This week I will again be attending the Family Online Safety Institute’s excellent annual summit. The 2-day affair brings together some of the world’s leading experts on online safety and privacy issues. It’s a great chance to learn about major developments in the field. As I was preparing for the session I am moderating on Thursday, I thought back to the first FOSI annual conference, which took place back in 2007. What is remarkable about that period compared to now is that there was a flurry of legislative and regulatory activity related to online child safety then that we simply do not see today.

In fact, just 3 1/2 years ago, John Morris of the Center for Democracy and Technology and I compile a legislative index [summary here] that cataloged the more than 30 legislative proposals that had been introduced in the the 110th session of Congress. There was also a great deal of interest in these issues within the regulatory community. Finally, countless state and local measures related to online safety and speech issues had been floated. Today, by contrast, it is hard for me to find any legislative measures focused on online safety regulation at the federal level, and I don’t see much activity at the agency level either. I haven’t surveyed state and local activity, but it seems like it has also died down.

Generally speaking, I think this is a good development since I am opposed to most proposals to regulate online speech, expression, or conduct. But let’s ignore the particular wisdom of such measures and ask a simple question: What explains the decline in Internet safety legislation and online content regulation? I believe there are three possible explanations:

1) The effectiveness of education and awareness-building strategies

I would like to believe that all the efforts made by various groups and individuals (including myself) to encourage policymakers to adopt  “Educate & Empower” approaches over “Legislative & Regulate” approaches are finally bearing fruit. The first instinct for many policymakers is to legislate immediately and then worry about the consequences later (if at all). But such approaches, no matter how well-intentioned, often backfire and have myriad unintended consequences (including the problem addressed next). So, perhaps it is the case that lawmakers and regulators are finally coming to realize that education and awareness approaches — married to empowerment-based efforts — are actually the more sensible approach compared to a flurry of legislative measures that ultimately accomplish very little.

2) The deterrent effect of inevitable and lengthy constitutional challenges

Here are two things I know for certain: First, almost every Internet-related measure faces a constitutional challenge, typically on First Amendment grounds (but sometimes also on Sec. 230 grounds). Second, most of those challenges succeed. I don’t have hard stats to back up this assertion, but I’d bet that there are few areas of modern law that have witnessed a higher percentage of successful constitutional challenges in recent years than the field of cyberlaw.  Taking that as a given, one must assume that at some point it becomes a deterrent to additional state action in this field.  Why waste years legislating and regulating if it is all enjoined and then overturned a short time later?

3) Resurgence of privacy as major policy issue and the emergence of cybersecurity as a policy issue

It could also be that case that privacy policy crowds out congressional interest in online safety legislation. In fact, it seems like these issues often move in opposing waves. When a wave of online safety legislative and regulatory activity is cresting, interest in privacy policy seems to fall. That certainly seemed to be the case between roughly 2005 and 2008 when online safety dominated congressional debates and privacy was hardly on the radar.  Today the reverse is true. Privacy has been the dominant Internet policy issue of the past year or so. It is sucking all the oxygen out of the room — whether that room is a congressional hearing room, a regulatory agency event, or even academic conferences.

Importantly, cybersecurity has rapidly emerged as a major new fault line in Internet policy debates. It, too, is eating up a lot of the “attention bandwidth” available among policymakers today.  And intellectual property matters always seem to be percolating out there.

It is my belief that because some of these Net policy issues are so complicated, policymakers are sometimes discouraged from doing a “deep dive” on them. To the extent they do, it seems unlikely that lawmakers are willing to invest serious time in more than a couple of these arcane matters at one time. Also, don’t forget how busy the relevant committees (Commerce and Judiciary) are with other, not tech policy-related matters. On any given legislative day, they could be handling a wide range of other policy issues that crowd out the amount of attention they can devote to Net policy matters, which are often far down the list of legislative priorities. Again, I’m generally pretty happy about that fact! I’d rather lawmakers go slow on these issues, whether the slow pace of the action is intentional or not.

So, what do you think? Are there other possible explanations for why we’ve seen less activity on the online safety / Internet content regulation front in recent years?

On June 29th, The Progress & Freedom Foundation (PFF) and the Family Online Safety Institute (FOSI) will co-host a National Press Club briefing entitled “Sending an Online Safety Message to Congress.” This event will feature a discussion about the recently released report of the Online Safety and Technology Working Group (OSTWG), “Youth Safety on a Living Internet.”  OSTWG — a congressionally-mandated blue ribbon working group — analyzed the state of online child safety and offered policymakers and parents a wide array of recommendations for how to keep kids safe and secure in today’s “always-on,” interconnected world. [For more background on OSTWG and our final report, see this post.]  Several OSTWG leaders will be on hand to discuss the report and outline the next steps that need to be taken on this front. Here are the details.

To Register: Space is limited, so an RSVP is required to attend. Please register here.

Emerson once said that we should do the thing we fear, and then death of fear is certain. Similarly, parents that fear their child’s use of technology can use technology themselves to monitor, filter and block their children’s Internet use.

I’m a member of the NTIA Online Safety and Technology Working Group (OSTWG) along with TLF’s Adam Thierer (Mr. President of PFF). Adam organized our third meeting was on parental controls, child protection technologies and content rating methods.  He organized a wealth of speakers to discuss tools available from ISPs, tools existing in operating systems, browsers, and search, and settings that exist in some social networking websites.

