Stefan Krappitz, writer of the book Troll Culture: A Comprehensive Guide, discusses the phenomenon of internet trolling. For Krappitz trolling is disrupting people for personal amusement. Trolling is largely a positive phenomenon argues Krappitz. While it can become very negative in some cases, for the most part trolling is simply an amusing practice that is no different than playing practical jokes. Krappitz believes that trolling has been around since before the age of the internet. He notes that the behavior of Socrates is reminiscent of trolling because he pretended to be a student and then used his questioning to mock people who did not know what they were talking about. Krappitz also discusses anonymity and how it contributes and takes away from trolling as well as discussing where the line is between good trolling and cyber-bullying.

Download

Related Links

• “Troll Culture: A Comprehensive Guide” , by Krappitz
• “How the Internet Beat Up and 11-Year-Old Girl” by Gawker
• “Forever Alone Involuntary Flashmob”, Vice
• “The Trolls Among Us”, New York Times
• “Trolling for Ethics: Mattathias Schwartz’s Awesome Piece on Internet Poltergeists”, New York Times

Sen. Amy Klobuchar just released a letter to Facebook demanding the site require “a prominent safety button or link on the profile pages of users under the age of 18″—akin to the so-called “panic button” app launched earlier this week by the UK’s Child Exploitation & Online Protection Centre (CEOP). She doesn’t seem to realize that this app is available to all Facebook users, not just those in the UK. But her focus on empowerment tools and education is admirable, and it’s certainly a fair question to ask what sites like Facebook and MySpace are doing in these areas.

Unfortunately, Klobuchar’s letter also engages in blatant fear-mongering:

Recent research has shown that one in four American teenagers have been victims of a cyber predator.  And when teens experience abusive behavior online, only ten percent discuss it with their parents and even fewer report the misconduct to law enforcement.  It’s clear that teenagers need to know how to respond to a cyber attack and I believe we need stronger reporting mechanisms to keep our kids safe.

Klobuchar doesn’t actually cite anything, so it’s not clear what research she’s relying on. The 25% statistic is particularly incendiary, suggesting a nationwide cyber-predation crisis—perhaps leading the public to believe 8 or 9 million teens have been lured into sexual encounters offline. Perhaps the Senator considers every cyber-bully a cyber predator—which might get to the 25% number. But there are two serious problem with that moral equivalence.

First, to equate child predation with peer bullying is to engage in a dangerous game of defining deviancy down. Predation and bullying are radically different things. The first (sexual abuse) is a clear and heinous crime that can lead to long-term psychological damage. The second might be a crime in certain circumstances, but generally not.  And it is even less likely to be a crime when it occurs among young peers, which research shows constitutes the vast majority of cases. As Adam Thierer and I noted in our Congressional testimony last year, there are legitimate concerns about cyberbullying, but it’s something best dealt with by parents and schools rather than prosecutors (like Klobuchar in her pre-Senate career).

Second, a series of official taskforces have concluded that the cyberpredator technopanic is vastly overblown. NTIA’s Online Safety and Technology Working Group final 2010 report concluded that “several studies, including some funded by the U.S. Department of Justice, have shown that the statistical probability of a young person being physically harmed by an adult who they first met online is extremely low,” (OSTWG Report at 10-11). Harvard’s 2009 Berkman Center Internet Safety Technical Task Force report concluded:

cases [of adult to child sexual encounters on social networks] typically involved post-pubescent youth who were aware that they were meeting an adult male for the purpose of engaging in sexual activity…. the risk profile for the use of different genres of social media depends on the type of risk, common uses by minors, and the psychosocial makeup of minors who use them…. Youth identify most sexual solicitors as being other adolescents (48%; 43%) or young adults between the ages of 18 and 21 (20%; 30%) and that youth typically ignore or deflect solicitations without experiencing distress.

A number of other task force reports have reached similar conclusions, all agreeing that education and empowerment are the answer. In particular, a 2008 study found that use of popular social networking sites such as MySpace and Facebook does not appear to increase their risk of being victimized by online predators. In particular, the study noted that the 500 arrests made nation-wide for Internet-initiated sex crimes accounted for just 7% of all statutory rapes”—i.e., for adult-on minor sex.

The letter goes on to ask about Facebook’s Internet safety page (she could have just Googled “Facebook Safety” and found it and its wealth of resources) and whether Facebook has a report abuse system—see the “Report Abuse” button at the bottom of any profile, page or group, which produces this dialogue box for user profiles:

And this box for pages:

MySpace has similar reporting mechanisms (and this form) and resources for kids & parents. Both sites employ hundreds of people to respond to such requests, decide when to take down content, and when to bring in law enforcement—which is a pretty big commitment from sites that don’t charge users a penny.

If the good Senator or her staff had had Googled (or Binged) “Facebook safety advisory board,” she would have found a number of press releases about the group, which Facebook launched last December to interface with child safety experts.

Again, it’s a fair question whether Facebook could do even more than it’s already done. For example, the “report abuse” link could probably be moved to a more prominent location on the page. But with its incendiary rhetoric and easily answered questions, Klobuchar’s letter seems intended more to make headlines and score political points than to really move the ball forward on her stated objective, which we should all share: enhancing education and empowerment solutions. Playing fast and loose with the facts—and throwing more fuel on the fire of a technopanic in the process—is unwise and unconstructive.

Bob Barr, the four term Republican Georgia congressman turned ACLU activist and 2008 Libertarian Presidential candidate, has denounced Rep. Linda Sánchez‘s (D-CA) “Megan Meier Cyber Bullying Prevention Act” (H.R. 1966) in particularly harsh terms:

This legislation represents an exercise in overcriminalization and poor draftsmanship not often seen, even in the Congress.  A term as broad and as vague as “intent  to .  .  .  cause substantial emotional distress to a person” invites constitutional challenge as being violative of the Fifth Amendment due process guarantee, as well as the First Amendment’s language protecting speech (including political and news media speech).   Sending an e-mail or a blog, or even posting a Twitter message that might be particularly insensitive or even downright mean about another person, including perhaps a candidate for office or an incumbent, could land you in jail if Rep. Sanchez’ bill were to become law.

Barr touches on many of the key points Adam Thierer and I raised in the written testimony we submitted to House Judiciary Committee’s hearing on this subject back in September—summarized here. At the hearing, Sanchez declared her intention to revise the bill to incorporate constitutional criticisms. Stay tuned for an update on that front…

But as we noted in our testimony, the constitutional problems with criminalization cannot beeasily  remedied, especially since Sanchez seems unwilling to limit her bill to cyberharassment of children by adults (such as allegedly happened in the Megan Meier case)—relying instead on existing cyberstalking laws (a much more narrowly defined crime involving “true threats”) to govern conduct among adults, and educational and counseling-based approaches to govern true cyberbullying among children.

