the computers in their home. COPPA 2.0 proposals go well beyond recognizing this right by setting the default to “parental consent required” for adolescents to access a wide range of content—meaning that parents must “opt-in” on behalf of their children before their children can participate in PI-collecting sites. This, in turn, burdens the ability of adolescents to communicate, because their parents might censor (rightly or wrongly) certain information, or simply fail to understand the technologies involved or to be actively engaged. But whatever the free speech rights of adolescents, if anyone should be interfering with those rights, it should be their parents — not the government.

Some parents may object that, however effective parental control software may be in the home, it does not allow parents to control what their kids’ access outside the home. This argument is understandable on some level, but in the end, it amounts to a demand that roadblocks be put up everywhere for the sake of particularly sensitive parents at the expense of everyone else in society, including potentially huge numbers of adult users — and of online anonymity in general.

But Illinois’s COPPA 2.0 proposal goes even further, not merely expanding COPPA to cover a particular variety of social networking sites, but requiring that such sites “allow the parent or guardian of the minor unrestricted access to the profile webpage of the minor at all times.” Congress considered just such a parental access mandate in the initial draft of COPPA legislation back in 1998, but ultimately removed it from the final version of the legislation, apparently because even some of COPPA’s supporters worried, given the bill’s initial application to the 13-16 age bracket, that “The establishment of a parental right to access all personal information about a teenager may intrude on older minors’ privacy, rather than protect.”

What about Communication between Adolescents & Adults?

Finally, COPPA 2.0 could infringe on the free speech rights of adults to communicate with adolescents online by driving PI-collecting sites to segregate users by age or to attempt to block access by adolescents. The vast majority of adult-minor interactions online are not of a harassing or predatory nature—indeed, they generally involve adults looking to help or assist minors in various ways. As the MacArthur Foundation study cited above concluded:

In contexts of peer-based learning, adults … have an important role to play, though it is not the conventionally authoritative one. In friendship-driven practices, direct adult participation is often unwelcome, but in interest-driven groups we found a much stronger role for more experiences participants to play. Unlike instructors in formal educational settings, however, these adults are passionate hobbyists and creators, and youth see them as experienced peers, not as people who have authority over them. These adults exert tremendous influence in setting communal norms and what educators might call “learning goals,” though they do not have direct authority over newcomers.

A substantial portion of those interactions involve parents talking to their own kids, older and younger siblings communicating with one another, teachers and mentors talking to their students, or even co-workers of different ages communicating. Even when adult-minor communications involve complete strangers, there is typically a socially-beneficial purpose. Think of two people — one an adult and one a minor — debating politics on a discussion board, or creating a Wikipedia entry together. What about a presidential campaign website that involves millions of volunteers of all ages communicating and collaborating to a common purpose? There are countless other examples. How would such interactions be affected by COPPA 2.0? Restricting such interactions would raise profound First Amendment concerns about freedom of speech as well as of association.

In any First Amendment analysis, a court must consider not only the free speech rights at stake and the availability of less restrictive alternatives to regulation, but the governmental interest being advanced. Again, neither COPPA nor the COPPA 2.0 proposals discussed herein (e.g., the New Jersey and Illinois proposals) requires exclusion of older users from a website, nor directly governs the sharing of personal information among users (where that sharing does not also constitute collection by the site itself). But separation of adolescents from adults is likely to be an indirect effect of COPPA 2.0 requirements—as COPPA 2.0 advocates probably realize—because, once PI-collecting sites are required to age-verify users, they will face reputational, political and potentially legal pressure to make interactions between adolescents and children more difficult in the name of “child safety.” More subtly, if PI-collecting site operators have an incentive to avoid being considered “directed at” adolescents, they will also have an incentive to discourage adolescent participation on their site—which achieves a similar result.

Here, one must further ask if attempting to quarantine children from adults (however indirectly) actually advances, on net, a strong governmental interest in child protection. Such a quarantine is unlikely to stop adults with truly nefarious intentions from communicating with minors, as systems designed to exclude participation by adults in a “kids-only” or “adolescents-only” area can be easily circumvented. Given the lack of strong identity records for minors, it’s much easier for an adult to pretend to be a minor than vice versa. The effect of age stratification on truly bad actors is likely to be marginal at best—or harmful at worst: Building walls around adolescents through age-verification might actually make it easier for predators to target teens, since a predator who gains access to a supposedly teen-only site will be less likely to be exposed as a predator by targeting an adult they think is a teen. So for the sake of marginal (if any) gains in child protection, would we not be excluding beneficial interaction between adults and minors?

To hear some of the advocates of COPPA 2.0 talk about how teens currently behave online, one might think that online environments in which adolescents were left to their own devices—imagine a “Teen MySpace” for the 13-17 crowd, walled off from the rest of MySpace—would be far worse, perhaps an online version of Lord of the Flies. These concerns are clearly exaggerated: The critics frequently complain about “the way kids talk to each other these days” while looking at their own past adolescent banter with rose-colored lenses. What is clear is that adolescents (and young adults) behave better in online environments where adults are present, too. Perhaps the best demonstration of this fact has been the uproar from adolescents and young adults that has accompanied Facebook’s explosive growth in popularity among older users in recent months. Many kids hate the idea of adults joining Facebook precisely because the presence of adults encourages kids to “self-regulate” by exercising better judgment and following better netiquette.

Anne Collier, founder and executive director of the child safety advocacy organization Net Family News, Inc. and editor of NetFamilyNews.org and ConnectSafely.org, suggests that the push for “segregation” by age (e.g., creating a teen-only version of Second Life) for safety’s sake is “losing steam” because:

it’s a response to the predator panic teens and parents have been subjected to in U.S. society, not to the realities of youth on the social Web. What nearly a decade of peer-reviewed academic research shows is that peer-to-peer behavior is the online risk that affects many more youth, the vast majority of online kids who are not already at-risk youth offline. Segregating teens from adults online doesn’t address harassment, defamation, imposter profiles, cyberbullying, etc. It may help keep online predators away from kids (even though online predation, or abuse resulting from online communication, constitutes only 1% of overall child sexual exploitation…), which is a great outcome, but it’s not enough unless all that parents are worried about is predators.

Collier discusses the particularly acute problem of “actual or perceived sexual orientation and gender expression,” which the Salt Lake Tribune has noted are “two of the top three reasons secondary school students said their peers were most often bullied at school.” This kind of harassment recently attracted widespread public attention after two 11-year-old boys committed suicide after experiencing anti-gay harassment and bullying at school. Nationwide, “Lesbian, gay, bisexual, transgender and questioning youth are up to four times more likely to attempt suicide than their heterosexual peers.” This child safety risk is painfully real, with anti-gay harassment being only its most obvious form. But “segregating” teens from adults seems likely to aggravate this problem by removing adults from the mix as a potential source of discipline.

Of course, adults play a critical role in disciplining interaction among the 0-12 age bracket, but not as direct participants in on-site interaction. Again, how many adults actually want to use Club Penguin? Instead, parents can supervise what their kids do online through parental control software. Parents could, of course, use that same software to monitor what their adolescent kids do, too. But as kids get older, most parents realize that the training wheels have to come off at some point. Few parents will want to spy on their 17-year old until the day before the kid starts college (or enlists in the military or gets married). But most parents probably would prefer that, if their kids are interacting in an online environment, they think twice about what they do and say online. It is by no means clear that restricting online interaction between teens and adults will serve that end.

http://d1.scribdassets.com/ScribdViewer.swf?document_id=15686870&access_key=key-1cbfqkwyx8t9rzdjgr8m&page=1&version=1&viewMode=list

COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech

Berin Szoka — Sun, 24 May 2009 21:49:52 +0000

Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”

As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.

Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment, etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.

We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:

Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
Hamper routine and socially beneficial communication between adolescents and adults;
Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);

Would likely be the subject of massive fraud or evasion since it is not always possible to definitively verify the parent-child relationship, or because the system could be “gamed” in other ways by determined adolescents;
Do nothing to prevent offshore sites and services from operating outside these rules;
Present major practical challenges for law enforcement officials in the face of such evasion by both domestic users and offshore sites;
Could destroy opportunities for new or smaller website operators to break into the market and offer competing services and innovations, thus contributing to consolidation of online content and services by erecting barriers to entry; and
Violate the Commerce Clause of the U.S. Constitution, since Internet activity clearly represents interstate commerce that states have no authority to regulate.

http://d1.scribdassets.com/ScribdViewer.swf?document_id=15686870&access_key=key-1cbfqkwyx8t9rzdjgr8m&page=1&version=1&viewMode=list

Closing the Book on COPA?

Adam Thierer — Wed, 21 Jan 2009 18:29:06 +0000

It appears that the long legal saga of the Child Online Protection Act of 1998 (COPA) has finally come to a close. This morning, according to AP, the U.S. Supreme Court rejected the government’s latest request to revive the law, which was stuck down as an unconstitutional violation of the First Amendment by lower courts and never went into effect.

COPA was an effort by Congress to modify the Communications Decency Act of 1996 (CDA) in response to the Supreme Court’s decision in Reno v. ACLU finding that the CDA was unconstitutionally over-broad. COPA sought to narrow the scope of regulation and protect minors from sexual material on the Internet by making it a crime for someone to “knowingly” place materials online that were “harmful to minors.” The law provided an affirmative defense from prosecution, however, to those parties who made a “good faith” effort to “restrict[ ] access by minors to material that is harmful to minors” using credit cards or age verification schemes. Although narrower than the CDA, COPA was immediately challenged and also blocked by lower courts because it was still too sweeping in effect. Moreover, the courts found there were other “less restrictive means” that parents could use to deal with objectionable content — such as Internet filters.