Here are the highlights:

• Safety experts praised AOL’s parental tools that don’t report to parents every site that a child visits. Child abuse, contraception, and other sites are the kinds that many people feel children have legitimate privacy (and in abusive situations even safety concerns for their lives) surrounding the sites they visit.
• A representative from the Department of Education asked about “best practices” — a good idea in concept but given the diversity of online sites and services easier said then done.
• It is common to categorize children into age groups for parental controls but there’s data lacking about how children understand advertising and what is the harm, if any.
• Age groups: 7 and below–white list only. 7-12–no white list only but lots of restrictions. 13-17–very permissive, lots of sites accessible. 17+–only porn images blocked.
• Google will soon be launching a national media digital literacy citizenship campaign.
• FTC will release its virtual worlds report on Dec 10. There is an OECD conference on e-commerce on Dec 8-10.
• “Report abuse” icons on websites are often themselves abused and result in false positives and false reporting. Uniform buttons won’t work.
• The FCC wants to know why the V-Chip uptake has not been greater and has been ineffective (can comment on the FCC’s NOI).
• Carrie James, a Harvard researcher, has a report that shows that a higher percentage of kids that play online video games are more ethical than their peers that do not (due to the community that’s created playing games).

Next time we’ll be discussing data retention issues and what this means for child safety.

This video from a puppet maker in Australia has an interesting take on the fear-mongering that often drives public policy for Internet safety. The video does a good job of putting into perspective the real risk to kids of online predation.

For instance, we often hear the scary statistic that “1 in 5 children are sexually solicited online.” This was based on data originally released by the National Center for Missing and Exploited Children (NCMEC). It’s since been updated to 1 in 7, which still sounds bad, but not so bad in perspective — what does solicitation mean, and by whom? Well, “solicitation” is broadly defined to mean “unwanted contact.” In the study, it encompasses any unwanted discussion of a sexual nature. But the real perspective comes from learning 90% of this unwanted contact comes from other peers or young adults! So, it’s rarely the creepy perverted middle-age man in a wife beater t-shirt — even though the messaging from many policymakers focuses almost entirely on this scenario.

The latest edition (Version 4.0) of my PFF special report on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now up.  For those not familiar with the report, it explores the market for parental control tools, rating schemes, education and media literacy efforts, and various other tools, methods, and initiatives aimed at promoting online child safety.  After evaluating that state of this market, I conclude: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”  Moreover, I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation.

Version 4.0 of the report is now over 250 pages long (up from 200 pages in Version 3.0) and it contains almost 70 exhibits (up from 50), 725 references (up from roughly 500), and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. Other new sections or appendices have also been added to the report, including:

• a new section examining how many households really need parental control tools;
• a new appendix on the downsides of mandatory parental controls and restrictive default settings;
• a new section on the dangers of “deputizing the online middleman” solution as an approach to solving child safety concerns;
• a new appendix reviewing the findings of 5 past online safety task forces;
• … and much more.

I issue major updates once a year and 1 or 2 minor tweaks during the course of the year to reflect the evolution of the parental control and online child safety marketplace and debate. The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past couple of years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

Maine has just enacted a law severely restricting marketing to kids: the Act To Prevent Predatory Marketing Practices against Minors, summarized by Covington & Burling. Adam and I released a major paper in June about such laws: COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech. Maine is following the lead of several other states that have tried to expand the Children’s Online Privacy Protection Act (COPPA) of 1998 to cover nost just kids under 13 but adolescents as well and potentially all social networking sites. We discussed at length the problems such laws create, particularly the possibility that large numbers of adults would, for the first time, be subject to age verification mandates before accessing (or participating in) the growing range of sites with social networking capabilities.  This, in turn, would significantly “chill” free speech online by undermining anonymity.

Like COPPA 2.0 proposals in New Jersey (simply extending COPPA to cover adolescents) and Illinois (applying COPPA to most social networking sites), the Maine law tries to build on COPPA’s “verifiable parental consent” requirement for the 13-17 audience as well as those under 13.

On the one hand, the Maine law goes much further than these other COPPA 2.0 proposals. While the original bill was limited to the Internet and wireless communications, the final bill’s scope applies to all communications.  The bill also covers “health-related” information (HRI) as well as “personal information” (PI). On the other hand, the Maine law is thus somewhat narrower than other COPPA 2.0 proposals and COPPA itself in that it applies only to “marketing or advertising products, goods or services.” While COPPA is commonly misunderstood to cover only marketing, it actually covers essentially any “collection” (broadly defined) of personal information from kids for any purpose—including merely giving kids access to communications functionality that might let them share personal information with other users (even if the site itself is not “collecting” that information in the commonly understood sense).

Verifiable parental consent is required for collection of HRI or PI (§ 9552(1)). So far, the Maine law is clearly trying to stick to the basic COPPA model while expanding its application to adolescents, health information and the offline world. (Indeed, the law concludes by authorizing the state AG to bring enforcement actions for violations of COPPA, as COPPA itself allows.) But the Maine law goes much further by banning:

• The transfer of HRI/PI to third parties if it “individually identifies the minor” (§ 9552(2)); and
• The use of HRI/PI “for the purpose of marketing a product or service to that minor or promoting any course of action for the minor relating to a product” (§ 9553).

It’s unclear what either prohibition will mean in practice. Obviously, if the law imposed a complete ban on the use of HRI/PI, there would be no point to obtaining verifiable parental consent in the first place! Thus, the law seems to contemplate that the prohibition on transferring individually identifying information would leave data-collectors free to transfer de-identified data once they’ve obtained verifiable parental consent for the initial collection. I’m no marketing expert but I imagine that Maine legislators were trying to ban the sale of lists that identify individual kids, while allowing the use of de-identified data for, say, analyzing patterns of interests among kids.

It’s less clear what the use-prohibition (§ 9553) actually means. Would it allow kids-oriented marketing based on aggregated de-identified information? If so, what would that actually mean in the real world? Would that be a distinction without a difference by effectively shutting down legitimate marketing most people would find unobjectionable, harmless, or even very helpful? If the law wouldn’t even allow such use of aggregate data, why, again, would any company ever bother obtaining parental consent?

