Chalk up another victim to unwarranted political intimidation by state attorneys general. On Friday evening, Craigslist, which has long been under intense pressure to crack down on sex crimes, replaced its adult services section in the U.S. with a black censor bar. This move comes on the heels of a scathing letter sent to Craigslist by seventeen state AGs insinuating that Craigslist is culpable for the “victimization of children.” While the state attorneys general are likely celebrating victory this holiday weekend, all they’ve really done is to stifle free speech online and complicate efforts by law enforcement authorities to go after the real bad guys — you know, the ones who are forcing kids into sex slavery.

This isn’t the first time states have publicly attacked Craigslist for its involvement in sex crimes. Various AGs been trying to intimidate the site into eliminating avenues of adult content for years, as Alex Harris and Jim Harper have chronicled on these pages. In response to state AGs’ relentless saber-rattling, Craigslist made several major changes last year aimed at curbing illegal postings. The site shut down its notorious “erotic services” section and began charging $10 for every posting made to the adult services section. Craigslist even began manually screening all posts submitted to the adult services section. Since May 2009, over 700,000 postings have been rejected.

Apparently none of these concessions were enough for state AGs, always eager to score political points. Despite the safeguards Craigslist implemented last year, users continued to use the site in the commission of sex crimes. This is hardly surprising; given the sheer volume of user submissions and the increasingly complex measures taken by criminals to obfuscate their unlawful solicitations, some illegal postings are bound to circumvent any filtering regime. Now that Craigslist has censored its adult services section, former users of the section will invariably flock to other sites, as has happened every single time a major Bittorrent site has been taken offline or crippled by litigation. Craigslist is just one of many, many websites on the Internet that’s frequented by criminals, after all. From popular sites like Google and Yahoo! to small blogs that accept user comments, nearly any site that allows user submissions can be used to break the law.

Such websites generally aren’t legally liable for crimes committed by their users, as courts across the country have held time and time again (1,2,3,4). That’s because when Congress overhauled America’s telecom laws in 1996, it enacted the Communications Decency Act, which grants “providers” of “interactive computer service” immunity from state criminal prosecution for illegal content posted by users. Thus, while prosecutors can and do pursue criminal charges against individuals who post illegal content to Craigslist, they can’t go after Craigslist itself, as long as the site complies with enforceable governmental requests and promptly removes content it knows to be illegal.

This legal provision, known as Section 230, has been crucial to the growth of the Internet as we know it. As Adam Thierer aptly put it last year, it’s the “cornerstone of Internet Freedom.” Section 230 has enabled website operators to offer an array of incredible user-driven offerings without fear of being sued or jailed for their users’ unlawful actions. Without it, “Web 2.0” sites like YouTube, Digg, and Reddit might never have gotten off the ground. Monitoring user submissions can be enormously burdensome, especially for smaller sites like WashingtonWatch.com, a popular user-centric site operated and owned by the Cato Institute’s Jim Harper. Were these sites liable for the content of their users’ postings, they likely wouldn’t even accept them in the first place.

Congress established this protection in order to “to maintain the robust nature of Internet communication and, accordingly, to keep government interference in the medium to a minimum,” as the U.S. 4th Circuit Court of Appeals concluded in its forceful 1997 opinion in Zeran v. America Online, Inc. In their assault on Craigslist, state attorneys general ignore Congress’s clear intent in establishing Section 230 — to keep government’s hands off the Internet.

To be sure, Section 230 does have a downside, as Craigslist itself has underscored time and time again. Illegal user postings can result in tragedy, as was the case for AK and MC, two girls who took out ads in The Washington Post and The San Francisco Chronicle last month recounting their experiences as victims of sex crimes facilitated through Craigslist. Despite Section 230’s flaws, however, the alternative is far worse.