Following the initial challenge, COPA then became the subject of an epic, decade-long legal battle that finally concluded today when the U.S. Supreme Court refused to revisit the law. COPA had already been reviewed by the Supreme Court twice before — in 2002 and 2004. Thus, a third visit to the Supreme Court by COPA would have been something of a historical development in the world of First Amendment jurisprudence. But with the Supreme Court’s rejection of the government’s appeal today, lower court rulings stand and COPA will remain unconstitutional and unenforceable.

The key recent legal battle occurred in the Third Circuit Court of Appeals, which upheld a lower court ruling striking down COPA. The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here. Also make sure to check out this summary of COPA’s legal journey that Alex Harris penned last November.

While COPA is now dead and buried, it would be foolish to think this is the end of efforts to legislate on this front. Although it remains unclear what the legislative response will look like during a time of Democratic rule, I am certain that legislation will be floated in short order (i.e., “Son of COPA”) to try to get around the constitutional issues and regulate objectionable online content. If legislators were smart, they’d avoid legally risky solutions like more centralized filtering mandates or age verification requirements. They’d be on safer ground to consider going the subsidy route and finding a way to get parental control tools in the hands of more families and institutions. I’m not saying that I favor such subsidies, merely that such an approach would almostly certainly pass legal muster and probably wouldn’t even be challenged in court. They might also consider more public education / PSA-driven approached to online safety. Those approaches may end up finding more support in a Democratic Congress and administration anyway.

[More coverage at NYT, Reuters, CNet and Ars.]

Book Review: Blown to Bits by Abelson, Ledeen, & Lewis

Adam Thierer — Tue, 18 Nov 2008 16:48:41 +0000

I’ve just finished reading Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, by Hal Abelson, Ken Ledeen, and Harry Lewis, and it’s another title worth adding to your tech policy reading list. The authors survey a broad swath of tech policy territory — privacy, search, encryption, free speech, copyright, spectrum policy — and provide the reader with a wonderful history and technology primer on each topic.

I like the approach and tone they use throughout the book. It is certainly something more than “Internet Policy for Dummies.” It’s more like “Internet Policy for the Educated Layman”: a nice mix of background, policy, and advice. I think Ray Lodato’s Slashdot review gets it generally right in noting that, “Each chapter will alternatively interest you and leave you appalled (and perhaps a little frightened). You will be given the insight to protect yourself a little better, and it provides background for intelligent discussions about the legalities that impact our use of technology.”

Abelson, Ledeen, and Lewis aren’t really seeking to be polemical in this book by advancing a single thesis or worldview. To the extent the book’s chapters are guided by any central theme, it comes in the form of the “two basic morals about technology” they outline in Chapter 1:

The first is that information technology is inherently neither good nor bad — it can be used for good or ill, to free us or to shackle us. Second, new technology brings social change, and change comes with both risks and opportunities. All of us, and all of our public agencies and private institutions, have a say in whether technology will be used for good or ill and whether we will fall prey to its risks or prosper from the opportunities it creates. (p. 14)

Mostly, what they aim to show is that digital technology is reshaping society and, whether we like or it not, we better get used to it — and quick! “The digital explosion is changing the world as much as printing once did — and some of the changes are catching us unaware, blowing to bits our assumptions about the way the world works… The explosion, and the social disruption that it will create, have barely begun.” (p 3)

In that sense, most chapters discuss how technology and technological change can be both a blessing and a curse, but the authors are generally more optimistic than pessimistic about the impact of the Net and digital technology on our society. What follows is a quick summary of some of the major issues covered in Blown to Bits.

Privacy: In the chapter on privacy, the authors conclude that it is increasingly difficult to bottle up our personal information and protect it and ourselves entirely from the outside world. “Despite the very best efforts, and the most sophisticated technologies, we can not control the spread of our private information. And we often want information to be made public to serve our own, or society’s purposes.” (p. 70) They argue that there still may be some ways to deal with the misuse of information and that some new technologies might be able to help protect our privacy at the margins. Generally speaking, however, this is a losing battle, and, more importantly, there is an increasing tension between privacy and freedom of speech:

A continuing border war is likely to be waged, however, along an existing free speech front: the line separating my right to tell the truth about you from your right not to have that information used against you. In the realm of privacy, the digital explosion has left matters deeply unsettled. (p. 70)

These are issues I discussed in more detail in my recent review of Daniel Solove’s important new book, Understanding Privacy. Abelson, Ledeen, and Lewis are right to point out that these tensions are only going to increase in coming years and their chapter outlines many of the new fault lines in the debate over online privacy.

Encryption: Having followed the “crypto wars” closely in the mid-1990s, I also found their chapter on cryptography intriguing. The authors note that encryption has gone mainstream. “Keys are cheap. Secret messages are everywhere on the Internet. We are all cryptographers now.” Despite that, the authors note that “very little email is encrypted today.” With the exception of some human rights groups and some particularly privacy-sensitive users, most of us are perfectly content to send our e-mails unencrypted. They argue that there are three reasons most people are unconcerned about their e-mail privacy:

First, there is still little awareness of how easily our e-mail can be captured as the packets flow through the Internet. […] Second, there is little concern because most ordinary citizens feel they have little to hide, so why would anyone bother looking? […] Finally, encrypted email is not built into the Internet infrastructure in the way encrypted web browsing is. (p. 191-92)

They continue and conclude:

Overall, the public seems unconcerned about privacy of communication today, and that privacy fervor that permeated the crypto wars a decade ago is nowhere to be seen. In a very real sense, the dystopian predictions of both sides of that debate are being realized: On the one hand, encryption technology is readily available around the world, and people can hide the contents of their messages, just as law-enforcement feared… At the same time, the spread of the Internet has been accompanied by an increase in surveillance, just as the opponents of encryption regulation feared. (p. 193)

Actually, I’m not sure there really was a “privacy fervor that permeated the crypto wars a decade ago.” Many of us who argued passionately for crypto-freedom back then knew it was unlikely that the masses were going to rush right out and start encrypting all their mail the minute the policy battle ended. In reality, most of us live pretty mundane lives and just don’t care enough to go through the hassle of encrypting the random chatter of e-mail. But it was the principle of the matter that counted — the government should never be given the keys to unlock all private communications. That is what we were fighting about in the crypto wars — not the necessity of everyone encyrpting every e-mail they sent.

Importantly, however, the authors correctly note how the truly beneficial result of the fight for crypto-freedom was an explosion of online commerce, facilitated by behind-the-scenes crypto protecting our transactions. Amazon, eBay, and many other e-commerce vendors, both big and small, have prospered because of strong crypto. That was the security blanket many of us needed before we were willing to take the plunge and begin doing most of our shopping and financial transactions online. This is a great public policy success story, and Abelson, Ledeen, and Lewis do a wonderful job relaying it to the reader.

Online Free Speech / Age Verification: As a passionate First Amendment advocate, the chapter on free speech issues was also of great interest to me. The authors run through the early history of efforts to censor online speech, including the Communications Decency Act of 1996 (CDA) and the Child Online Protection Act of 1998 (COPA), and bring us right up to speed with congressional efforts such as the Deleting Online Predators Act (DOPA), which would ban social networking sites and services in publicly funded schools and libraries. “DOPA, which has not passed into law, is the latest battle in a long war between conflicting values,” note the authors. “On the one hand, society has an interest in keeping unwanted information away from children. On the other hand, society as a whole has an interest in maximizing open communication.” (p. 231)

Abelson, Ledeen, and Lewis go on to outline the dangers of online censorship and the importance of defending the First Amendment from new legislative and regulatory attacks, but they would have done well to cite the growing diversity of parental control tools and methods that are now on the market. I share their passion for defending free speech values, but it is equally important we work hard to show parents and policymakers how many effective self-help tools and strategies are out there on the market today to help them guide — or even control — their child’s media and Internet experiences. Not everyone is equally excited about what a world of media abundance offers us, or out children. If we hope to continue to fend off attacks on the First Amendment, we have to make sure parents are empowered to mentor their kids and limit access to content they find objectionable so they don’t expect Uncle Sam to play the role of national nanny.

I was glad to see the authors spend some time focusing on online age verification / identity authentication since that is probably the most important free speech debate raging today. [I’ve written quite a bit here about the battle over online age verification for social networking sites and other online sites.] The authors point out Congress already attempted to impose age verification on the Internet when they passed the Child Online Protection Act in 1998. “The big problem,” the authors note, “was that these methods either didn’t work or didn’t even exist.” (p. 248) Indeed, the effort in COPA to require “adult personal identification numbers” or a “digital certificate that verifies age” was in their words, “basically a plea from Congress for the industry to come up with some technical magic for determining age at a distance.” (p. 248) And things really haven’t advanced much since then, they argue:

In the state-of-the-art, however, computers can’t reliably tell the if party on the other end of the communications link is a human or is another computer. For a computer to tell whether a human is over or under the age of 17, even imperfectly, would be very hard indeed. Mischievous 15-year-olds could get around any simple screening system that could be used in the home. The Internet just isn’t like a magazine store. (p. 249)

I hope policymakers are listening — especially the many stubborn state attorneys general who continue to push age verification as a silver-bullet solution to online child safety concerns.