Indeed, the Association of National Advertisers has interpreted this provision as amounting to an outright ban, regardless of parental permission, and points out that the bill:

would seemingly cut off “minors”‘… from being marketed to about colleges and universities, testing services such as the SAT and ACT, test prep services, class rings, among many other potential categories.

ANA vows to “have the law abrogated or modified so that it will not continue to place such extraordinarily broad restrictions on marketers, when the legislature reconvenes” in January—even though the law goes into effect in mid-September. They could challenge the law on a number of grounds in the courts.

While the First Amendment analysis of commercial free speech rights doubtless be complicated, a simpler argument could be brought on Dormant Commerce Clause grounds: Under the Supreme Court’s 1970 decision in  Pike v. Bruce Church, if “the burden imposed . . . is clearly excessive in relation to the putative local benefit, and if the local interest can be promoted by other regulations that have a lesser impact on interstate activities,” the court may strike down a state law that burdens interstate commerce. Indeed, the courts have struck down a number of Internet-related state laws on such grounds.

Insofar as Maine’s law affects online communications, it could be struck down on Dormant Commerce Clause grounds by forcing out-of-state websites to treat users in Maine differently—or to treat all users as if they were in Maine. To some extent, this will depend on how the statute is actually construed. COPPA applies both to knowing collection and to collection through child-oriented sites like Club Penguin (because the operator should know that they are collecting information from a child), but the Maine law applies only to knowing collection. If the statute is narrowly construed, this would mean that only websites that ask user for their age (say, in setting up a social networking profile) would generally be affected. A broader reading might affect websites that are oriented towards, or simply popular among, minors, in which case sites would essentially be forced to age verify all users (as with other COPPA 2.0 proposals). While this seems unlikely given the meaning generally attached to the word “knowing” in American law, even the narrow reading would affect many social networking sites.

The other major unanswered question lies in how broadly the term “individually identifiable information” would be construed. Like COPPA, the Maine law covers all such information, but rather than define this term exhaustively, the laws simply provide a few more specific categories of examples. Maine’s list differs from COPPA’s in that it does not include e-mail addresses, telephone numbers, screen names, or other contact information. But the list does include names, and this is enough to implicate profile-basedsocial networks like Facebook. If construed more broadly, the Maine law could affect other website operators.

In any event, if websites have to try to accomodate Maine’s law, they might have to track user location to ensure that they comply with Maine law.  As we noted in our paper:

If a site relied only on location information provided by the user, adolescents would quickly learn to lie about what state they live in just as children have learned to lie about how old they are to avoid triggering COPPA’s “actual knowledge” requirement.  Alternatively, websites could attempt to determine a user’s location automatically based on their IP address, but such “IP geocoding” is not always accurate and can be subverted by use of a proxy.

Finally, in case you were wondering where this bill came from, here’s the purpose statement for the original bill:

This bill addresses the current practices of persons using the Internet and other wireless communications devices, with or without promotional incentives, to acquire health-related information about minors and then using that information unscrupulously. Under this bill, it is unlawful to solicit or collect health-related information about a minor who is not emancipated without the express written consent of the minor’s parent or guardian, to transfer any health-related information that identifies a minor or to use any of that information to market a product or service to a minor regardless of whether or not the information was lawfully obtained. Unlawful marketing includes promoting a course of action relating to a product.

If a challenge is brought in court, the state will have to be a lot more specific about defining the harm at issue than merely asserting that information is being collected and might be unsed “unscrupulously.” As the Supreme Court declared in the 1993 case of Edenfield v. Fane, the government’s burden in justifying a restrictions on even commercial speech (which is accorded less protection than non-commercial speech):

is not satisfied by mere speculation or conjecture; rather a governmental body seeking to sustain a restriction on commercial speech must demonstrate that the harms it recites are real and that its restriction will in fact alleviate them to a material degree.

In short, this new law raises many legal and practical questions. I’ll be watching closely to see how any effort have the law amended or challenged in court plays out.  I suspect we’ll see more states following Maine’s lead if this law stands in its current form.

Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced the members of the new Online Safety and Technology Working Group (OSTWG).  I am honored to be among those chosen to participate in this new task force and I look forward to continuing the work started last year with the Harvard Berkman Center’s Internet Safety Technical Task Force (ISTTF), which I also served on.   I was very proud of the work done by the ISTTF and the impressive final report that Prof. John Palfrey crafted to reflect our findings.  I am eager to investigate these issues further and take a look at the latest research and technologies that can help us better understand how to protect our kids online while also protecting the free speech and privacy rights of Netizens.

The new NTIA working group, which was established under the “Protecting Children in the 21st Century Act,” will report to the Assistant Secretary of Commerce for Communications and Information on industry-implemented online child safety tools and efforts. Within a year of convening its first meeting, the group will submit a report of its findings and make recommendations on how to increase online safety measures.

Below the fold I have listed the complete roster of OSTWG task force members.  I very much looking forward to working with this outstanding group.  And I’m happy to report that my TLF blogging colleague Braden Cox will be joining me on this task force!