Why we haven’t heard the last of Sanchez’s bill, the more serious threat is likely to be efforts to deputize online intermediaries to “deal with the problem” by chipping away at the broad immunity under Section 230 that has allowed the great flourishing of online content and services involving user generated content and participation. As we noted:

The basic premise behind Section 230 remains just as true today as it was in 1996: Holding online intermediaries liable for the speech or conduct of users of their sites or services would strongly discourage voluntary efforts to police online communities.  Indeed, as social networking functionality has become ubiquitous online, Section 230 has grown more important as a “Cornerstone of Internet Freedom”: Without it, online intermediaries would be forced to take sweeping steps that could massively chill online speech and threaten the viability of smaller site operators.

OnGuardOnline.gov is a project of a dozen federal agencies and several private child safety organizations who have collaborated to create a website which “provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.”  The Federal Trade Commission (FTC) is particularly instrumental in maintaining and promoting the site but it works closely with those other agencies and organizations to craft messages and programs.

OnGuardOnline has just released a terrific new online safety resource called  Net Cetera: Chatting with Kids about Being Online. This 54-page document is an outstanding resource for parents.  The report’s advice and recommendations are spot on across the board and I particularly want to highlight the important section right at the front of the document entitled, “Talk to Your Kids.”  It begins: “The best way to protect your kids online? Talk to them. Research suggests that when children want important information, most rely on their parents.” Quite right.  And the NetCetra report goes on to offer the following excellent advice:

• Start early. After all, even toddlers see their parents use all kinds of devices. As soon as your child is using a computer, a cell phone or any mobile device, it’s time to talk to them about online behavior, safety, and security. As a parent, you have the opportunity to talk to your kid about what’s important before anyone else does.
• Create an honest, open environment. Kids look to their parents to help guide them. Be supportive and positive.  Listening and taking their feelings into account helps keep conversation afloat. You may not have all the answers, and being honest about that can go a long way.

• Initiate conversations. Even if your kids are comfortable approaching you, don’t wait for them to start the conversation. Use everyday opportunities to talk to your kids about being online. For instance, a TV program featuring a teen online or using a cell phone can tee up a discussion about what to do—or not—in similar circumstances. News stories about internet scams or cyberbullying, for example, also can help start a conversation with kids about their experiences and your expectations.
• Communicate your values. Be upfront about your values and how they apply in an online context. Communicating your values clearly can help your kids make smarter and more thoughtful decisions when they face tricky situations.
• Be patient. Resist the urge to rush through conversations with your kids. Most kids need to hear information repeated, in small doses, for it to sink in. If you keep talking with your kids, your patience and persistence will pay off in the long run. Work hard to keep the lines of communication open, even if you learn your kid has done something online you find inappropriate.

Absolutely perfect; that’s a great model for all parents to adopt.  And the report offers excellent advice on a variety of issues from there.

This is exactly the sort of thing I called for the government to start doing in my report, Parental Controls & Online Child Protection.  In Sec IV.B(2) of my report (beginning on pg. 150 of Ver. 4.0), I called for public officials to get serious about online safety education and awareness building by using collaborative efforts and promotional tools to spread general safety messages.  This sort of education and awareness building is the constructive alternative to regulatory efforts that are all too often favored by some policymakers and regulators.

The FTC and all the other agencies and organizations involved in creating the Net Cetera report deserve high praise for what they’ve done here.  Absolutely outstanding work. Read it.

The House Judiciary Committee’s Crime subcommittee yesterday held a hearing yesterday on the painful issues of cyberbullying (webcast). Rep. Linda Sánchez (D-CA) talked about her bill, the “Megan Meier Cyber Bullying Prevention Act” (H.R. 1966), which would create of a new federal felony to punish cyberharassment, including fines and jail time for violators. Rep. Debbie Wasserman Schultz (D-FL) talked about her bill, the “Adolescent Web Awareness Requires Education Act (AWARE Act)” (H.R. 3630), which would instead allocate $125 million over five years in grants for education and awareness-building about these problems. Without endorsing any particular approach, Adam and I discussed the general advantages of education over criminalization in our “Cyberbullying Legislation: Why Education is Preferable to Regulation” paper published by PFF in June, which we updated and submitted as written testimony. But we really couldn’t have done a better job at making this point than Ranking Member Louie Gohmert (R-TX), who powerfully articulated his opposition to the run-away growth of federal criminal law. Chairman Scott (D-VA) also expressed a commendable reluctance to just pass another law and assume that fixes the problem.

Problems with Criminalization

Three lawyers on the panel generally agreed on the thorny speech and due process concerns raised by criminalization and agreed that the Sánchez bill would require serious revision to pass constitutional muster.  UVA Law Prof. Robert O’Neil (testimony) suggested that of the exceptions to free speech protection recognized by the Supreme Court, the only one that could likely be used to do what advocates of cyberbullying criminalization want to accomplish is the intentional infliction of emotional distress. But O’Neill emphasized that this is generally a tort, not a criminal action—which seems like a pretty big distinction to me, especially when the criminal sanction might involve a felony conviction, as Sánchez has proposed. Felony convictions are the “Mark of Cain” in modern life, exceeded only in their lasting effect by being required to register on a sex offender registry. Cato Adjunct Fellow and civil rights lawyer Harvey Silverglate (testimony) highlighted the serious problems raised by vagueness and over-breadth in attempting to define harassment—as evidenced by speech codes at many universities. Harvard Law Prof. John Palfrey (testimony) generally echoed these concerns.

Criminalizing what is mostly child-on-child behavior simply will not solve the age-old problem of kids mistreating each other, a problem that has traditionally been dealt with through counseling and rehabilitation at the local level. For all the talk of how to craft a criminal law (especially its definitions) to minimize constitutional problems, I was very surprised that no one at the hearing raised the critical issue of just who it is we’re trying to protect and from whom.

As we emphasize in our paper, the real problem here is not cyber- bullying (kids bullying other kids online just as they do on the playground, or cyber-harassment in general (adults being rude to each other online), but the special case of adults harassing kids—and knowing they’re doing it. That’s not to say that bullying can’t be severe or very hurtful, but it’s best dealt with by parents, schools and mental health professionals (for both the bullied and the bullies). Given that what’s at stake is free expression online, I just don’t see any need to create new penalties to restrict conversations among adults: As the lawyers on the panel emphasized, the Supreme Court already recognizes exceptions to First Amendment coverage for “true threats,” “fighting words,” etc., which are already covered by state laws.  But in certain cases where an adult egregiously harasses someone they know is a child over the Internet (what most people assume happened in the Megan Meier case), causing real harm, criminal sanctions might well be appropriate, but no one’s yet drafted such a bill.