Spectrum Policy: The authors point out how the death of media scarcity has profound implications for the future of speech regulation and spectrum policy alike. “As a society,” they argue, “we simply have to confront the reality that our mindset about radio and television is wrong. It has been shaped by decades of the scarcity argument.” (p. 292) Regarding what it means for speech controls, they note:

If almost anyone can now send information that many people can receive, perhaps the government’s interest in restricting transmissions should be less than what it once was, not greater. In the absence of scarcity, perhaps the government should have no more authority over what gets said on radio and TV than it does over what gets printed in newspapers. (p. 261)

I couldn’t agree more, and I’ve written voluminously on the topic of creating a “consistent First Amendment standard for the Information Age.” Abelson, Ledeen, and Lewis seem to agree with what I said there when they argue:

Other regulation of broadcast words and images should end. Its legal foundation survives no longer in the newly engineered world of information. There are too many ways for the information to reach us. We need to take responsibility for what we see, and what our children are allowed to see. And they must be educated to live in a world of information plenty. (p. 293)

The death of the scarcity doctrine should also have a profound impact on the future spectrum policy decisions, they say. Perhaps scarcity-based rationales for regulation made (some) sense in the past, but:

These were facts of the technology of the time. They were true, but they were contingent truths of engineering. They were never universal laws of physics, and are no longer limitations of technology. Because of engineering innovations over the past 20 years, there is no practically significant “natural limitation” on the number of broadcast stations. Arguments from inevitable scarcity can no longer justify U.S. government denials of the use of the airwaves. The vast regulatory infrastructure, built to rationalize use of the spectrum but much more limited radio technology, has adjusted slowly — as it almost inevitably must: Bureaucracies don’t move as quickly as technological innovators. The FCC tries to anticipate resource needs centrally and far in advance. But technology can cause abrupt changes in supply, and market forces can cause abrupt changes in demand. Central planning works no better for the FCC than it did for the Soviet Union. (p. 272)

I completely agree, although challenging questions remain about how to get us out of the current mess. Abelson, Ledeen, and Lewis argue that “commons-based” approaches make the most sense. I am certainly open to the idea of treating certain swaths of spectrum as a commons, but it’s important to recognize that this does not necessarily get the regulators completely out of the picture. In fact, as my TLF colleague Jerry Brito has persuasively argued, there is the real potential that the FCC could become an aggressive device regulator if we switch to this approach. “A ‘commons’ model is not a third way between regulation and property, it is just another kind of regulation,” Brito concludes. That’s why I continue to believe that a property rights-based approach for most spectrum allocation makes the most sense and will get the spectrum deployed for its most highly-valued use. Commons-based approaches should supplement, not supplant, that model.

Abelson, Ledeen, and Lewis also fail to sweat the details about how to handle the issue of incumbent spectrum users in the transition to their preferred commons-based model. That strikes me as a pretty big problem. They repeatedly mention how incumbents often seek to block beneficial spectrum reforms — which is no doubt true on some occasions — but that doesn’t mean incumbent spectrum holders don’t have legitimate rights in their existing allocations that should be honored. I would hope that, even if they wanted to go with a pure commons approach going forward, the authors would at least be willing to grandfather-in existing spectrum users. If the goal is to encourage them to vacate what they currently have, incentivize them with flexible use and resale rights. For example, for the right price, a lot of broadcast spectrum holders might be willing to give up their current allotment. Alternatively, if flexible use was allowed, they might deploy their spectrum for a different purpose. Unfortunately, both of these options are currently prohibited by the FCC’s command-and-control regulatory system.

Overall, however, I enjoyed the spectrum chapter and found the history and technology primer in this chapter to be the best in the book.

Copyright: The authors have a strongly-worded chapter on copyright that generally argues for relaxing copyright protections. Interestingly, however, (unless I am missing something) I notice they don’t offer their book for free download on their site. I’m always intrigued by copyright critics who refuse to put their own content online. Apparently, it’s another case of ‘copying is good for me, but not for thee.’ Regardless, in their copyright chapter, they argue that:

The war over copyright and the Internet has been escalating for more than 15 years. It is a spiral of more and more technology that makes it ever easier for more and more people to share more and more information. This explosion is countered by a legislative response that brings more and more acts within the scope of copyright enforcement, subject to punishments that grow ever more severe. Regulation tries to keep pace by banning technology, sometimes even before the technology exists… If we cannot slow the arms race, tomorrow’s casualties may come to include the open Internet and dynamic of innovation that fuels the information revolution. (p. 199)

The authors make a fair point about the perils of banning technologies to protect copyright. That’s never the right answer. Regrettably, however, they pay less attention to what I regard as the legitimate concerns of copyright holders about how to protect their creative works and expressive endeavors going forward. And it’s not just about protecting large-scale industries, as they and other copyright critics are often prone to claim. It’s about whether or not we want a workable copyright system going forward. Of course, some critics wouldn’t mind seeing copyright law fade into the sunset altogether. But Abelson, Ledeen, and Lewis don’t really make it clear how far they’d be willing to go. They do have a brief discussion about collective licensing approaches as a possible solution, which may be coming sooner than we think for the Net. Unfortunately, they don’t spend much time developing the details. I remain skeptical about the sensibility of that approach — especially since it will likely end up being compulsory in nature and fraught with fairness problems (i.e. Who pays in? How much? On the other end, who gets paid how much when their content appears online? etc.) Nonetheless, I think that’s where we’ll end up before the copyright wars are over, so it would have been nice to see the authors spend more time on collective licensing issues.

They also spend a lot of time discussing DRM. I was surprised by their comment that, “Developers of DRM and trusted platforms may be creating effective technologies to control the use of information, but no one has yet devised effective methods to circumscribe the limits of that control.” (p. 212) I must say, that does not seem to match up with the reality of the market we see around us today in which DRM systems are rapidly crumbling and being abandoned left and right.

Conclusion

I didn’t agree with everything in Blown to Bits, such as their unfortunate call for Net neutrality regulation. Overall, however, I enjoyed the book and recommend it. The narrative can be a little disjointed at times, almost sounding like a series of e-mail exchanges between friends (which may have been the case since the book had three authors). But the text is very accessible and contains a great deal of useful information to bring you up to speed on the hottest tech policy debates under the sun. If the authors are smart, they’ll throw the book online and update it periodically to keep it fresh. As I have found with my parental controls and Media Metrics reports, that’s the only way to keep up with the frantic pace of change in the tech policy arena — version your books like software and release periodic updates.

This book will definitely appear on my big, end-of-year “Most Important Tech Policy Books of 2008” list, which I should have wrapped up shortly. Also, I think this book makes a nice complement to Palfrey and Gasser’s Born Digital, which I reviewed here last month. And, if you are interested in another title that takes an approach similar to what Abelson, Ledeen, and Lewis have taken here, you might want to check out Bruce Owen’s outstanding 1999 book “The Internet Challenge to Television.” It’s an oldy but a goodie, as I noted here.

Finally, given the title of the book and the countless times in the text that Abelson, Ledeen, and Lewis talk about the “bits revolution,” how “bits are bits,” and how “bits behave strangely,” shockingly, they never seem to get around to crediting Nicholas Negroponte for his pioneering work on this front in Being Digital. Long before anybody else gave a damn about how the movement from a world of atoms to a world bits would change our entire existence, Nicholas Negroponte was preaching that gospel to the unconverted. And considering he was saying all that back in the dark (dial-up) ages of 1995, the man deserves some credit, as I have noted here before.

Age Verification Debate Continues; Schools Now at Center of Discussion

Adam Thierer — Thu, 25 Sep 2008 17:54:06 +0000

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year. ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies. In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.” [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification. Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this. I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front. I will argue:

There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined. But how do we establish a clear link between parents and kids? And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it? There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children. Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution. The only other realistic scheme would involve getting the schools involved in the process. Why? Because to paraphrase Willy Sutton: “That’s where the data is.” Schools have more information about our children than probably every other institution or organization combined. They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors. But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety. But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading. Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here. Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS? Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations. Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward. Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying. Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children. Some age verification advocates are now calling for such parental consent-based forms of child verification. Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13. Indeed, we have already seen that proposed at the state level. For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework. (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent. Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working? It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers. As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising. But let’s get a little more concrete about why that is important. Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing. Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses. And there’s the problem of minors with access to credit cards. Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access. Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.” In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers. Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role. Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.” Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification. And we don’t really have any idea what level of parent-child interaction COPPA incentivizes. More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site. How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things. The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments. The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified. Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality. In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids. That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions. If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others? Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian? That’s a very thorny question. But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)? Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical. But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on. Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.” There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo. And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved. Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit? That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents! It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues. There are many challenging technical, legal, and even philosophical issue in play here. The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand. And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably. Even if age verification systems worked as billed, it is unlikely that kids would really be any better off. All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids. In particular, it is peer-on-peer harassment and cyber-bullying. As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem. Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments. For the sake of our children, it is essential we not fall prey to such a fatal conceit.