Ms. Parry Aftab, WiredSafety Ms. Elizabeth Banker, Yahoo! Inc. Mr. Christopher Bubb, AOL Ms. Anne Collier, Net Family News, Inc./ConnectSafely.org Mr. Braden Cox, NetChoice Coalition Ms. Caroline Curtin, Microsoft Mr. Brian Cute, Afilias U.S.A. Mr. Jeremy Geigle, Arizona Family Council Ms. Marsali Hancock, Internet Keep Safe Coalition Mr. Michael Kaiser, National Cyber Security Alliance Mr. Christopher Kelly, Facebook Mr. Brian Knapp, Loopt, Inc. Mr. Timothy Lordan, Internet Education Foundation Mr. Larry Magid, SafeKids.com/ConnectSafely.org Mr. Brian Markwalter, Consumer Electronics Association Mr. Michael McKeehan, Verizon Communications, Inc. Dr. Samuel McQuade, III, Rochester Institute of Technology Ms. Orit Michiel, Motion Picture Association of America, Inc. Mr. John Morris, Center for Democracy & Technology Mr. Jonathon Nevett, Network Solutions, LLC Mr. Hemanshu Nigam, MySpace/Fox Interactive Media Ms. Jill Nissen, Ning, Inc. Mr. Jay Opperman, Comcast Corporation Mr. Kevin Rupy, United States Telecom Association Mr. John Shehan, National Center for Missing & Exploited Children Mr. K. Dane Snowden, CTIA – the Wireless Association Mr. Adam Thierer, Progress & Freedom Foundation Ms. Patricia Vance, Entertainment Software Rating Board Mr. Ralph Yarro, The CP80 Foundation

• denotes co-chairs of the task force

Just wanted draw everyone’s attention to a couple of great podcasts about online safety issues that include comments from members of the Internet Safety Technical Task Force (ISTTF). As I mentioned a few weeks ago, the ISTTF project and final report represent a major milestone in the discussion about online safety in America, and I was honored to serve as a member of this task force.

This in-depth “Radio Berkman” podcast featuring ISTTF director John Palfrey and co-director Dena Sacco is a really excellent (but lengthy!) overview of the ISTTF’s word. Here’s a shorter podcast that Prof. Palfrey did with Larry Magid of CNet. And I also recommend this excellent NPR “On the Media” podcast featuring my friend Stephen Balkam of the Family Online Safety Institute (FOSI).

For those interested, down below you will find a running list I have been keeping of coverage of the ISTTF. (I will try to keep updating this list here).

Articles and podcasts about the ISTTF:

• ISTTF director John Palfrey discusses the report on this short podcast with Larry Magid as well as this longer one from the Berkman Center
• ISTTF co-director danah boyd comments on the report on her blog
• ISTTF member Larry Magid of ConnectSafely.org: “Net Threat to Minors Less Than Feared,” CNet News.com
• ISTTF member Anne Collier of Net Family News: “Key Crossroads for Net Safety“
• ISTTF member Stephen Balkam of FOSI featured on an NPR podcast about our work
• ISTTF member John Morris of CDT: “Deconstructing Reaction to Net Safety Task Force Report“
• ISTTF member Marsali Hancock, President of iKeepSafe blog essay about the task force
• AGs respond to report in interview with Emily Steel of the Wall Street Journal: “The Case for Age Verification“
• New York Times article by Brad Stone: “Report Calls Online Threats to Children Overblown“
• Wall Street Journal article by Emily Steel: “No Easy Answer for Protecting Kids Online“
• Associated Press story by Anick Jesdanun: “Panel: Technology Alone Can’t Protect Kids Online“
• Chronicle of Higher Education Wired Campus blog entry by Tracy Mitrano, “Report Weighs the Benefits and Risks of Social Networks,”
• PC World article by Jaikumar Vijayan: “Study Accused of Exaggerating Kids Online Safety“
• PC World blog post by Jaikumar Vijayan: “Are Internet Child Safety Concerns Overblown or Understated?”

Background info:

• an old blog entry of mine about the formation of the task force
• an old paper of mine about the agreement between MySpace and AGs that led to the formation of the ISTTF
• an essay of mine from the ISTTF’s mid-point: “Age Verification Debate Continues; Schools Now at Center of Discussion“
• my big white paper on the dangers of mandatory age verification
• my book: “Parental Controls and Online Child Protection: A Survey of Tools and Methods”
• my final ISTTF statement

The Internet Safety Technical Task Force (ISTTF), which was formed a year ago to study online safety concerns and technologies, today issued its final report to the U.S. Attorneys General who authorized its creation. It was a great honor for me to serve as a member of the ISTTF and I believe this Task Force and its report represent a major step forward in the discussion about online child safety in this country.

The ISTTF was very ably chaired by John Palfrey, co-director of Harvard University’s Berkman Center for Internet & Society, and I just want to express my profound thanks here to John and his team at Harvard for doing a great job herding cats and overseeing a very challenging process. I encourage everyone to examine the full ISTTF report and all the submissions, presentations, and academic literature that we collected. [It’s all here.] It was a comprehensive undertaking that left no stone unturned.

Importantly, the ISTTF convened (1) a Research Advisory Board (RAB),which brought together some of the best and brightest academic researchers in the field of child safety and child development and (2) a Technical Advisory Board (TAB), which included some of America’s leading technologists, who reviewed child safety technologies submitted to the ISTTF. I strongly recommend you closely examine the RAB literature review and TAB assessment of technologies because those reports provide very detailed assessments of the issues. They both represent amazing achievements in their respective arenas.

There are a couple of key takeaways from the ISTTF’s research and final 278-page report that I want to highlight here. Most importantly, like past blue-ribbon commissions that have studied this issue, the ISTTF has generally concluded there is no silver-bullet technical solution to online child safety concerns. The better way forward is a “layered approach” to online child protection. Here’s how we put it on page 6 of the final report:

The Task Force remains optimistic about the development of technologies to enhance protections for minors online and to support institutions and individuals involved in protecting minors, but cautions against overreliance on technology in isolation or on a single technological approach. Technology can play a helpful role, but there is no one technological solution or specific combination of technological solutions to the problem of online safety for minors. Instead, a combination of technologies, in concert with parental oversight, education, social services, law enforcement, and sound policies by social network sites and service providers may assist in addressing specific problems that minors face online. All stakeholders must continue to work in a cooperative and collaborative manner, sharing information and ideas to achieve the common goal of making the Internet as safe as possible for minors.