As Ranking Member Gohmert emphasized, even if such a law could be written to minimize First and Fourteenth Amendment concerns, a critical question of federalism would remain: Should the federal government assert control of an issue of criminal law that has traditionally been left to the states? This is not merely a constitutional question, but a practical one: The federal criminal justice system simply is not equipped to accommodate juvenile defendants.  For this reason and because it is still unclear how to write a narrowly tailored law, if criminal sanctions are pursued as a solution, it may be preferable to defer to state experimentation with varying models at this time. Indeed, Rep. Gohmert may be correct that, under the Tenth Amendment, online harassment simply isn’t the proper role of the federal government.

The Better Alternative: Promoting Education

Two child safety experts also testified, Judi Westberg Warren (testimony), President of Web Wise Kids, and Nancy Willard (testimony), Director of The Center for Safe and Responsible Internet Use. Judi and Nancy both talked about the advantages of supporting education, but disagreed as to what kind of funding was really needed and who should award such grants. Nancy argued strongly that grant decisions should be made by the Department of Education, Department of Health & Human Services and the Department of Justice acting together, rather than by DOJ acting alone, as the AWARE Act proposes—lest we wind up with something like the “DARE” campaign, which some educators think was counter-productive. Despite these differences, education and awareness-based approaches have a chance of effectively reducing truly harmful behavior, especially over the long haul. Such approaches would have the added benefit of avoiding constitutional pitfalls and subsequent court challenges.

The Siren Song of Intermediary Deputization

The real bombshell at the hearing was Prof. Palfrey’s reiteration of the call he made in his 2008 book Born Digital: Understanding the First Generation of Digital Natives to restrict the immunity from tort law created by Section 230 of the Communications Decency Act as a way of addressing concerns about online child safety, including cyberbullying. Adam highlighted the problems with such an approach in his Ars Technica debate with Palfrey earlier this year and has highlighted the threat this poses to online anonymity for all Internet users. The basic premise behind Section 230 remains just as true today as it was in 1996: Holding online intermediaries liable for the speech or conduct of users of their sites or services would strongly discourage voluntary efforts to police online communities.  Indeed, as social networking functionality has become ubiquitous online, Section 230 has grown more important as a “Cornerstone of Internet Freedom”: Without it, online intermediaries would be forced to take sweeping steps that could massively chill online speech and threaten the viability of smaller site operators.

I was relieved that Palfrey got no questions about this issue from the Members during the hearing, but the buzz about the issue afterwards in the hearing room left me concerned that we’re likely to hear more about this very dangerous, but understandably seductive idea in the near future. “Hard cases make bad law,” as lawyers say, and I can all to easily imagine well-justified concerns about cyberbullying leading, with the best of intentions, to “Tort Reform for the Internet” of the worst kind—one that would do serious harm to the profound democratization of content and communications wrought by Web 2.0 tools.

Cyberbullying constitutes one of the largest growth categories of recent cyberlaw legislative proposals, and many state legislatures have already enacted measures aimed at combating this problem using a variety of approaches.  Those attempting to monitor ongoing developments in this field might find it useful to examine this National Conference of State Legislatures (NCSL) compendium of recent state cyberbullying bills.

In June, Berin Szoka and I published a PFF white paper, “Cyberbullying Legislation: Why Education is Preferable to Regulation.”  That paper mostly address federal legislation and, in particular, we contrasted the approaches set forth in Rep. Linda Sánchez’s (D-CA) “Megan Meier Cyberbullying Prevention Act,” versus the “School and Family Education about the Internet (SAFE Internet) Act,” which was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL).  Whereas the Sánchez bill would create a new federal felony to address these problems, the SAFE Internet Act proposes an education-based approach to the issue.

Generally speaking, Berin and I favor the latter approach, to the extent federal legislators feel the need to act. But we argued that state experimentation on this front may be the better way to go at this time.  As the NCSL survey suggests, states are pursing a variety of strategies and will continue to do so.  In light of that, I’m not sure why any federal legislation is needed at this time.  If the feds are really eager to push something at the national level, perhaps a generic public awareness / PSA campaign would make the most sense while more tailored state-based experimentation continues.  This is rare example of where state-based experimentation with a cyberlaw issue actually makes a lot of sense.

Just caught this LA Times editorial from a couple of days ago on the “Overreaction to Online Harassment.” The piece makes many of the same points that Berin Szoka and I stress in our PFF paper on “Cyberbullying Legislation: Why Education is Preferable to Regulation.” [Also, here’s a video of a debate on these issues that I took part in up on Cap Hill this summer.]

The Times editorial notes that, “Because of a past tragedy, lawmakers and prosecutors are becoming overzealous in combating noxious behavior on the Web.” Specifically, they are referring to the tragic case of Megan Meier, the teen who committed suicide after being harassed on MySpace. “Members of Congress often try to expand the powers of federal prosecutors and courts when state law doesn’t produce the results they seek, especially when confronted with cases as heart-wrenching as Meier’s,” the Times noted. For example, in may 2008, Rep. Linda Sánchez (D-CA) introduced H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” which would create a new federal felony to deal with this concern.

But creating a federal crime for something that is mostly peer-on-peer activity seems like overkill. Moreover, the Times notes, “the bill is so vaguely written” that it “would have a hard time withstanding a 1st Amendment challenge if it ever became law.”  As you’ll see in our paper, Berin and I agree, but we also point out that cyberbullying is a very serious matter since evidence suggests the cyberbullying is on the rise and that it can have profoundly damaging consequences for children.

The Times would have been on stronger ground had they pointed out that fact as well the presence of a solid alternative to the Sánchez bill: Education and awareness-building efforts. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services.  That’s the more sensible — and constitutional — way to address cyberbullying concerns should federal lawmakers feel the need to act.

Finally, as the Times concludes in its editorial, “harassment is amply addressed by state criminal and civil laws.” Existing state statutes can be extended to cover the most problematic forms of online harassment, especially those that involved adult-on-child contact. We don’t need to make a federal matter, or crime, out of this.

On July 27th, The Progress & Freedom Foundation hosted a Capitol Hill panel discussion entitled “Online Child Safety, Privacy, and Free Speech: An Overview of Challenges in Congress & the States.” The event featured remarks from:

• Parry Aftab, Executive Director, WiredSafety.org
• Todd Haiken, Senior Manager of Policy, Common Sense Media
• Jim Halpert, Partner, DLA Piper
• Berin Szoka, Senior Fellow, The Progress & Freedom Foundation

We’ve just released the transcript of the event, which I have also pasted down below the fold in a Scribd document reader. Also, the audio for this event can be heard by clicking below:

Download mp3

Here is the full event description:

Online child safety, privacy, and free speech remain hotly debated issues at both the federal and state level. Bills introduced in Congress to address cyberbullying concerns propose either educational initiatives or a criminalization approach. Access to objectionable content also remains a concern and a new, government-mandated task force is looking into those issues. Meanwhile, state officials, including many state attorneys general, continue to explore age verification mandates for social networking sites and some have considered building on the federal Children’s Online Privacy Protection Act (COPPA) to expand “parental notification” mandates. The Federal Trade Commission (FTC) has recently announced an expedited review of COPPA to see if it is keeping up with new developments. The FTC is also exploring child safety in virtual worlds. New concerns about “sexting,” or the sending of sexual explicit images over mobile devices, has also raised new concerns led some lawmakers to ponder penalties.