Joint FCC Filing on Internet Filtering Plan for AWS-3 Spectrum

Adam Thierer — Tue, 29 Jul 2008 15:18:27 +0000

This week I was pleased to join a diverse collection of think tanks and public interest groups in submitting joint comments to the FCC opposing the proposed content filtering mandate that would be part of a future AWS-3 auction. That’s the proposed auction that would create a “free” nationwide wireless broadband service. As part of the deal, the company would need to need to take steps to provide a “clean” Internet connection by filtering content. This joint filing points out why that is a bad idea:

the reach of the filtering mandate is extraordinarily broad, and would attempt to censor content far beyond any content regulation regime that has been previously upheld in the face of constitutional challenge.
even if the scope of the filtering mandate were more narrowly focused, it would conflict with the First Amendment analysis that the Supreme Court applied to Internet access in the seminal Reno v. ACLU decision.
even if the Commission were to require filtering on an “opt out” or “opt in” basis, the Constitutional problems would not be avoided. Opt-out filtering would impose an unconstitutional burden on listeners and recipients of Internet communications, and both opt-out and opt-in filtering would violate the First Amendment rights of speakers and other content providers on the Internet. Simply put, the First Amendment does not allow a government mandated “blacklist” of websites to be blocked.
would also violate the terms and intent of two federal statutes – 47 U.S.C. § 326 (which prohibits the Commission from “interfer[ing] with the right of free speech”) and 47 U.S.C. § 230 (which promotes user control over content and limits burdens on service providers).
would also limit what people could do online using the free AWS-3 service so dramatically that the usefulness of the service would be radically reduced.
would also certainly lead to legal challenges that would delay the implementation of the proposed access service. The reason I believe this fight is so important is because, ultimately, it represents an effort by the FCC to begin treating wireless broadband more like broadcast spectrum. That is, regulators want to create the classic regulatory quid pro quo: We’ll rig the wireless allocation process to make it easy for you to get spectrum, and you’ll be a good little boy and clean up the Net for us! This is the game the FCC has been playing for 70 years in the broadcast television and radio licensing space. And not they want to extend that nonsense to wireless broadband. As Commander Jean-Luc Picard would say: “The line must be drawn here!” We don’t want the Internet regulated like broadcasting.

Many thanks to John Morris of CDT for coordinating this filing and asking me to sign on. The comments can be found on the CDT website, and I have also embedded them down below as a Scribd file. Also, Leslie Harris of CDT has a short editorial about the issue over at ABC News.com.

http://documents.scribd.com/ScribdViewer.swf?document_id=4222096&access_key=key-2kc7ofnoa85n2870jnsm&page=&version=1&auto_size=true

joint comments re FCC Internet filtering (AWS-3 auction) proposal – Upload a Document to Scribd

Read this document on Scribd: joint comments re FCC Internet filtering (AWS-3 auction) proposal

COPA Falls Again; Is Historic 3rd Trip to Supremes Coming?

Adam Thierer — Thu, 24 Jul 2008 12:46:58 +0000

Another chapter in the seemingly never-ending saga of the Child Online Protection Act (COPA) of 1998 was written this week when the Third Circuit Court of Appeals upheld a lower court ruling striking down COPA, which would require Web operators to restrict access to large amounts of online speech and expression. [The Third Circuit’s full decision is here. And I penned a 3-part series on the lower court ruling by Judge Lowell Reed Jr., senior judge of the U.S. District Court for the Eastern District of Pennsylvania, here, here, and here].

The DOJ will likely appeal the decision, yet again, to the Supreme Court. I can’t be certain, but I know of no other free speech-related law that has made THREE trips to the Supreme Court for review. (If readers know of any laws that can match that record, please let me know). It really is quite amazing, and even a little outrageous, when you think about it. After all, just think of all the time, energy and money that has gone into this 10-year legal fiasco. I know it is the DOJ’s job to defend congressional enactments before the courts, but how might we have spent that time and money if all this litigating wasn’t going on?? Regulation always has opportunity costs and in this case those costs have been 10 years of wrangling among lawyers. Those resources could have been used to educate parents and kids about online safety; to create and disseminate more and better private screening tools; and so on. Alas, we instead have mounds of paper piling up in the courts and millions being spent with nothing to show for it. Anyway, Declan has an excellent summary of the 3rd Circuit’s ruling here, and my friends at CDT have a statement here. But Susan Crawford has the best analysis of the decision in her essay on “Understanding COPA’s Journey.” She begins by summarizing the key findings:

The Third Circuit yesterday announced a host of reasons why COPA is insufficiently narrowly tailored, many based on the terms of the statute. The coverage of the HTM [“harm to minors”] definition is vague, the court felt, and so publishers won’t be able to tell in advance whether their operations are all subject to the COPA constraint (what if only a tiny portion of a web site has arguably HTM material on it?) or what fits within the HTM definition (are you supposed to be protecting 3 year-olds as well as 16 year-olds?). The court also found that having to implement credit card, debit account etc. shields would burden the providers of free web sites whose operations are nonetheless “commercial” and so covered by COPA. This was another instance of insufficient tailoring. But the key element here is that the Third Circuit held that the government had to carry the burden of showing that filters were less effective than COPA, and it failed to do that. In fact, it appears that filters are both less restrictive and more effective than the operation of the statute, based on extensive findings of fact by the district court below.

So, what will the Supreme Court say about that argument when COPA makes its unprecedented 3rd appearance before the judges? Susan says:

This approach may be difficult for the current Supreme Court to agree with. It was difficult enough the last time. The analytical framework adopted by the Third Circuit follows what Justice Kennedy said then – that it is the Court’s job to consider what alternatives are out there in the world to help parents, and to decide whether they’re more effective/less restrictive than COPA. The point, Justice Kennedy said, is to is ‘‘to ensure that speech is restricted no further than necessary,’’ not to consider ‘‘whether the challenged restriction has some effect in achieving Congress’ goal, regardless of the restriction it imposes.’’ So the court’s job is not to ask whether COPA would provide government with another tool to address harmful speech in the name of protecting kids. That standard would justify any restriction on speech. Instead, the inquiry should be ‘‘whether the challenged regulation is the least restrictive means among available, effective alternatives.’’ Right now, filters are more effective and less restrictive than COPA (or, at least, the government didn’t prove that they weren’t), and so the government loses. Never mind that filters are voluntary and that a lot of parents choose not to use them – that’s the parents’ choice. Filters are available. The government’s argument to the Third Circuit, and probably to the Supreme Court, will be that this is a maddeningly flawed analytical approach. The government would like to see a more protective, quasi-parental approach (on the assumption that parents are busy shoring up the failing economy and can’t be counted on to be watching their kids or caring what they see). Justice Breyer was very sympathetic to that view the last time around. His point is that filtering doesn’t count as an alternative to COPA. (‘‘The presence of filtering software is not an alternative legislative approach to the problem of protecting children.”) Doing nothing, legislatively, will always be less restrictive than doing something. He also thinks COPA isn’t much stronger than the Miller obscenity test and would only modestly burden adult access to legal adult speech. Veteran SCT-watchers will count noses, in this case as in Fox v. FCC, and try to figure out what will happen next. Last time around, Justice Kennedy’s majority opinion was joined by Stevens, Souter, Thomas, and Ginsburg, all of whom are still there. Justice Stevens wrote a concurring opinion, which was joined by Justice Ginsburg. Justice Scalia filed a dissent, as did Justice Breyer, who was joined by Chief Justice Rehnquist (now Roberts) and Justice O’Connor (now Alito). So maybe the 5-4 will stay in place. But if Thomas goes over to the dissenting side, and Justice Breyer’s analytic approach (”what do you mean, filtering is an alternative?”) gathers steam, COPA could survive its third trip to the SCT and be upheld.

So, it remains to be seen whether the third time is the charm for the DOJ and they are able to finally convince the Supreme Court to enforce COPA. And Susan is right in noting that all eyes will be on the decision in Fox v. FCC since that will be the next major free speech case before the Court.

As Susan rightly concludes: “This case is a big deal because it turns on the question whether private, edge-based solutions to speech issues should be taken seriously. I think they can, and I don’t want to see a lot of government tinkering with the sources of speech…. Let’s hope the government drops the COPA effort, which has now stretched on for almost ten years.”

Indeed.

USA Today, age verification, and the death of online anonymity

Adam Thierer — Thu, 24 Jan 2008 02:39:21 +0000

The USA Today editorial board published a nasty piece today belittling MySpace.com’s recent efforts to implement more safeguards for its users. Despite the fact that MySpace made over 70 promises to the Attorneys General as part of the agreement–the entire agreement is summarized here–that’s still not good enough for the USA Today’s editorial board, which wants full-blown identity verification before anyone is allowed on a social networking site:

“Even in the absence of a perfect software solution, interim steps are possible. How about using databases of drivers’ licenses to cross-check ages? In more than 20 states, they are public records. The point is, more effective safeguards are needed now, …. MySpace [should be] moving faster to set up age and ID verifications, not just study them.”

Well, where do I begin? I get so frustrated when I see comments like this because it is abundantly clear to me that people don’t think things through when it comes to age verification. As I pointed out in my lengthy PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” age verification is extremely complicated, and it would be even more complicated in this case because public officials are demanding the age verification of minors as well as adults, which presents a wide array of special challenges and concerns.

What Age Verification Really Is: The Death of Online Anonymity We need to begin by understanding what age verification really is. By definition, mandatory age verification represents an effort to make online anonymity a crime. In simple terms, citizens would be forced to “show their papers” at the door of every website or else run the risk of being denied access–simply because they do not want to surrender their name or age.