In sum, education and empowerment are the real keys to keeping kids safer online. We all need to work harder to mentor our children and help them develop the skills and good old fashion common sense to make smart decisions online. Technical tools can supplement — but can never supplant — education, parental guidance, and better mentoring.

Still, this was a task force that primarily came about after state attorneys general (AGs) had been incessantly pressuring social networking sites like MySpace and Facebook to adopt age verification technologies as a solution to online child safety concerns. Specifically, fears about online predators — driven largely by the moral panic whipped up by shows like NBC’s “To Catch a Predator” — prompted calls for mandatory age verification for social networking sites.

So, what did the final ISTTF report have to say about mandatory age verification. Answer: Probably not as much as the AGs were hoping for, and what we did say they may not like to hear.

First, the ISTTF’s Research Advisory Board conclusively proved the primary online safety issue today is peer-on-peer cyber-harassment, not adult predation. Mandatory age verification would do nothing to stop cyberbullying. Indeed, the lack of adult supervision may even exacerbate the problem.

Second, after reviewing various age verification solutions, the ISTTF’s Technical Advisory Board concluded:

Age verification and identity authentication technologies are appealing in concept but challenged in terms of effectiveness. Any system that relies on remote verification of information has potential for inaccuracies. For example, on the user side, it is never certain that the person attempting to verify an identity is using their own actual identity or someone else’s. Any system that relies on public records has a better likelihood of accurately verifying an adult than a minor due to extant records. Any system that focuses on third-party in-person verification would require significant political backing and social acceptance. Additionally, any central repository of this type of personal information would raise significant privacy concerns and security issues.

As a result, our final report concluded that:

The Task Force does not believe that the Attorneys General should endorse any one technology or set of technologies to protect minors online. Instead, the Attorneys General should continue to work collaboratively with all stakeholders in pursuing a multifaceted approach to enhance safety for minors online.

Then, on pages 28-31, we go into more detail about age verification, finding that:

[Age verification] approaches are less effective in the child safety context — in other words, at creating safe environments for minors — than in the context of completing financial transactions or regulating purchases, especially to the extent that identity authentication and age verification focus solely upon adults. The reasons for this include the fact that in the commercial and financial contexts, an adult typically wants to verify his or her identity correctly in order to purchase a product or get access to records. Moreover, when adults purchase regulated items (such as alcohol or tobacco) online, in some cases a second form of age verification occurs when the item is delivered.

The identity authentication and age verification solutions that authenticate or verify only adults could be and are already sometimes used to reduce minors’ access to adult-only sites. Because they do not authenticate or verify minors, however, they cannot be used to create environments for minors that require authentication or verification prior to access. To the extent that an adult nonetheless uses his or her own verifiable information when accessing an environment intended only for minors, these technologies could enhance the ability of Internet service providers and social network sites to exclude that adult. Of course, it seems unlikely that an adult with nefarious purposes would proceed in this manner. Thus, while these types of identity authentication and age verification technologies may be helpful for other purposes, they do not appear to offer substantial help in protecting minors from sexual solicitation.

And there’s far more detail following this passage from the final report, so please read that section for additional discussion.

Again, some AGs may not like to hear all this but these were near-consensus findings of the Task Force. And, if anything, the Task Force probably did not far enough to show why mandatory age verification will not work and how age verification will actually make kids less safe online. In my final statement to the Task Force, this is what I spent my time focusing on. I outlined the dangers of age verification as well as 10 questions about age verification that the AGs must answer if they persist in this pursuit of a technological Holy Grail. I have embedded my entire expanded final statement down below as a Scribd document, but here are the key reasons I believe mandatory age verification represents a dangerous solution to online child safety concerns:

Again, although the Task Force didn’t go quite as far as I would have liked in terms of making clear the dangers associated with mandatory age verification, I think our final report reflects the general skepticism among Task Force members about taking that path or relying too heavily on any single, silver-bullet technical approach to online child safety concerns. Again, this is real progress; a sensible step forward in the discussion about keeping our kids safe online.

I hope policymakers will take a close look at our conclusions and recommendations and take them seriously. We need to stop wasting so much time searching for silver bullets and start getting more serious about how to better mentor our kids so that they can be good — and safe — digital citizens. Education, not regulation, is the key.

Below I have linked to some background essays about the Internet Safety Technical Task Force as well as additional thoughts by fellow task force members or reporters. I’ll add to it as I see new things in coming days.

Additional thoughts / articles about the ISTTF:

• ISTTF director John Palfrey discusses the report on this short podcast with Larry Magid as well as this longer one from the Berkman Center
• ISTTF co-director danah boyd comments on the report on her blog
• ISTTF member Larry Magid of ConnectSafely.org: “Net Threat to Minors Less Than Feared,” CNet News.com
• ISTTF member Anne Collier of Net Family News: “Key Crossroads for Net Safety“
• ISTTF member Stephen Balkam of FOSI featured on an NPR podcast about our work
• ISTTF member John Morris of CDT: “Deconstructing Reaction to Net Safety Task Force Report“
• ISTTF member Marsali Hancock, President of iKeepSafe blog essay about the task force
• AGs respond to report in interview with Emily Steel of the Wall Street Journal: “The Case for Age Verification“
• New York Times article by Brad Stone: “Report Calls Online Threats to Children Overblown“
• Wall Street Journal article by Emily Steel: “No Easy Answer for Protecting Kids Online“
• Associated Press story by Anick Jesdanun: “Panel: Technology Alone Can’t Protect Kids Online“
• Chronicle of Higher Education Wired Campus blog entry by Tracy Mitrano, “Report Weighs the Benefits and Risks of Social Networks,”
• PC World article by Jaikumar Vijayan: “Study Accused of Exaggerating Kids Online Safety“
• PC World blog post by Jaikumar Vijayan: “Are Internet Child Safety Concerns Overblown or Understated?”