How serious are these concerns? Is legislation or regulation needed to address them? What free speech issues are at stake? Should Congress take the lead or leave it to the States to experiment with different models? These and other issues were discussed by a panel of leading experts in the field of online safety and privacy policy.

Transcript PFF Online Child Safety Privacy Hill Event (7-27-2009) http://d.scribd.com/ScribdViewer.swf?document_id=18756666&access_key=key-1blb7az1ag406howibuk&page=1&version=1&viewMode=

My friend Larry Magid, the co-director of ConnectSafely.org (with Anne Collier) and founder of SafeKids.com, has a sharp new piece up at CBS News.com entitled, “Stop Cyberbullying with Education,” in which he rightly points out how “we need to be careful with legislation that would outlaw cyberbullying.”  He points out that although cyberbullying is “not an epidemic and it’s not killing our children”:

Bullying has always been a problem among adolescents and, sadly, so has suicide. In the few known cases of suicide after cyberbullying, there are other contributing factors. That’s not to diminish the tragedy or suggest that the cyberbullying didn’t play a role but–as with all online youth risk, we need to look at what else was going on in the child’s life. Even when a suicide or other tragic event doesn’t occur, cyberbullying is often accompanied by a pattern of offline bullying and sometimes there are other issues including long-term depression, problems at home, and self-esteem issues.

He goes on to provide some solid advice:

identifying the reasons kids are acting as bullies can go a long way toward preventing it as can educational programs that stress ethics and cyber citizenship (“netiquette”). It also helps kids to know what to do if they are victims of bullying. At ConnectSafely.org (a site I help operate) we came up with a number of tips including: don’t respond, don’t retaliate; talk to a trusted adult; and save the evidence. We also advise young people to be civil toward others and not to be bullies themselves. Finally, “be a friend, not a bystander.” Don’t forward mean messages and let bullies know that their actions are not cool. If your child is a victim of cyberbullying, don’t start by taking away his or her Internet privileges. That’s one reason kids often don’t talk about Net-related problems with parents. Instead, try to get your child to calmly explain what has happened. If possible, talk with the parents of the other kids involved and, if necessary, involve school authorities. If the impact of the bullying spills over to school (as it usually does), the school has a right to intervene.

And Larry cautions against rushing into legislative solutions that would criminalize the problem and throw the book at kids instead of adopting a more sensible education and counseling approach to the problem.  This is very much in line with the approach Berin Szoka and I set forth in our recent PFF white paper, “Cyberbullying Legislation: Why Education is Preferable to Regulation.”  While some truly troubled teens who instigate truly awful cyber-bullying attacks might deserve some time in the juvenile justice system, that shouldn’t be our first option for all kids involved in incidents. Anyway, read Larry’s essay.

Full disclosure:  Larry and I are currently serving together on the new, congressionally-mandated Online Safety Technology Working Group. (OSTWG)

In an earlier post, I mentioned an important new online child safety task force report that has just been released from the “Point Smart. Click Safe.” Blue Ribbon Working Group. It’s a great report and I encourage you to read the whole thing. It was my great pleasure to serve on this task force, and as we started finalizing our conclusions and recommendations, I started thinking about how much of what we were finding and recommending was consistent with what past online safety task forces had also concluded.

By way of background, over the past decade, five major online safety task forces or blue ribbon commissions have been convened to study online safety issues. Two of these task forces were convened in the United States and issued reports in 2000 (“COPA Commission”) and 2002 (“Thornburgh Commission“). Another was commissioned by the British government in 2007 and issued in a major report in March 2008 (“Byron Review“). Finally, two additional online safety task forces were formed in the U.S. in 2008 and concluded their work, respectively, in January (“Internet Safety Technical Task Force“) and July (“Point Smart. Click Safe.“) of 2009. [And yet another task force — the Online Safety Technology Working Group — was recently formed and has now gotten underway.]

In a new PFF white paper, ” Five Online Safety Task Forces Agree: Education, Empowerment & Self-Regulation Are the Answer,” I walk through a chronological summary of each of these past task forces [click on covers of each report below to read them in their entirety] and highlight some of the similar themes and recommendations from them.

Altogether, these five task forces heard from hundreds of experts and produced thousands of pages of testimony and reports on a wide variety of issues related to online child safety. While each of these task forces had different origins and unique membership, what is striking about them is the general unanimity of their conclusions. Among the common themes or recommendations of these five task forces:

• Education is the primary solution to most online child safety concerns. These task forces consistently stressed the importance of media literacy, awareness-building efforts, public service announcements, targeted intervention techniques, and better mentoring and parenting strategies.
• There is no single “silver-bullet” solution or technological “quick-fix” to child safety concerns. That is especially the case in light of the rapid pace of change in the digital world.
• Empowering parents and guardians with a diverse array of tools, however, can help families, caretakers, and schools to exercise more control over online content and communications.
• Technological tools and parental controls are most effective as part of a “layered” approach to child safety that views them as one of many strategies or solutions.
• The best technical control measures are those that work in tandem with educational strategies and approaches to better guide and mentor children to make wise choices. Thus, technical solutions can supplement, but can never supplant, the educational and mentoring role.
• Industry should formulate best practices and self-regulatory systems to empower users with more information and tools so they can make appropriate decisions for themselves and their families. And those best practices, which often take the form of an industry code of conduct or default control settings, should constantly be refined to take into account new social concerns, cultural norms, and technological developments.
• Government should avoid inflexible, top-down technological mandates. Instead, policymakers should focus on encouraging collaborative, multifaceted, multi-stakeholder initiatives and approaches to enhance online safety. Additional resources for education and awareness-building efforts are also crucial. Finally, governments should ensure appropriate penalties are in place to punish serious crimes against children and also make sure law enforcement agencies have adequate resources to police crimes and punish wrong-doers.

The consistency of these findings from those five previous task forces is important and it should guide future discussions among policymakers, the press, and the general public regarding online child safety.  As I note in the paper, the findings are particularly relevant today since Congress and the Obama Administration — including 3 federal agencies (NTIA, FCC, & FTC) are actively studying these issues. So, in light of all that, I hope this short paper can shed some light on the collective wisdom of the past task forces. While more study of online child safety issues is always welcome — including additional task forces or working groups if policymakers deem them necessary — thanks to the work of these five task forces, we now have better vision of what is needed to address online safety concerns.