Think about what that means. It’s easy to take the benefits of online anonymity for granted. There are millions of people who comment anonymously on blogs like this one every day, or write anonymous book or product reviews on Amazon.com or eBay, or who just chat with others about various topics under the cloak of anonymity. It is a wonderful thing.

Of course, anonymity has some downsides. The downside of people speaking their minds freely is that, well, people will speak their minds freely! And, yes, on occasion, that means some people will talk smack and just generally be jerks while disguising their identities because don’t want to stand by their comments or be accountable for them. But that’s the cost of free expression. If you want to live in a free society and encourage a vibrant exchange of views, there will be times when that means we must defend the right of people to say incredibly silly or even insulting things.

And God knows there are plenty of silly and insulting things being said on social networking sites every second of the day. But there are also countless moments of joy and wonder, when people come together and communicate with each other, or share culture with others in incredibly creative and social-beneficial ways. And, again, a great deal of that communication or culture-sharing is done in a completely anonymous fashion.

For example, as I have mentioned here before, I am fanatical about cars and home theater gadgets. I spend a lot of my free time hanging out at a small social networking site for fellow Lotus car lovers called Lotus Talk. And I also spend a fair amount of time at the amazing AVS Forum, which is the world’s biggest chat board for home theater and A/V stuff. On these sites, thousands of random strangers come into contact every day. We create profiles, we post pictures, we share stories, we talk about life and our passions for cars and A/V gadgets. This is very the essence of social networking. And, for the most past, we are all doing it anonymously. And it is happens everywhere online, every second of every day. Do we really want to make it all illegal?

Practical Considerations: The Complexities of Human Identification OK, so there might be some downsides to making anonymity illegal online. But some critics would say: “So what, we need to make people show their papers at the door of every website–at least for those social networking sites where kids hang out–to make sure kids are safe online.” Well, that’s easier said than done.

At least in theory, the problem that age verification is supposed to solve is to keep older people away from youngsters, at least in certain circumstances. Also, some proponents wish to use age verification to ban preteen access to social networking sites. To accomplish either of those objectives, we must be able to effectively verify everyone’s age by consulting reliable records about those looking to create an account on a social networking site. In other words, when Janie Smith comes to a social networking site for the first time, the site must be able to verify not only that she is Janie Smith, but that she really is as old as she claims to be. But, again, such verifying is easier said than done.

Consider first what is required to verify an adult’s identity. When government officials or even corporations seek to verify someone identify or age, they can rely on birth certificates, Social Security numbers, driver’s licenses, military records, home mortgages, car loans, other credit records, or credit cards.

But even with all those pieces of information, challenges remain. Is the information publicly accessible or restricted by legal or other means? Are all the underlying pieces of information and documentation trustworthy, or have they been manipulated or misreported in some way? Has someone faked his or her identity? And so on. Thus, while the identity authentication systems–both public and private–have improved significantly in recent decades, they still face some inherent challenges and concerns about fraud.

The current concern about “identity theft” demonstrates the complexities and level of difficulty involved in stamping out this problem. Even U.S. passports, which are relatively robust identification documents that contain authentication data, are occasionally forged with success. “It is safe to assume that future age verification efforts will yield failures on par with other identification/authentication mechanisms,” says information security expert Jeff Schmidt, former CEO of Authis, Inc.: “When one considers how frequently college students successfully circumvent age verification requirements in person and with government issued documents, one can begin to grasp the challenges that lie ahead.”

Importantly, we’re talking just about adults here. When the focus of identity verification efforts shifts to minors, the endeavor becomes far more complicated. Minors don’t have home mortgages or car loans. They don’t have military records and most have never worked. Most don’t have driver’s licenses or credit cards either.

Of course, minors do have birth certificates, Social Security numbers, and school records, but both parents and government officials have long demanded that access to those records be tightly guarded. That’s for a very good reason: As a society, we take privacy seriously—especially the privacy of our children. Laws and regulations have been implemented that shield such records from public use, including the Family Educational Rights and Privacy Act of 1974 and various state statutes.

Also, to the extent that age verification of adults works for some websites–online dating services, for example–it is important to realize that in most of those cases the users want to be verified. In that context, identify authentication increases marketability of a user’s “profile,” or it allows him or her to participate more actively in an environment where trust is essential. This fact makes it far more likely that age verification will work because user compliance is driven by market forces, not regulation. That compliance will not be the case when users–especially kids–inherently resist the idea of being age-verified before they go onto certain websites. (We should also not forget that some kids will share their online credentials or passwords with friends.)

It is also important to realize that age verification and background checks are not synonymous. Information security expert John J. Cardillo, President and CEO of Sentinel, a leading authentication firm, argues that:

Most people are ignorant of what we do. They hear the words “check” or “verification” and they assume a full background check will be run on the individual. When this is sponsored by an AG, the chief law enforcement officer of their state, there’s a perception that the criminal background checks are inclusive in whatever they’re proposing. Age verification, on its own, doesn’t indicate whether or not a person is a convicted sex offender. Mandated age verification, as proposed, would allow the hundreds of thousands of offenders… who are over 18, unrestricted access to sites. Worse, it would allow these offenders the ability to vouch for children that might or might not exist. This is where it gets most dangerous. People might assume that “verified” users have undergone some type of vetting, and let their guard down just that little bit the offenders need to exploit. In the case of convicted sex offenders, age verification actually helps them by giving them an additional layer of legitimacy.

This points to the danger of creating a false sense of security online by mandating a solution that doesn’t address the real problem.

Finally, the special challenges raised by the nature of the Internet and online communication must be reiterated. Finding a dependable source of identity or age information and then reliably matching it to someone thousands of miles away on the Internet (perhaps in another jurisdiction, or even another country) is a daunting challenge—made even more difficult by the fact that a remote individual may be actively attempting to subvert the age verification process. Solving this problem necessitates authentication data that are appropriate for online interaction. In the real world, we perform in-person authentication with a photo or physical description; the online world requires a username/password combination, biometric authenticator, or physical security token. An arms-race scenario is obviously at work here, and because a perfect solution is impossible, we must guard against a false sense of security. Lastly, because technology is evolving at such a rapid pace in this area, there is a risk that legislative solutions will become obsolete very rapidly.

In light of those complications, how would government, social networking sites, or anyone else, go about age-verifying minors online?

Do We Really Want National ID Cards for Kids? In the extreme, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others—including social networking sites—as proof of age. Sites could cross-reference a government national ID database to verify identity.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into to collecting, processing, and organizing such records and databases.

Sources of Age Information Thus, if social networking sites are going to age-verify minors, they will likely need to devise or rely on some other, nongovernmental solution. The most commonly proposed solutions typically fall into the following groupings:

(1) Credit cards as approximate age proxies; (2) Driver’s licenses as approximate age proxies or as a source of date of birth; (3) Birth certificates as a source of actual date of birth; (4) Parents or guardians vouching for minors; (5) Schools vouching for minors; (6) Third parties vouching for minors; and, (7) Biological or biometric determination of age.

I won’t summarize all them here since I do so in my longer PFF report on the issue. But let me just point out the deficiencies of the two leading proposals: Credits cards and parents vouching for children.

(1) Credit Cards as Approximate Age Proxies: Credit cards are often viewed by policy makers as the silver bullet solution for age verification. Even though credit card companies typically do not wish their cards to be used as age verification tools, government has advocated their use in that way in the past. But they are not a silver bullet.

“Mere possession of a credit card is not a reliable assertion of identity or age,” argues Jeff Schmidt. Credit cards can be a rough proxy for age on the assumption that only adults over the age of 18 have credit cards, but that assumption is false. Many minors are given credit cards by their parents. Youngsters can borrow or steal credit cards from their parents or others. And Schmidt notes that newly created stored value cards, specifically marketed for use by children, “are in many cases indistinguishable from actual credit cards—both in physical appearance and in the back-end transaction processing systems.” Sentinel’s John Cardillo points out additional reasons why credit cards are not effective age verification tools:

When a card is used for verification purposes, an authorization on that card is run for $1.00 (or less), however a charge isn’t put through. The card typically isn’t reconciled against any database for name and/or age, nor is a signature checked. Because of the insignificant dollar amount, the only thing that’s checked for security purposes, in some instances, is zip code. Anyone who’s ever bought gasoline with a credit card knows this to be true. Our names and ages aren’t checked at the pump. Check your statement online next time you gas up. You’ll see an authorization for $1.00 and the actual charge a few days later. The same merchant banks handle the transactions online. In other words, in most cases, all that’s being verified is that the card account isn’t closed or stolen. Who’s using it is irrelevant.

Moreover, “many parents may feel uncomfortable giving their credit card number online at children’s Web sites where there is no [commercial] transaction involved,” notes a coalition of major commercial organizations, including the American Advertising Federation, American Association of Advertising Agencies, Association of National Advertisers, The Direct Marketing Association, Inc., and Magazine Publishers of America. In a June 2005 filing to the Federal Trade Commission, those organizations noted that “in light of current online scams, heightened concerns about online security, and the rise of such practices as phishing, parents may be reluctant to provide credit card numbers absent a transaction.” But that begs the question: If lawmakers require social networking sites to process a financial transaction to age-verify, is that fair? In particular, is it fair for low-income families? And what about those families that do not possess a credit card?