Background info:

• an old blog entry of mine about the formation of the task force
• an old paper of mine about the agreement between MySpace and AGs that led to the formation of the ISTTF
• an essay of mine from the ISTTF’s mid-point: “Age Verification Debate Continues; Schools Now at Center of Discussion“
• my big white paper on the dangers of mandatory age verification
• my book: “Parental Controls and Online Child Protection: A Survey of Tools and Methods”
• my final ISTTF statement, which is also embedded below as a Scribd document…

My friend Larry Magid, one of America’s leading Internet safety experts, has an outstanding column over at the Yahoo Kids “Connected Parent” site entitled “Is the Internet as Dangerous as Drunk Driving?” In it, he discusses the surprising results of a recent survey of 1,000 moms of teenagers commissioned by McAfee and conducted by Harris Interactive which found that “about two-thirds of mothers of teens in the United States are just as, or more, concerned about their teenagers’ online safety, such as from threatening emails or solicitation by online sexual predators, as they are about drunk driving (62 per cent) and experimenting with drugs (65 per cent).”

Like Larry, I was a bit shocked that so many mothers would equate online safety with the dangers of drunk driving. After all, as Larry proves, the relative risks aren’t even close:

While moms have good reason to be concerned about how their teens use the Internet, online dangers pale compared to the risks of drunk driving. In 2007, 6,552 people were killed in auto accidents involving young drivers (16-20), according to the National Highway Transportation Safety Administration (NHTSA). In 2006, nearly a fifth (18%) of the 7,643 15- to 20-year-old drivers involved in fatal traffic crashes had a blood had a blood alcohol concentration of .08 or higher. Perception of Internet danger has been heightened thanks to the TV show “To Catch a Predator” and inaccurate reports such as “one in five children have been sexually solicited by a predator.” That statistic is a misquote from a 2000 study by the Crimes Against Children Research Center. The data (which, based on a 2005 follow-up study was revised to one in seven) is based on a survey that asked teens if they had in the last year received an unwanted sexual solicitation. But many (possibly most) of those solicitations were from other teens, not from adult predators. What’s more most recipients didn’t view them as serious or threatening, “almost all youth handled the solicitations easily and effectively” and “extremely few youth (two out of 1500 interviewed) were actually sexually victimized by someone they met online,” reported the authors of the study. Other studies have shown that “the stereotype of the Internet child molester who uses trickery and violence to assault children is largely inaccurate” (Wolak, Finkelhor & Mitchell, 2004). In a survey of law enforcement investigators of Internet sex crimes, it was reported that only 5% of offenders pretended to be teens when trying to meet potential victims online.

Those of us who work on Internet policy issues need to do a better job of helping the press and public put online safety risks in proper perspective. Misguided Internet legislation is often premised upon irrational or conjectural fears. Unfortunately, a lot of average moms have been swayed by misperceptions, many of which have been driven by the press or public interest groups that favor more regulation of the Net.

Earlier this year, I mentioned an outstanding book that John Palfrey of the Berkman Center for Internet & Society at Harvard Law School co-edited entitled Access Denied: The Practice and Policy of Global Internet Filtering.  It’s an excellent resource for anyone studying the methods governments are (unfortunately) using to stifle online expression across the globe.  It’s one of the most important technology policy books of the year.

Well, it looks like John Palfrey will have a second title on this year’s “Best Tech Books” list.  I’ve just finished his new book with his Berkman Center colleague Urs Gasser, Born Digital: Understanding the First Generation of Digital Natives, and it is definitely worthy of your attention. In my book review posted today on the City Journal’s website, I argue that “Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.”  It’s a comprehensive and very even-handed discussion about a variety of concerns or Internet pathologies, including: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and much more.

My City Journal review is down below, but in coming weeks I will be posting some additional thoughts about some specific things in the book worthy of more attention (including a few things I disagreed with).  Overall, I’d say Born Digital is a close runner-up in the race for “Tech Book of the Year,” closely trailing Jonathan Zittrain’s Future of the Internet and How to Stop It (which I have reviewed multiple times) and Nick Carr’s The Big Switch.  But I found far more to agree with in Born Digital than I did in those two books.  Highly recommended.

Understanding Our Digital Kids A new book offers a guide for mentoring the children of the Web.

a book review by Adam D. Thierer of

Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser (Basic Books, 288 pp., $25.95)

City Journal 10 October 2008

You can’t blame parents today if they think that their children have been assimilated into the Borg or are living in the Matrix. Members of the “always on, always connected” generation have surrounded themselves with digital devices and networks and colonized cyberspace in the process. Meanwhile, back in “meatspace,” many Analog Era parents scratch their heads, trying to make sense of these momentous changes and what they mean for their kids and society.

Answers are available in Born Digital: Understanding the First Generation of Digital Natives, by John Palfrey and Urs Gasser, both of the Berkman Center for Internet & Society at Harvard Law School. Each chapter in the book addresses a different parental concern or Internet pathology: online safety, personal privacy, copyright piracy, offensive content, classroom learning, and more. Palfrey and Gasser aim “to separate what we need to worry about from what’s not so scary, (and) what we ought to resist from what we ought to embrace.”

The authors offer a balanced treatment of these issues—almost to a fault, in that they occasionally fail to develop fully their own positions. Of course, as they repeatedly—and correctly—note, often these thorny questions have no easy answers. “The hard problem,” they point out, “is how to balance caution with encouragement: How do we take effective steps to protect our children, as well as the interests of others, while allowing those same kids enough room to figure things out on their own?”

If there is a single solution, they argue, it’s education. The authors want parents, educators, and lawmakers to do more to engage the digital generation in a dialogue, instead of leaving it to fend for itself. “The traditional values and common sense that have served us well in the past will be relevant in this new world, too,” they maintain. But Palfrey and Gasser don’t rule out additional tools and methods, including technical controls, industry self-regulation, social norms, and even government action.