Five Online Safety Task Forces Agree [PFF – Adam Thierer] http://d.scribd.com/ScribdViewer.swf?document_id=17181137&access_key=key-z6cxfgrjkqaqtxbix&page=1&version=1&viewMode=

The painful issue of cyberbullying has recently taken center stage in the ongoing debate about online child safety. Last week I wrote about Lori Drew’s acquittal on charges related to Megan Meier’s tragic suicide, suggesting that the judge in the case was right to overturn her conviction on a very expansive reading of the federal anti-hacking statute. While I think that decision was necessary on legal grounds, it’s sure to add “fuel to the fire” of calls for “action” in Congress.  Thus, I emphasized that observers of the case need to separate their understandable outrage from the from the questions of (1) whether that statute was properly applied and (2) how the law should treat such cases in the future.

On the second question, Adam and I recently released a major entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation.”  We distinguish among:

1. Cyberbullying: kid-on-kid abuse online
2. Cyberharassment generally: people of all ages using the Internet to harass each other
3. Adult-on-kid cyberharassment: For example, Lori Drew’s alleged (but still unclear) role in the Megan Meier case

In a nutshell, we argue that education is the better approach to cyberbullying (Problem #1)—an approach taken by a bill introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL) .  We go on to argue that, while it would be difficult to create criminal sanctions for cyberharassment generally (Problem #2) without infringing free speech and due process rights, it might be possible to craft laws narrowly tailored to cyberharassment of kids by adults (Problem #3).

By contrast, Rep. Linda Sánchez has proposed the “Megan Meier Cyberbullying Prevention Act, which by its title purports to deal with that problem (#3) but would actually create a sweeping Federal felony for all cyberharassment (#2). We noted the potential Commerce Clause problems with states trying to regulate Internet speech, and emphasized education as a superior approach at both the federal and state level that avoids constitutional problems, but suggested that, if Congress does ultimately conclude a criminal law is needed for Problem #3, it would well to do look to how the states craft cyberharassment laws before creating any federal penalty.

Just about the time we finished our paper, Tennessee enacted a new law (PDF) that makes it a misdemeanor (up to 1 year in prison and a $2,500 fine) for making threats made online (cyberstalking) as well as certain instances of cyberharassment, defined as communications:

1. Made with “the malicious intent to frighten, intimidate or cause emotional distress”;
2. Made in a “manner the defendant knows, or reasonably should know, would frighten, intimidate or cause emotional distress to a similarly situated person of reasonable sensibilities; and
3. That actually result in making that person “frightened, intimidated or emotionally distressed.”

Prong #1 is essentially the same as the Sánchez bill (with the addition of the word “malicious”), while Prongs #2 and 3 somewhat increase the evidentiary burden faced by any prosecution under the law. So the bill suffers from many of the same problems that the Sánchez bill suffers from, which we discuss in our paper—most importantly, the bill would chill protected online speech because it is unclear when it would apply, and some online speakers would fear prosecution under the bill.

But what’s really disappointing here is that the original Tennessee bill at least recognized the critical importance of drawing distinctions by age.  It would have applied to specifically to harassing communications “with another person who is, or purports to be, less than 18 years of age” or to communications that cause “another person to be frightened, intimidated, or emotionally distressed, provided that the person’s response is one of a person of average sensibilities considering the age of the person.” While neither approach is quite what we recommend in our paper—if we’re going to criminalize anything, it should be adult-on-kid harassment—the original legislation was certainly better to what finally passed, which would likely fail to pass constitutional muster.

In a related context, Adam and I recently released another major paper detailing the serious consequences for online free speech of well-intentioned efforts to expand COPPA’s privacy protections for kids under 13 to cover all adolescents. There as here, while children under a certain age might be uniquely vulnerable and therefore require special protection (such as special penalties for cyberharassment by adults), we can’t treat everyone like small children without severely compromising freedom of expression online and the future vitality of the Internet itself. Again, this is why education is generally a better approach than criminalization.

Lori Drew was convicted late last year on charges related to her role in a cruel hoax that led to the tragic suicide of thirteen-year old Megan Meier in Missouri in 2006. But today, at her sentencing, the judge threw out her convictions. Millions around the world were horrified by Megan’s fate, and many will probably be upset that Drew might go unpunished. But we need to separate three questions in this case:

1. Should the federal anti-hacking law under which she was convicted really be applied in such cases?
2. What, precisely, was Drew’s involvement?
3. The key question: What should be done about the general problems of cyberbullying and cyberharassment?

Misuse of the Anti-Hacking Statute

Judge Wu has yet to issue his written opinion but seems to have agreed with the various experts on Internet law who argued that, however tragic the Meier case was, the Computer Fraud & Abuse Act (CFAA) should not have been applied to Drew. Most notably, the Electronic Frontier Foundation filed an Amicus Brief in support of Drew’s motion to dismiss the charges against her—summarized by Groklaw and the Harvard Journal of Law & Technology. Orin Kerr, a leading Internet law professor, felt so strongly about the consequences of using the CFAA to criminalize violations of privately written terms of service that he joined Drew’s defense team. Kerr demonstrated the problems of essentially allowing private parties to create the grounds for criminal offenses (if violated by users) by suggesting obviously ridiculous new terms of service for the Volokh Conspiracy, the group blog he writes on.

Hard as it may be for those who want to “see justice done” in this case, the CFAA just isn’t the right law to apply—which raises the question of whether new laws are needed, discussed below.

Uncertainty About Drew’s Role

The judge may also have been influenced by uncertainty as to Drew’s actual role in the case. Initial coverage of the story suggested that Drew created the fake MySpace persona of a teen boy (“Josh Evans”), then used that profile to woo Meier, a classmate of Drew’s daughter, only to deliberately—and cruelly—break her heart. After Missouri prosecutors and the FBI declined to press charges against Drew, federal prosecutors in California decided to do so, but Drew consistently maintained that it was not her idea to create the account.

When she finally went to trial, Ashley Grills, an 18-year-old friend of the Drew family, changed her story: Grills had initially claimed that creating the account was Ms. Drew’s idea, but admitted at trial that she (not Drew) created the fake “Josh Evans” account and that most of the conversations between Meier were with Grills, not Lori Drew. In particular, the final blow that seems to have driven the emotionally fragile Meier to suicide apparently came from Grils, not Drew:”You are a bad person and everybody hates you. Have a shitty rest of your life. The world would be a better place without you.”