Finally, the law is not even settled about using credit cards for access to adult-oriented websites. The Child Online Protection Act (COPA) was passed by Congress in 1998 in an effort to restrict minors’ access to adult-oriented websites. The measure provided an affirmative defense to prosecution if a website operator could show that it had made a good faith effort to restrict site access by requiring a credit card, adult personal identification number, or some other type of age-verifying certificate or technology. But the legislation was immediately challenged and has gone to the Supreme Court for review twice. And the law is still being debated in a lower court. Thus, almost 10 years after its initial passage, the legislation remains stuck in jurisprudential limbo after endless legal wrangling about its constitutionality.

Incidentally, COPA established an expert Commission on Online Child Protection to study methods for reducing access by minors to harmful material on the Internet. As part of its final report, the COPA commission said that credit card-based age verification would be completely inappropriate for instant messaging and chat, which were the precursors of social networking. The commission found: “This system’s limitations include the fact that some children have access to credit cards, and it is unclear how this system would apply to sites outside the U.S. It is not effective at blocking access to chat, newsgroups, or instant messaging.”

(2) Parents or Guardians Vouching for Minors: Legislation has been floated in a few states, such as North Carolina, that would make it illegal for a minor to maintain an account or webpage on a social networking site “without the permission of the minor’s parent or guardian and without providing such parent or guardian access to such profile web page.” Similar measures were recently introduced in North Carolina and Connecticut that would require social networking sites not only to obtain parental approval but also take steps to verify that they are the actual parents of the child.

This approach will appeal to many because it can be likened to a parent signing a “permission slip” for a child. Unfortunately, parental permission-based approaches are more complicated for online activities. Because websites are far away from the parents, how is the site operator going to ensure that the person vouching for the child’s age is really the parent or even an adult? Would the verifier mail or fax notarized documents? Those documents can be forged, of course. Mandatory follow-up phone calls would be cumbersome, costly, and potentially viewed as intrusive. And the use of credit cards to satisfy the permission requirement might raise some of the same problems already discussed above.

Despite these potential drawbacks, this was the general framework established by the Children’s Online Privacy Protection Act (COPPA) of 1998, which required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods mentioned above to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a recent report to Congress, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

And the marketplace experience with COPPA so far reflects that conclusion. One of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites,” notes Denise G. Tayloe, CEO of Privo, Inc., one of the four FTC-approved safe harbor programs. “As a result, databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says. Parry Aftab of Wired Safety confirms this, noting that: “Preteens quickly learned that if they say they are under thirteen they will be prohibited from using many sites. So they regularly lie about their age everywhere online.”

Despite these flaws, Tayloe argues that COPPA serves an important role. Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that the law “provides a platform to educate parents and kids about privacy.” Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.

Nonetheless, these permission-based verification schemes might work reasonably well for smaller, closed online communities in which the kids and parents are willing to take the time (and expense) to undertake extensive authentication. For example, smaller social networking sites such as ZoeysRoom.com, Imbee.com, ClubPenguin.com, and Tweenland.com have extremely strict enlistment policies, primarily because they target or allow younger users. As Sue Shellenbarger of the Wall Street Journal explains:

The under-16 sites pose few of the hazards linked to networking sites for older people. The activities range from chats and blogging to creating virtual pets or characters and acting out roles in virtual cities. For a child to register, the sites typically require a parent’s email permission, a parental signature on a permission form, or a parent’s credit card verification. Some limit young children’s interchanges to drop down menus of preapproved words and phrases. Most filter content for inappropriate material and employ live adult monitors who ensure that kids’ conversations don’t stray off course. Some limit chats or blog access to participants who are already preapproved and already known to a child’s family.

Ironically, one can probably safely assume that the kids using such services are not in the high-risk group discussed earlier. The parents who use such services are probably doing a fine job of mentoring their kids and don’t really need to resort to such restrictive solutions. Nonetheless, such highly restrictive “walled garden” approaches do provide parents with greater ease of mind. That’s not necessarily because of the strict enlistment policies so much as the extreme limitations on what kids can do on those sites or with whom they can communicate while online.

But regardless of how well the above-mentioned parental consent schemes work in practice for these smaller, more closed online communities–and some experts, like Cardillo, do question how well they actually work–such solutions lack scalability. Schemes that demand laborious and expensive enrollment requirements, or that greatly limit functionality and interactivity after users sign up, will almost certainly not work for larger social networking sites with a massive community of users. The administrative burdens would be significant for both site operators and parents alike. For example, Parry Aftab notes that COPPA has made it much more difficult for some smaller website operators to staff afloat. “The cost of obtaining verifiable parental consent for interactive communications is very high, estimated at more than $45 per child, and even at that price [consent is] difficult to obtain.”

And because users would sacrifice a great deal of autonomy and functionality once online, many would likely rebel against the system or would seek to subvert it in some fashion. If such a system significantly slows or impedes the creation of new accounts for domestic social networking sites, it will create a perverse incentive for kids to seek other sites with less-restrictive policies, including offshore sites.

Conclusion There are many other issues I haven’t mentioned here that deserve consideration. I’ll just check off a few:

Assuming we go through with this, who is aggregating all this data? Who has access to the databases? How might that data be used?
Is all this constitutional? Won’t there be First Amendment or privacy cases brought that endlessly complicate implementation?
Will kids just flock off-shore to unregulated sites in an effort to reclaim some of the independence they have lost through by surrendering anonymity on U.S.-based sites? What are the consequences of that? Do parents or American policymakers really have any leverage over shady websites operators in Antigua?
Aren’t there better ways to use our resources? How about focusing our time, energy and resources on educating kids about online risks and deal with these concerns in more constructive ways?

You get the point: Age verification is complicated. Insanely complicated. And it would have enormous costs and profound ramifications for the future of online speech and privacy. We must never forget that government regulation–no matter how well-intentioned–can often have such unintended consequences. It’s a lesson that the USA Today and many others need to heed before they flippantly suggest that age verification is a piece of cake and it’s just a matter of MySpace or someone else throwing a switch to magically make it happen.

Not. That. Simple.

Today’s MySpace-AG Agreement

Adam Thierer — Tue, 15 Jan 2008 01:10:49 +0000

This morning in New York City, social networking website operator MySpace.com announced a major joint effort with 49 state Attorneys General aimed at better protecting children online. (Coverage at CNet, NYT and Forbes). At a joint press conference, MySpace and the AGs unveiled a “Joint Statement on Key Principles of Social Networking Safety” involving expanded online safety tools, improved education efforts, and law enforcement cooperation. They also agreed to create an industry-wide Internet Safety Technical Task Force to study online safety tools, including a review of online identity authentication technology. Generally speaking, the agreement is step forward for online safety. Indeed, many of the principles in the agreement could form a potential model “code of conduct” that other social networking sites could adopt. In a report I authored for the Progress & Freedom Foundation in August 2006, I argued that it was vital for companies and trade associations to take steps such as this to avoid the specter of government regulation or censorship:

All companies doing business online… must show policymakers and the general public that they are serious about addressing [online safety] concerns. If companies and trade associations do not step up to the plate and meet this challenge soon—and in a collective fashion—calls will only grow louder for increased government regulation of online speech and activities. What is needed is a voluntary code of conduct for companies doing business online. This code of conduct, or set of industry “best practices,” would be based on a straight-forward set of principles and policies that could be universally adopted by [a] wide variety of operators…

In particular, this code of conduct proposal called for companies to make specific pledges regarding improved online safety tools, expanded education / media literacy efforts, and ongoing assistance to law enforcement regarding investigations of online crimes.

The Agreement

MySpace responded to this challenge in impressive fashion with its announcement today. The agreement touched upon all of those elements and included the following “Principles of Social Networking” (as described in a MySpace press release):

Site Design and Functionality: The Principles incorporate safety initiatives that MySpace has already implemented and initiatives it will work to implement in the coming months. Examples of safety features MySpace has in place include reviewing every image and video uploaded to the site, reviewing the content of Groups, making the profiles of 14 and 15 year old users automatically private and protecting them from being contacted by adults that they don’t already know in the physical world, and deleting registered sex offenders from MySpace. Examples of improvements MySpace will make include defaulting 16 and 17 year old users’ profiles to private and strengthening the technology that enforces the site’s minimum age of 14.
Education and Tools for Parents, Educators and Children. The Principles acknowledge that MySpace has already been devoting meaningful resources to Internet safety education including a new online safety public service announcement targeted at parents and free parental software that is under development. MySpace will explore the establishment of a children’s email registry that will empower parents to prevent their children from having access to MySpace or any other social networking site. In addition, under the Principles MySpace will increase its communications with consumers who report a complaint about inappropriate content or activity on the site.
Law Enforcement Cooperation. The Attorneys General view MySpace’s cooperation with law enforcement, which includes a 24-hour hotline, to be a model for the industry. The parties will continue to work together to enhance the ability of law enforcement officials to investigate and prosecute Internet crimes.
Online Safety Task Force. As part of the Principles, MySpace will organize, with the support of the Attorneys General, an industry-wide Internet Safety Technical Task Force to develop online safety tools, including a review of identity authentication tools. While existing age verification and identity products are not an effective safety tool for social networking sites, the Task Force will explore all new technologies that can help make users more safe and secure including age verification. The Task Force will include Internet businesses, identity authentication experts, non-profit organizations, academics and technology companies.