Consider online privacy concerns. “Never before has so much information about average citizens been so easily accessible to so many,” they note—and particularly when it comes to our kids. Despite the growing amount of online information about our kids (“digital dossiers”) and other potential threats to privacy, Palfrey and Gasser counsel prudence: “The answer . . . is not to avoid the networked publics in which so many people—especially Digital Natives—are leading their lives. Instead, we need to develop more nuanced ways to navigate these new publics.” Though “there is no single, simple answer,” they argue that “parents, peers, teachers, and mentors [all] have a role to play” to encourage youngsters to protect their information and identities. Most importantly, the digital natives must learn to use common sense when sharing information online.

The authors advocate the same reasoned approach when it comes to online child safety. The safety risks have often been greatly overstated—or at least largely misunderstood—by parents and policymakers. “The data do not suggest that the world is a more dangerous place for young people” because of the Internet, the authors contend. Most of the problems we see online today—cyber-bullying, for example—are really just old problems playing out on new platforms. “Involved parenting” and “open and honest conversations” are the most sensible responses, but intervention strategies by others—including kids’ peers—may be another part of the solution. Parental empowerment tools and industry self-regulation can help, too.

Palfrey and Gasser are open to government playing a role in some cases. They believe “governments should restrict the production and dissemination of certain types of violent content in combination with instituting mandatory, government-based ratings of these materials.” They also call for greater liability for online service providers and social networking sites to encourage them to crack down on potential dangers to children. Given their vagueness, however, both proposals would likely smash into serious First Amendment roadblocks that the authors fail to explore fully.

Palfrey and Gasser view government action less favorably when it comes to combating copyright piracy. “Creativity is the upside of this brave new world of digital media,” they suggest, but “the downside is law-breaking. The vast majority of Digital Natives are currently breaking copyright laws on a regular basis.” But what should we do about piracy? Palfrey and Gasser sidestep some of the underlying ethical issues and bluntly declare that “the goal should be for copyright holders, technologists, and their customers to exchange royalty checks with one another instead of legal complaints.” Yes, but what happens when many refuse to pay even one penny for copyrighted content, as often happens today? Education can encourage youngsters to obey the law, but difficult questions remain about how to deal with those who won’t play by the rules.

In chapters debating the Internet’s impact on learning and culture, the authors worry about shortening attention spans and the rise of a “cut-and-paste culture,” due to the immediate gratification provided by Google searches, Wikipedia, blogs, and instant messaging. On the other hand, they rightly underscore how “Digital Natives are quite sophisticated in the ways that they gather information” and are learning “sophisticated information-gathering and information-processing skills,” while also creating content and sharing information with peers in ways unimaginable just a generation ago.

It will be fascinating to see what impact these changes have on digital natives as they get older and become parents themselves. Regardless, Palfrey and Gasser’s fine early history of this generation serves as a starting point for any conversation about how to mentor the children of the Web.

Update Feb. 2009: I hosted a TLF podcast featuring Prof. Palfrey and discussed this book with him. Listen here.

Just FYI, the latest update of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods” is now live. The new version, Version 3.1, provides minor updates to all sections of the book and a new appendix of relevant research in the field. I issue major updates early each year and 1 or 2 tweaks during the course of the year to reflect the evolution of the parental control and online child safety market and debate.

For those not familiar with the report, it explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

The report is available free-of-charge on the PFF website, and the previous editions of the report are housed there too in case you want to see how it has evolved over the past two years. For those interested in taking a quick look at the report, I have embedded it down below the fold as a Scribd file. Finally, as is always the case, I encourage readers to send me updates and suggestions for how to improve the report and I will incorporate them into future versions.

Over at Ars, Ben Kuchera has a review of Ask.com’s redesign of its web portal for kids, AskKids.com. It’s a great new addition to the growing list of safe seach tools and web portals geared toward younger surfers.

I’m also a big fan of KidZui, the new browser for kids that provides access to over 800,000 kid-friendly websites, videos, and pictures that have been pre-screened by over 200 trained teachers and parents. The company employs a rigorous 5-step “content selection process” to determine if it is acceptable for kids between 3-12 years of age. My kids, both under the age of 7, just love it, but I can’t see many kids older than 10 enjoying it because it is mostly geared toward the youngest web surfers.

Last year, as part of my 10-part series coinciding with “Internet Safety Month,” I wrote about the market for safe search tools and web portals for kids. I generally divide these sites and services into two groups:

(1) “Safe Search” Tools and Portals for Kids (2) Child- and Teen-Oriented Websites

Below I will describe each group and list the many sites and services currently available. I encourage readers to offer additional suggestions for sites that belong on the list. (I keep a running list of these sites and services in my book, “Parental Controls and Online Child Protection: A Survey of Tools & Methods.”)

(1) “Safe Search” Tools and Portals for Kids: These sites help direct children to sites and information that are educational and enriching. Most major search engine providers offer “safe search” tools that provide filtered search results.