We’ll probably never know exactly what actually happened, but it does appear that Drew was not the prime instigator behind the hoax, as she first appeared to be, but played more the role of a facilitator. Unconscionable as its for any adult, especially a parent to encourage, promote or even allow such behavior, it may not create legal liability.

Cyberbullying: What’s Next?

The real question here is how we should deal such cases more generally. Adam Thierer and I released a major study of these issues a few weeks ago: Cyberbullying Legislation: Why Education is Preferable to Regulation—which Adam recently dicussed at a Capitol Hill briefing. We distinguish among three problems that have been conflated in coverage of this issue:

1. Cyberbullying: kid-on-kid abuse online
2. Cyberharassment generally: people of all ages using the Internet to harass each other
3. Adult-on-kid cyberharassment: the Megan Meier case

Confusion of these three issues has resulted in some very inappropriate responses to the problem. Most notably, Rep. Linda Sánchez has proposed the “Megan Meier Cyberbullying Prevention Act,” which would make it a federal felony with a sentence of up to two years to transmit “any communication… with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior.” While Sánchez claims uses the word “cyberbullying” (Problem #1), her rhetoric (and the title of the bill) is really focused on adult-on kid cyberharassment (Problem #3). Punishing that special kind of abuse by adults of children, who are particularly vulnerable, might well be something federal law should address. But Sánchez’s bill doesn’t do that; instead, it seeks to punish all cyberharassment (Problem #2). Sánchez’s fails in several other respects to clearly define its terms and scope, thus raising serious constitutional concerns about the bill’s effect on chilling constitutionally protected free speech, as well as about the due process rights of those who might be prosecuted under the bill.

In our paper, we highlight a number of substantial changes that would need to be made to create a narrowly-tailored bill appropriate to the problem of adult-on-kid cyberharassment. But we also explain why it’s probably not possible to craft a law consistent with the Constitution to address the general issue of cyberharassment: While state laws generally apply to cyberstalking (where a threat of physical harm is made or felt), it’s profoundly difficult to distinguish between “harassment” and simple online conversations.

We do think something can and should be done about the very real problem of kid-on-kid cyberbullying (Problem #1). But rather than treat kids as felons (the Sánchez approach), lawmakers could get serious about supporting online safety education, awareness-building efforts, prevention, and intervention. Such an approach would avoid thorny constitutional problems and has recently been floated in both chambers of Congress. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services. These agencies will also work in consultation with education, Internet safety, and other relevant experts to administer a five-year grant program, under which each grant will be awarded for a two-year period. Eligible non-profits may use the grants to:

(1) identify, develop, and implement Internet safety education programs, including educational technology, multimedia and interactive applications, online resources, and lesson plans; (2) provide professional training to elementary and secondary teachers, administrators, and other staff on Internet safety and new media literacy; (3) develop online-risk prevention programs for children; (4) train and support peer-driven Internet safety education initiatives; (5) coordinate and fund research initiatives that investigate online risks to children and Internet safety education; (6) develop and implement public education campaigns to promote awareness of online risks to children and Internet safety education; (7) educate parents about teaching their children how to use the Internet and new media safely, responsibly, and ethically and help parents identify and protect their children from risks relating to use of the Internet and new media

This is exactly the right approach. This bill truly deserves the name “Cyberbullying Prevention Act,” while the Sánchez bill might more accurately be called the “Cyberharassment (of all kinds) Punishment Act.” Rather than pursuing regulation through criminal sanctions that would chill protected speech, education is the better approach—something the federal government can help to support. As Adam and I conclude in our paper:

Again, real online safety and proper netiquette begin at home. We need to teach our kids to be good cyber-citizens. We shouldn’t expect the government (or even schools) to do it all for us. But to the extent government can do something constructive about this problem, it is education and awareness-building that will have the most profound, lasting results. Although more substantive penalties cannot be ruled out entirely, creating new classes of crimes to deal with this problem is unlikely to solve the scourge of cyberbullying. Clearly, based on the emerging research, the young people who are involved in cyberbullying incidents—both as perpetrators and targets—have many problems. Addressing these painfully real issues will require applying effective risk prevention and intervention strategies. Instead of promoting such education, prevention, and intervention solutions, the Sánchez bill would simply create a new federal felony to address this problem. But criminalizing kid-on-kid behavior in whatever form will likely not solve the age-old problem of kids mistreating each other. Indeed, this problem has traditionally been dealt through counseling and rehabilitation at the local level. By contrast, the federal justice system generally works through criminal penalties. If federal criminal law has a role to play, it is in punishing clear cases of harassment of minors by adults in ways that do not chill free speech protected by the First Amendment and that are consistent with the Fourteenth Amendment’s due process guarantees. Unlike the Sánchez bill, the Menendez bill is grounded in the need to implement such counseling and rehabilitation approaches in schools and communities. If members of Congress want to enact legislation that has a chance of effectively reducing truly harmful behavior—and which avoids constitutional pitfalls and subsequent court challenges—the Menendez bill provides the best avenue to accomplish that important goal at this time.

As I noted recently, Berin Szoka and I just released a big PFF white paper (PDF) entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation,” which examines two very different federal approaches to the issue. One approach is focused on the creation of a new federal crime to punish cyberbullying, which would include fines and jail time for violators. One approach, set forth by Rep. Linda Sánchez (D-CA) in H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” would create a new federal felony: “Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both.”

The other legislative approach is education-based and would create an Internet safety education grant program to address the issue in schools and communities. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services.

On June 12, the Family Online Safety Institute (FOSI) hosted a discussion about these bill on Cap Hill, which was moderated by FOSI CEO Stephen Balkam. Representatives from both Rep. Sanchez’s and Sen. Menendez’s offices were on hand to discuss their bills, and I provided some feedback based upon what Berin and I concluded in our paper.  It was a good discussion and I encourage you to watch the whole thing because there were some good questions from the audience later in the show.

By Berin Szoka & Adam Thierer

We’ve just released a new PFF white paper (PDF) entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation.” In this 24-page study we note that, compared to previous fears about online predation, which have been greatly overblown, concerns about cyberbullying are more well-founded. Evidence suggests the cyberbullying is on the rise and that it can have profoundly damaging consequences for children.

Unsurprisingly, in the wake of a handful of high-profile cyberbullying incidents that resulted in teen/tween suicides, some state lawmakers began floating legislation to address the issue. More recently, two very different federal approaches have been proposed. One approach is focused on the creation of a new federal crime to punish cyberbullying, which would include fines and jail time for violators. In April 2008, Rep. Linda Sánchez (D-CA) introduced H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” a bill that would create a new federal felony:

“Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both.”

The other legislative approach is education-based and would create an Internet safety education grant program to address the issue in schools and communities. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services. These agencies will also work in consultation with education, Internet safety, and other relevant experts to administer a five-year grant program, under which each grant will be awarded for a two-year period.