The agreement then goes on—in the form of two appendices—to detail over 70 specific steps that MySpace will take to expand upon these principles. As part of the agreement, MySpace agreed to:

Implement “age locking” for existing profiles such that members will be allowed to change their ages only once above or below the 18 year old threshold. Once changed across this threshold, under 18 members will be locked into the age they provided while 18 and older members will be able to make changes to their age as long as they remain above the 18 threshold. MySpace will implement “age locking” for new profiles such that under 18 members will be locked into the age they provide at sign-up while 18 and older members will be able to make changes to their age as long as they remain above the 18 threshold.
Users able to restrict friend requests to only those who know their email address or last name. “Friend only” group invite mandatory for 14 and 15 year olds. “Friend only” group invite by default for 16 and 17 years olds. Users under 18 can block all users over 18 from contacting them or viewing their profile. Users over 18 will be limited to search in the school section only for high school students graduating in the current or upcoming year. Users over 18 may designate their profiles as private to users under 18, and users under 18 may designate their profiles as private to users over 18.
Change the default setting for 16-17 year olds’ profiles from “public” to “private” and create a closed high school section for users under 18. The “private” profile of a 16/17 year old will be viewable only by his/her “friends” and other students from that high school who have been vouched for by another such student. Students attending the same high school will be able to “Browse” for each other.
Obtain a list of adult sites on an ongoing basis and sever all links to those sites from MySpace. They will also demand that adult entertainment industry performers set their profiles to block access to all under 18 users and remove all under 18 users from profiles of identified adult entertainment industry performers.

And that just scratches the surface. There is much more to the agreement. In fact, it is difficult to imagine how MySpace could have gone any further to satisfy the online safety concerns raised by AGs or other public policymakers. Indeed, some MySpace users will likely protest that some of the changes go too far. That’s especially clear after reading some of the other technical details of the proposal included in the two appendices.

E-Mail Registry

For example, in the technical appendix summarizing the design and functionality initiatives that MySpace has agreed to consider, they say they will pursue a new “children’s e-mail registry”:

[MySpace will] engage a third-party to build and host a registry of email addresses for children under 18. Parents would register their children if they did not want them to have access to MySpace or any other social networking site that uses the registry. A child whose information matches the registry would not be able to register for MySpace membership.

That proposal might raise some eyebrows since it is unclear how that registry would work and what, if any, privacy / security concerns it might raise. Of course, other critics will argue that such a system will be easily circumvented or tricked. After all, how does MySpace know that the person submitting an e-mail is child’s real parent? And what about multiple e-mail accounts? It’s fairly easy to get a free e-mail account these days. But, if the system somehow did work as billed, it would raise serious questions about who has access to that e-mail registry and how secure the database was.

The agreement also contains a number of restrictions on access by minors to specific types of content, or to other users or groups on MySpace. Viewed in isolation, those restrictions seem fairly reasonable—especially those dealing with access by minors to adult areas (ex: “swingers” clubs or the “Romance and Relationship Forum and Groups”). Taken together, however, the growing list of site restrictions might be viewed by many young users as an impediment to their social networking activities. Many parents and policymakers will like the sound of that, of course. But where might those users go if they are frustrated by the growing number of restrictions imposed on their online activities? This is indicative of the difficult position MySpace finds itself into today: They are piling on additional restrictions and safeguards in the name of online safety to satisfy the concerns raised by many parents and policymakers. But if these initiatives impose too many encumbrances on social networking activity and interactions it could undermine the very purpose of the site and its value to members.

This explains why MySpace is eager to get other social networking sites to adopt policies similar to those found in the agreement it struck with the AGs. Obviously, MySpace would prefer not be the only website stuck with these burdens. Moreover, it probably does not want other sites to have an unfair competitive advantage in terms of more lax operating restrictions. Of course, even if every domestic social networking site adopted stricter policies along the lines of what MySpace agreed to, there will always be offshore alternatives for youngsters to choose from. This is the tricky balance that complicates all debates about online child safety today: How do we create sensible online policies without encouraging kids to operate completely surreptitiously in a “digital underground,” especially shady offshore environments?

Age Verification

Generally speaking, however, MySpace struck the right balance with most of the other proposals in the agreement with the AGs, especially considering the pressure they were under from some policymakers to go much further. In that regard, the agreement with the AGs is especially notable for what it does not include: age verification mandates. The call for an Internet Safety Technical Task Force to study online safety methods and identity authentication tools is a sensible alternative to the rush to mandate age verification, which some AGs have been advocating vociferously over the past two years.

Hopefully the task force will provide critical examination of the issue and not simply begin with pre-ordained conclusions about the wisdom or effectiveness of online age verification techniques and technologies. At the press conference announcing the agreement, however, Attorneys General Roy Cooper of North Carolina and Richard Blumenthal of Connecticut seemed to imply that that the goal of the task force would be to develop and implement a full-blown age verification system for the Internet. “We are going to find and develop online identity authentication tools,” said AG Cooper. And AG Blumenthal reiterated an argument he made ad nauseum last year when he argued that, “if we can put a man on the moon” then we ought to be able to verify the ages of people when they go online. [I first heard AG Blumenthal make this argument when I debated him and AG Cooper at a NCMEC conference two years ago. Here’s the summary of my response that day.]

But it’s just not that simple. As I argued in a lengthy PFF study last year entitled, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” there are no silver bullet age verifications solutions. Online authentication is a complicated, multi-faceted technical issue. And, even assuming we could find a way to make it work, there are many other considerations that must be taken into account, such as the burden it might impose on freedom of speech or individual privacy.

The danger, therefore, is that the AGs have preconceived notions about the wisdom and efficacy of age verification mandates, and that they will either seek to stack the deck on the task force with age verification advocates or pressure the task force to adopt mandatory age verification without thoroughly studying the issue. Again, that would be a serious mistake and it would also likely give rise to legal challenges.

Education & Empowerment

The better approach is to focus on other steps that actually will keep kids safe online. As I have argued in my book on Parental Controls and Online Child Protection: A Survey of Tools and Methods, the best solution to online safety concerns is what I call the “3-E Solution: which stands for “education, empowerment, and enforcement.”

Luckily, there’s a great deal of that included in the MySpace agreement with the AGs. MySpace has pledged to “continue to dedicate meaningful resources to convey information to help parents and educators protect children and help younger users enjoy a safer experience on MySpace.” In particular, MySpace will “engage in public service announcements, develop free parental monitoring software, and explore the establishment of a children’s email registry.”

The importance of education initiatives cannot be overstated. Technical solutions, such as those the AGs clearly favor, will always suffer from inherent limitations and will often be circumvented. Education, by contrast, lasts a lifetime. We need to be teaching our kids how to be good cyber-citizens and how to identify and report legitimate online threats (predators, bullies, scam artists, etc). It is my belief that today’s youth are far more savvy and sensible about these threats than most adults or policymakers give them credit for. Nonetheless, it is important to be vigilant about online safety education and etiquette in an attempt to teach kids—especially more “at-risk” youth who might be susceptible to online threats—basic life lessons about sensible cyberspace behavior and interactions.

Conclusion

Despite the handful of concerns raised above, the MySpace agreement serves as a model for what other social networking companies and online operators could do if they wanted to get more serious about promoting Internet safety. MySpace has done about all it can to be responsive to the demands of parents and policymakers.

Of course, it could be true that no matter how much the company does to improve parental control tools or educate the public, some parents may never take advantage of those tools or information. This remains one of the great mysteries of the parental controls debate: Why is it that so many parents say they want more and better controls and strategies, but when they are made available many of them choose not to use them?

Regardless, if for whatever reason, parents are not taking advantage of these tools and options, their inaction should not be used to justify government regulation as a surrogate for household choice / parental responsibility. Parents have been empowered. It is now their responsibility to take advantage of the tools and controls at their disposal to determine what is acceptable in their homes and in the lives of their children.

MySpace should be applauded for its new statement of principles and its impressive efforts to empower and educate both parents and children about online safety while assisting law enforcement when necessary to root out the real bad guys lurking online.

Age Verification Showdown in North Carolina

Adam Thierer — Thu, 26 Jul 2007 19:26:04 +0000

As Braden mentioned, we were both down in Raleigh, North Carolina this week testifying at a big hearing on mandatory age verification for social networking sites.

It was quite a heated battle. The legislation, SB 132, was supported at the hearing by North Carolina attorney general Roy Cooper, several of his staff attorneys, a couple of NC senate lawmakers, and some folks from Aristotle, a company that claims it has devised a workable age verification solution for social networking purposes. A vote on the proposal was delayed and we’re still awaiting the final outcome.

Down below, I have attached the outline of my remarks in which I argued that age verification mandates would actually make kids less safe online. Here’s why:

1) Age verification is not synonymous with a background check.

Are citizens being lead to believe that age verification guarantees them perfectly safe online environments? After all, even if the verification process gets the age part of the equation right, it tells us little else about the person being verified.
Incidentally, what happens when the parent being verified is a predator using their child to create false credentials? Unfortunately, we know that some predators have children.
This gets to the primary concern in this debate: The very real potential exists that we are creating solutions that inject a false sense of security in parents and children alike.

2) Even assuming we do not encounter problems with the initial sign-up phase and procedures, questions remain about follow-ups and subsequent validations.