ALA’s Great Web Sites for Kids ( www.ala.org/greatsites)

AOL for Kids (U.S.) (http://kids.aol.com)

AOL for Kids (Canada) (http://canada.aol.com/aolforkids)

Ask Kids (www.askkids.com)

Awesome Library for Kids (www.awesomelibrary.org)

Diddabdoo ( www.dibdabdoo.com)

Education World ( www.education-world.com)

Fact Monster ( www.factmonster.com)

FirstGov for Kids ( www.kids.gov)

KidsClick (www.kidsclick.org)

Kid Zui (www.kidzui.com)

Noodle Net (www.noodlenet.com)

NetTrekker (www.nettrekker.com)

SearchEdu.com ( www.searchedu.com)

Surfing the Net with Kids (www.surfnetkids.com)

Surf Safely.com (www.surfsafely.com)

TekMom’s Search Tools for Students ( www.tekmom.com/search)

ThinkQuest Library ( www.thinkquest.org/library)

Yahoo! Kids (http://kids.yahoo.com)

(2) Child- and Teen-Oriented Websites: The child-friendly web portals discussed above generally direct children to informational and educational sites and resources. But there exist many other ways to tailor the web-surfing experience to a family’s specific needs and values. The Internet is full of wonderful sites dedicated to kids and teens. Many have an educational focus, whereas others offer enjoyable games and activities for children. Table 2 highlights some of the best of these websites, but this list just scratches the surface. If parents wanted, they could configure their web browsers to access only sites such as these and then block access to all other webpages.

Table 2: Child- and Teen-Oriented Websites

Candy Stand (www.candystand.com)

Clever Island (www.cleverisland.com)

Club Penguin (www.clubpenguin.com)

Disney’s Club Blast (http://disney.go.com/blast)

Disney’s DGamer (http://disney.go.com/dxd2/index.html?channel=68447)

Disney’s Playhouse (http://disney.go.com/playhouse/today/index.html)

Disney Toontown Online (http://play.toontown.com)

Habbo (www.habbo.com)

HBO Family XE “ HBO Family” Games (www.hbofamily.com/games)

Imbee (www.imbee.com)

Iland5 (www.iland5.com)

JuniorNet (www.juniornet.com)

Kaboose Family Network (www.kaboose.com)

Kaboose FunSchool (http://funschool.kaboose.com)

KidsClick (www.kidsclick.org)

KidsFirst (www.kidsfirst.org)

Microsoft At School (www.microsoft.com/education/atschool.mspx)

Net Smartz Kids (www.netsmartzkids.org)

Nickelodeon Games (www.nick.com/games)

Nick Jr. Games (www.nickjr.com)

Nicktropolis (www.nicktropolis.com)

Noggin XE “ Noggin” Games (www.noggin.com/games)

PBS Kids (http://pbskids.org/go)

Surfing the Net with Kids (www.surfnetkids.com)

Webkinz (www.webkinz.com)

Yahoo! Kids (http://kids.yahoo.com)

YoKidsYo (www.yokidsyo.com)

Zeeks (www.zeeks.com)

ZoeysRoom.com (www.zoeysroom.com)

Zoey’s Room and Club Penguin are two of the most popular of these sites. Here’s some screenshots:

Again, please let me know if you have suggested updates to these lists.

PFF has just releasing an updated edition of my booklet on “Parental Controls and Online Child Protection: A Survey of Tools & Methods.” The new version, Version 3.0, includes two new appendixes and updates to each section to reflect new parental control tools and programs developed in the last nine months.

The updated report is timely as it comes on the heels of the recently-announced Internet Safety Technical Task Force, which is being chaired by the Berkman Center for Internet & Society at Harvard Law School. I am privileged to serve as a member of the Task Force, which is evaluating various online safety technologies and strategies and then reporting back to state attorneys general with our findings.

Those issues and much more are covered in the latest edition of my report. The report explores the market for parental control tools, rating schemes, education efforts, and initiatives aimed at promoting online child safety. I believe that the parental controls and content management tools cataloged in the report represent a better, less restrictive alternative to government regulation. As I conclude after evaluating that state of the market: “There has never been a time in our nation’s history when parents have had more tools and methods at their disposal to help them decide what constitutes acceptable media content in their homes and in the lives of their children.”

Version 3.0 of the special report, now over 200 pages, contains over fifty exhibits and numerous updates in all five sections of the book. Major updates have been made to the Internet, social networking, and mobile media sections, reflecting the growing importance of those sectors and issues. A greatly expanded section on video empowerment technologies has also been included. Finally, two appendices have also been added: a comprehensive legislative index cataloging over thirty bills introduced in Congress on these issues (complied with John Morris of Center for Democracy & Technology), and a glossary of 35 relevant terms and cases.

The report is available free-of-charge on the PFF website, as are the previous editions. And I am happy to provide hard copies to those who are interested.

PFF has just released my latest paper entitled “Parental Control Perfection? The Impact of the DVR and VOD Boom on the Debate over TV Content Regulation.” In the report, I focus on the extent to which new video technologies, such as digital video recorders (DVRs) and video on demand (VOD) services, are changing the way households consume media and are helping parents better tailor viewing experiences to their tastes and values. I provide evidence showing the rapid spread of these technologies and discuss how parents are using these tools in their homes. Finally, I argue that these developments will have profound implications for debates over the regulation of video programming. As parents are given the ability to more effectively manage their family’s viewing habits and experiences, it will lessen—if not completely undercut—the need for government intervention on their behalf.

This 16-page report can be found at: http://www.pff.org/issues-pubs/pops/pop14.20DVRboomcontentreg.pdf

Now that I have completed my 10-part series of essays to coincide with “National Internet Safety Month,” I thought I’d list them all in one place. All the information in this series of essays was condensed from my new Progress & Freedom Foundation special report, “Parental Controls and Online Child Protection: A Survey of Tools and Methods.” I will be making constant updates to that report online, so if you have suggestions please let me know.

The links for the 10 installments in the series are listed below:

Part 1: Online Safety Metasites Part 2: Internet Filters & Monitoring Tools Part 3: Operating Systems and Web Browser Controls Part 4: Website Labeling and Metadata Tagging Part 5: Search Engine Filters and Portals for Kids Part 6: A Voluntary Online Code of Conduct for Online Safety Part 7: The Importance of Online Safety Education Part 8: Social Networking Safety Part 9: Online Safety and Law Enforcement Efforts Part 10: Good Parenting Means Everything!