In our paper, we argue that criminalizing what is mostly kid-on-kid behavior—and especially creating a new federal felony, as the Sánchez bill proposes—will not likely solve the age-old problem of kids mistreating each other.  Moreover, this approach could raise thorny free speech and due process issues related to how the law defines harassing or intimidating speech. To the extent criminal sanctions are pursued as a solution, it may be preferable to allow state experimentation with varying models.

By contrast, education and awareness-based approaches have a chance of effectively reducing truly harmful behavior, especially over the long-haul. Such approaches would have the added benefit of avoiding constitutional pitfalls and subsequent court challenges. Thus, if lawmakers feel the need to address cyberbullying concerns at this time, it is clear that regulation is, at best, premature and that education is the better approach.

Our paper can be found on the PFF website or SSRN, and the Scribd version of the document is embedded down below. We welcome your comments on our conclusions.

[In a follow-up post, we will address why the criminalization approach to addressing cyberbullying raises free speech concerns and other constitutional issues.]

Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”

As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.

Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment, etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.

We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:

• Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
• Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
• Hamper routine and socially beneficial communication between adolescents and adults;
• Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);

• Would likely be the subject of massive fraud or evasion since it is not always possible to definitively verify the parent-child relationship, or because the system could be “gamed” in other ways by determined adolescents;
• Do nothing to prevent offshore sites and services from operating outside these rules;
• Present major practical challenges for law enforcement officials in the face of such evasion by both domestic users and offshore sites;
• Could destroy opportunities for new or smaller website operators to break into the market and offer competing services and innovations, thus contributing to consolidation of online content and services by erecting barriers to entry; and
• Violate the Commerce Clause of the U.S. Constitution, since Internet activity clearly represents interstate commerce that states have no authority to regulate.

As anyone who has spent time searching for comments on the FCC’s website can tell you, the agency doesn’t exactly have the most user-friendly website.  In the interest of making it easier for others to read the comments that came in last week in the agency’s “Child Safe Viewing Act” Notice of Inquiry, I have compiled all the major comments (those over 3 or 4 pages) and provided links to them below the fold.

Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  I filed 150+ pages worth of comments in this matter last week, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.

• Association of National Advertisers (ANA)
• AT&T
• Center for Democracy & Technology (Individual Comments)
• CDT (Joint Comments with other Public Interest Groups)
• Children’s Media Policy Coalition
• Coalition for Independent Ratings
• Comcast
• Common Sense Media
• Consumer Electronic Association (CEA)
• CTIA – The Wireless Association
• Cox Communications
• CustomPlay
• Digimarc Corp
• Digital Watermarking Alliance
• Digital Media Association
• Dish Network
• DirecTV
• Entertainment Software Association (ESA)
• Family Online Safety Institute (FOSI)
• Google (+ attachments A, B, C)
• Motion Picture Association of America (MPAA)
• Microsoft
• NAB + NCTA + MPAA (0n TV Guidelines)
• National Cable & Telecommunications Association (NCTA)
• Progress & Freedom Foundation (PFF)
• Sanyo
• Smart Television Alliance
• Sprint-Nextel
• TiVo
• TV Guardian
• TV Watch
• U.S. Telecom Association
• Verizon & Verizon Wireless
• Wi-LAN V-Chip Corp

Today I filed comments with the Federal Communications Commission (FCC) in its proceeding examining the marketplace for “advanced blocking technologies.”  This proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.”  My colleagues will no doubt laugh about the fact that I have dropped an absurd 150 pages worth of comments on the FCC in this matter, but I had a lot to say on this topic!  Parental controls, child safety, and free speech issues have been the focus of much of my research agenda over the past 10 years.

In my filing, I argue that the FCC should tread carefully in this matter since the agency has no authority over most of the media platforms and technologies described in the Commission’s recent Notice of Inquiry.  Moreover, any related mandates or regulatory actions in in this area could diminish future innovation in this field and would violate the First Amendment rights of media creators and consumers alike.  The other major conclusions of my filing are as follows:

• There exists an unprecedented abundance of parental control tools to help parents decide what constitutes acceptable media content in their homes and in the lives of their children.
• There is a trade-off between complexity and convenience for both tools and ratings, and no parental control tool is completely foolproof.
• Most homes have no need for parental control technologies because parents rely on other methods or there are no children in the home.
• The role of household media rules and methods is underappreciated and those rules have an important bearing on this debate.
• Parental control technologies work best in combination with educational efforts and parental involvement.
• The search for technological silver-bullets and “universal” solutions represent a quixotic, Holy Grail-like quest and it will destroy innovation in this marketplace.
• Enforcement of “household standards” made possible through use of parental controls and other methods negates the need for “community standards”-based content regulation.

My entire filing can be found here and down below in a Scribd reader.  All comments in the matter are due tomorrow and then reply comments are due on May 18th.

[FCC FILING] Adam Thierer-PFF Re Child Safe Viewing Act NOI (MB 09-26) http://d.scribd.com/ScribdViewer.swf?document_id=14264143&access_key=key-2nrvjm96q9cl5vep567l&page=1&version=1&viewMode=

Online child safety — especially the fear of predators lurking on social networking sites (SNS) — continues to spur calls by state and federal lawmakers for regulation.  At first, some federal lawmakers advocated outright bans on SNS in schools and libraries via the Deleting Online Predators Act (DOPA).  Meanwhile, state and local lawmakers — specifically state Attorneys General (AGs) — have been even more vociferous in their calls for regulation in the form of mandatory age verification for social networking sites, which would cover a broad swath of online sites and activities according to their definitions of SNS. But the question that ultimately gets lost in this debate is: Just how much risk do social networking sites really pose for teens?  Which risks are real and which are overblown? And what’s the best way to deal with the risks that we find to be legitimate?

Nancy Willard devotes her life to answering those questions. Willard is one of America’s leading experts on online safety and risk prevention. She runs the Center for Safe and Responsible Internet Use and she is the author of two outstanding books, Cyberbullying and Cyberthreats and Cyber-Safe Kids, Cyber-Savvy Teens.  In my opinion, Willard’s general approach to online child safety is the most enlightened, level-headed, and likely to be effective. That’s because Willard focuses on putting fears in perspective, identifying the actual risks that kids face online, and devising sensible strategies to deal with risks and problems as they are discovered. Her approach is holistic and built upon sound data, targeted risk-identification strategies, and time-tested education and mentoring methods. For my money, it’s the most sensible approach to online safety issues. In fact, when other parents ask me for “just one thing” to read on the topic, I usually recommend Willard’s work — especially her amazing book Cyber-Safe Kids, Cyber-Savvy Teens. And her background in early childhood education, special education for “at risk” children with emotional and behavior difficulties, as well as experience in computer law, means she is uniquely suited to be analyzing these issues.  In sum, this is woman we should all be closely listening to on these issues.