Will parents be asked to fill out and submit paperwork routinely to verify their identity (or their child’s) on an ongoing basis? Will parents be expected to take phone calls from dozens of social networking sites (or call sites themselves) to continue authorization? Will parents tolerate that?
If the sign-up and subsequent authentication process proves cumbersome and time-consuming, will this encourage kids to search out less trustworthy “underground” or offshore websites?
How are we going to regulate those offshore sites? Also, could new regulations drive domestic operators offshore?
In sum, the sheer scale of the Net and online activities greatly complicate the enforcement of age verification schemes, especially those of the parental permission-based variety.

3) Will age verification mandates encourage the rise of an illegal black market in credentials?

Will kids share or even sell their online credentials, such as their user name and passwords, to others who desire them?
Certainly kids won’t just stop trying to get onto social networking sites. Are we going to punish kids (or prosecute their parents) for evasion? And, again, will kids look to offshore sites?

4) There are serious privacy issues at stake here, and those issues could give rise to other problems.

Requiring all parents to be verified before their children can go online will obviously be seen by some parents as intrusive and a potential violation of their privacy.
If some parents resist such regulations or refuse to submit to such verifications, what will their kids do? Again, it might encourage kids to seek out false credentials of to visit offshore sites.
Incidentally, who has access to all this new information about parents and children that the government is requiring that social networking operators collect? Do we want online operators creating massive new databases of information about us or our kids if better alternatives exist?

Bottom line: The inherent danger of age verification regulation is that it: • results in unintended consequences or solutions that don’t solve the problems they were intended to address; • creates a false sense of security that might encourage some youngsters (or adults) to let their guard down while online; and • creates potential incentives to push mainstream social networking sites offshore. No matter how bad parents or policy makers think social networking sites are today—and, in reality, the sites are not nearly as bad as they imagine—those sites are infinitely superior to potentially shady offshore websites that are completely unaccountable to U.S. officials. And the domestic sites are more accountable to the general public and are responsive to press scrutiny.

In sum, there are no silver bullet solutions. Instead, we need a multi-prong, layered strategy…

Better approach to online child safety = The “3-E Solution”: Education, Empowerment, and Enforcement

“Education” refers to not only the need for K-12 information literacy efforts but also, more broadly, to the need for comprehensive online safety instruction and awareness-building efforts. Governments at all levels need to take an aggressive role here.

“Empowerment” refers to the importance of providing parents with more and better tools to make informed decisions about media and communications tools in their lives of their children. Government can facilitate these efforts in partnership with industry and non-profit organizations. For example, helping to make parents more aware of Internet monitoring tools and strategies would be one of the most constructive solutions.

“Enforcement” refers to stepped up law enforcement efforts to find and adequately prosecute child predators. It is essential that law enforcement officials receive the resources and training necessary to adequately monitor online networks for predators and to bring them to justice when they are found. For example, law enforcement agencies need sophisticated computer forensic labs and skilled experts to help investigate online crimes. And they need to be trained to conduct proper sting operations to find predators before they harm our children. Finally, much longer prison sentences are needed for child predation.

[For additional information, please see my March study, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”]

Transcript of PFF Age Verification (3/23) event

Adam Thierer — Mon, 14 May 2007 00:45:01 +0000

In late March, I hosted a congressional seminar entitled “Age Verification for Social Networking Sites: Is It Possible? And Desirable?” I brought together 5 experts in the field to debate the issue, including:

John Cardillo, President & CEO, Sentinel
Jay Chaudhuri, Special Counsel to North Carolina Attorney General Roy Cooper
Raye Croghan, Vice President, IDology, Inc.
Tim Lordan, Executive Director, Internet Education Foundation
Jeff Schmidt, CEO, Authis

It was an outstanding discussion and I’m happy to report that the transcript is now available online here. Also, you can listen to the audio from the event here. Also, you can find the big study of mine that we discussed that day here.

http://documents.scribd.com/ScribdViewer.swf?document_id=2887394&access_key=key-18jii1mp0o9wovvaijjs&page=&version=1&auto_size=true

Age Verification for Social Networking Sites (PFF event transcript) – Upload a Document to Scribd

Read this document on Scribd: Age Verification for Social Networking Sites (PFF event transcript)

New York Times article on Age Verification for Social Networking Sites

Adam Thierer — Mon, 07 May 2007 15:06:24 +0000

Jennifer Medina of the New York Times penned an article yesterday on the debate over social networking fears leading to calls for age verification mandates. She noted that measures are moving in several states that would require social networking sites to age-verify users before they are allowed to visit the sites or create profiles there. But Medina also noted that there are many difficult questions about how age verification would work and how “social networking” would even be defined. (I summarize these questions in my recent PFF report, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions.”)

Ms. Medina was also kind enough to interview me for the story and she summarizes some of what I had to say in her piece. In a nutshell, I stressed that the most effective way to deal with this problem is to get serious about dealing with sex offenders instead of trying to regulate law-abiding citizens. We need to be locking up convicted sex offenders for a lot longer in this country to make sure they behind bars instead of behind keyboards seeking to prey on our children.

I also stressed the importance of online safety education as part of the strategy here. But my comments on that didn’t make the cut in the story. But you can read my big recent paper on this issue for additional details.

Forbes.com interview on social networking panic

Adam Thierer — Tue, 03 Apr 2007 19:14:06 +0000

Lisa Lerer of Forbes was nice enough to do a feature story this week about my views on the panic over social networking and the push for age verification of such sites. Her piece is entitled “Why MySpace is a Safe Space,” and begins as follows: “Adam Thierer doesn’t look like much of a revolutionary. But last month he challenged both Washington and conventional wisdom with a fairly radical proposition: Perhaps MySpace and the Internet aren’t so scary for kids, after all.”

I don’t really regard what I’ve been saying in my recent essays or big new PFF study as “revolutionary.” Rather, if you spend any time studying this issue and these sites in a dispassionate, educated way, I think the conclusions I draw seem quite reasonable. Unfortunately, I don’t think many policy makers or critics have spent any serious time on these sites or seriously explored the relative danger of online social networking sites relative to offline social networking places. A classic “moral panic” has developed because of this: An older generation fears a new medium that it does not use or understand.

Anyway, read my discussion with Lisa for more details.

Age-Verify Users Before They Visit USA Today.com?

Adam Thierer — Mon, 05 Mar 2007 14:02:00 +0000

I’m putting the wraps on a big paper on the dangers of mandating age verification for social networking websites. One of the questions I ask in the study is exactly how broadly “social networking sites” will be defined for purposes of regulation? Will chat rooms, hobbyist sites, listservs, instant messaging, video sharing sites, online marketplaces or online multiplayer gaming sites qualify? If so, how will they be policed and how burdensome will age-verification mandates become for smaller sites? Finally, does the government currently have the resources to engage in such policing activities since almost all websites now have a social networking component? I explore these and other questions in my paper.

But now I have another type of site to add to list, and not one that I originally gave much consideration to: online newspapers. Over the weekend, the USA Today relaunched its website, not only to freshen up its look, but also to fundamentally change the ways the site works. According to the editors, the new features of the site will give readers the ability to:

• Scan other news sources directly on USATODAY.com; • See how readers are reacting to stories; • Recommend stories and comments to other readers; • Comment directly on stories; • Participate in discussion forums; • Write reviews (of movies, music and more); • Contribute photos; • Better communicate with USA Today staff.

Other bloggers were quick to note that the newspaper is essentially trying to refashion itself as a social networking site. Some wonder whether a newspaper can really be a social networking site. Others point out that traditional newspaper readers may resist such changes for a variety of reasons. (Don Dodge points out that 92% of reader responses have been negative so far).

But let’s ignore all that for a moment and get back to the question I posed in the title of my post: If USA Today is billing itself as a social networking site–or if others argue that it represents a social networking site–will the company be required to age-verify users before they visit the site?

Well, that depends on how the age verification regs would get written, of course. But one definition has already been suggested under the proposed “Deleting Online Predators Act” (DOPA), which would ban such sites in publicly funded schools and libraries. Under DOPA, “Commercial Social Networking Websites” are defined as any site that: “(a) allows users to create web pages or profiles that provide information about themselves and are available to other users; and (b) offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.”

Keeping that definition in mind, let’s check out some more material from the USA Today’s “Quick Guide to New Features.” Specifically, look at sections on this page about “personal spaces” and “avatars”:

Personal space: When you become a member, we automatically establish a personal profile page. As you interact with the USA Today community, your comments, recommendations and other contributions are automatically appended to your page. Your profile page includes a place for you to upload photos, write a blog, and the ability to send messages to other users. These pages allow readers to get a better sense of the site’s most active contributors. Avatar: Every one of our pages features a spot just for you: up there in the right-hand corner. That’s where you’ll be notified of messages left by other readers. Make yourself at home. Upload a picture of yourself, a funny icon, or choose from our selection of ready-made avatars.

Sounds a heck of lot like a social networking site to me. And if it was defined as such by lawmakers, it could mean that (under DOPA) access to the USA Today would need to be banned in public schools and libraries and that everyone would need to be age-verified before they go on the new USA Today website in their own homes. Welcome to the world of unitended regulatory consequences!

Additional Reading:

“Social Networking Websites & Child Protection: Toward a Rational Dialogue,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.17, June 2006.

“Is MySpace the Government’s Space?,” by Adam Thierer, Progress & Freedom Foundation Progress Snapshot 2.16, June 2006.