Recently, Willard has been responding to criticisms that state AGs have leveled against the Internet Safety Technical Task Force (ISTTF) and its final report. [Disclaimer: I was a member of the ISTTF.] I’ve already outlined the ISTTF’s work at length here, but the three key takeaways from the report were that:

1. the risk of predation on social network sites has been over-stated; the data suggest that cyber-bullying is the bigger problem on SNS;
2. there is no silver-bullet technical solution to online child safety concerns, and mandatory age verification, in particular, would not make kids safer online but could even create bigger problems in the long-run;
3. education and empowerment are the real keys to keeping kids safer online.

The response from some state AGs to these findings was quite hostile, with some arguing that the ISTTF did not take online risks seriously enough, or that we relied on “outdated and inadequate” data in reaching our conclusions.  Willard addresses those arguments in a new white paper: “Research that is ‘Outdated and Inadequate?’ An Analysis of the Pennsylvania Child Predator Unit Arrests in Response to Attorney General Criticism of the Berkman Task Force Report.”  In this study, she analyzes data from arrest records from Pennsylvania’s Child Predator Unit to determine exactly how these individuals were operating online. Although it’s just one state’s worth of data — that’s all that seems to have been made publicly available in a single database at this time — it can give us a clue to what might be going on out there. The results are illuminating.

Here’s what Willard found:

The search yielded 143 responses. As noted by the Attorney General, 183 predators had been arrested. All of these arrests were described in the press releases dated from March 21, 2005 to January 13, 2009 – thus allowing for a full analysis of the arrests of sexual predators in the state Pennsylvania for the last 4 years by the Attorney General’s Child Predator Unit. The analysis of the arrests that involved predatory actions, excluding the arrests for child pornography, revealed the following:

• Only 8 incidents involved actual teen victims with whom the Internet was used to form a relationship.
  • In 4 of these incidents, teens or parents reported the contact. The other 4 cases were discovered in an analysis of the computer files of a predator who had been arrested in a sting operation. Five of the cases had led to inappropriate sexual contact. The other situations were discovered prior to any actual contact.
• There were 166 arrests as a result of sting activities where the predator contacted an undercover agent who was posing as a 12 – 14 year old, generally a girl.
  • The vast majority of the stings, 144, occurred in chat rooms. Eleven stings occurred through instant messaging. Nine of the arrests failed to specify the location, but the description bore significant similarity to the chat room incidents. One involved an advertisement that had been placed on Craig’s List.
  • There were only 12 reports of predators being deceptive about their age.
  • The descriptions of these chats incidents bear out what the research reviewed by the [ISTTF’s] Research Advisory Board found – that online predators are rarely deceptive about their interests.

Specifically,”Because the attorneys general have been focusing their attention on the social networking sites, MySpace and Facebook,” Willard made sure to give “special attention to any case that mentioned any activity occurring on either of these two sites.” Here’s what she found in that regard:

• One of the incidents involving an actual teen victim, communications took place on MySpace. This was a rearrest of a person who had already been arrested through a sting.
• A police officer who was arrested for sexual abuse of many teens with whom he had interacted with in the line of duty also had a MySpace account with friendship links to teen girl, but there was no assertion that these communications had led to sexual activity.
• One predator in a sting provided the agent with a link to his Facebook page.
• In 5 of the stings that took place in a chat room, reference was made to the fact that the predator had either looked at the teen’s MySpace account or suggested the teen look at his profile.

Importantly, Willard points out, “Despite the establishment of one or more public profiles on MySpace [by the PA Child Predator Unit], there has apparently not been one successful sting operation initiated on MySpace in the more than two years during which these sting profiles have been in existence.”

From these findings, Willard concludes that:

The insight gained through an analysis of the Pennsylvania Attorney General’s press releases on arrests for online sexual predation provide strong support for the validity of the conclusions of the Berkman Research Advisory Board and demonstrate the need for greater collaboration between law enforcement and researchers to address the actual risks to young people from sexual predators online.

In other words, the Pennsylvania data seem to confirm that predation is not as serious of a risk on SNS as some AGs had claimed. “It appears that chat rooms are far less safe than social networking sites and that there is limited inclination and ability of predators to use social networking sites to contact potential teen victims,” Willard notes. Consequently, she argues:

Attention must be paid to the obvious risks related to chat room communications, as well as the risk factors that are being manifested by the young people who may still be frequenting these chat rooms, especially the chat rooms where sexual relations are being discussed. It appears that rather than seek ways to discourage teens from participating in social networking sites, these sites are destinations that should be encouraged as much safe than the alternatives. A focus must be placed on improving the protective features of chat rooms that are frequented by minors.

We need to know more about which chat rooms are in question and why some youth visit those chat rooms. More importantly, how can we develop sensible messages for youth about the dangers of chat rooms that are targeted to adults and adult sexual activity?

But it is vitally important not to lose sight of the big picture here. As Willard summarizes it:

The incidents of online sexual predation are rare. Far more children and teens are being sexually abused by family members and acquaintances. It is imperative that we remain focused on the issue of child sexual abuse – regardless of how the abusive relationship is initiated.

Indeed, volumes of research on child abuse, child predation, and child abduction all point to this same conclusion: Your kids are actually more at risk from known acquaintances — especially family members — than they are from random strangers (including random strangers they might meet online).

Of course, this doesn’t mean we shouldn’t continue to develop sensible educational messages for youth about proper online behavior and how to report legitimate problems or troubling interactions that they experience online. Again, Willard has done this elsewhere and many of us (including those of us involved in the Berkman Center task force) have long been pushing for increased resources for online safety education and media literacy efforts as the first, best step towards improving online youth safety. We need to get AGs and other policymakers to work together with us to get this important task started — now!

Finally, Willard correctly notes that the AGs and other law enforcement agencies need to be willing to release more data like the Pennsylvania AG did such that further analysis of this problem is possible. If the AGs’ primary complaint with the ISTTF report was that the data we used was somewhat dated, then the best solution to that problem is for the AGs and other law enforcement agencies to open up their records to the child safety community so that risk researchers like Willard can get a better feel for what’s going on out there and devise strategies to deal with it.  Unfortunately, there’s still too much horn-locking going on between these communities and, sadly, I think some AGs are using this issue to create an atmosphere of fear for political gain. We need to find ways to communicate actual risks — such as those that kids would face in some specific, adult-oriented chat rooms — without going overboard and making parents and the general public think that there’s a bogeyman on every cyber-corner of the Internet.

[ Further reading: As usual, my friend Anne Collier over at Net Family News.org has done a much better job summarizing an issue than I have. Read her discussion of Nancy Willard’s paper and its implications here.]

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.