Many, if not most, postings on Craigslist’s adult services section were perfectly legal, and until Friday thousands of individuals relied on the section to find consenting adults with whom to fulfill their intimate desires. In pressuring Craigslist to censor the section, state AGs have essentially stifled the free speech rights of thousands of individuals. Criminals will simply migrate to even shadier websites, further hindering efforts by law enforcement to put child sex traffickers behind bars.

It’s 2010, and nearly 5 billion devices worldwide are now connected to the Internet — a freely accessible, unfiltered, unauthenticated worldwide network. As long as such a network exists, it’s all but inevitable that it will have a seedy underbelly. Law enforcement officials should investigate sex crimes against children committed using the Internet and aggressively prosecute suspected child sex traffickers. Trying to intimidate interactive websites like Craigslist, however, is the wrong approach.

Last year, my PFF colleague Adam Thierer asked whether State AGs + NCMEC = The Net’s New Regulators? Adam noted that NCMEC, the National Center for Missing and Exploited Children, a private non-profit organization, was playing a law enforcement role in regulating child pornography—but without any clear mechanisms for ensuring its accountability and effectiveness. Adam’s point wasn’t just that transparency is a good thing, but that when it comes to a cause as important as protecting children from exploitation, it’s vital to ensuring that we’re that we’re actually doing a good job at it!

Yesterday, Emmanuel Lazaridis commented on that post:

Given the increasing regulatory and investigative powers of the NCMEC, it is no longer clear whether or not the [Freedom of Information Act] applies to NCMEC records. We are about to find out. I am right now bringing a case against the NCMEC in federal court for access to records under the FOIA and, failing that, for discovery under 28 U.S.C. § 1782(a).

Mr. Lazaridis’s complaint in the D.C. District Court claims that Lazaridis (a Greek national) has been unfairly deemed a fugitive from U.S. justice for having taken his daughter to Greece over the objections of the girl’s American mother, Lazaridis’s ex-wife. NCMEC got involved by placing the girl on their MissingKids.com registry of abducted children. Lazaridis wants the court to recognize his custody, deem him not to be a fugitive, and to order NCMEC to turn over all their records on the girl.

This is, of course, just one side of the story (and such cases are usually so complicated as to be indecipherable to outsiders). But even if Lazaridis’s case were wholly without merit, his basic argument would be a sound one: Why shouldn’t NCMEC, in exercising any of its essentially governmental functions, be subject to the same accountability requirements through FOIA as the FBI would be?

When the issue is the Lazaridis family’s trans-Atlantic custody battle, it may seem easy to ignore this question. But when NCMEC is essentially making policy regarding filtering Internet content, blacklisting websites, turning over user logs to law enforcement, or “cleaning up” Craigslist, the question of NCMEC’s accountability under FOIA cannot be avoided as a critical decision about the future of Internet governance.

On heels of Adam’s piece last year, controversialist Chris Soghoian suggested one answer: Given its status as a sacred cow, we cannot expect any politician pay heed to calls to overhaul NCMEC or subject it to oversight. However, what we can do, is call for the nationalization of the National Center for Missing and Exploited Children.

Think of it this way: We have a drug czar, a war czar, a copyright czar, and will likely have a cybersecurity czar and car czar under the next administration. Why not throw a child porn czar into the mix? Nationalize NCMEC, make all of its workers federal employees, with good health care and job security, and perhaps even expand its budget–after all, it does good work, right? NCMEC’s job is simply too important to be entrusted to a nonprofit group–such a task can only be performed by a fully trained and funded law enforcement agency (one, which conveniently enough, is subject to the Freedom of Information Act, congressional oversight, and constitutional requirements for due process.)

Despite my differences with Chris, he’s often right and may be here, too. He’s certainly right that Congress is unlikely to address the problem of NCMEC’s accountability given the sensitivity of the issue of child protection.

But, fortunately, we live in a republic, not a pure democracy: Our third branch of government, the courts, exists to enforce the rule of law; being somewhat insulated from political pressure, the courts provide a final check on the authority even of the almighty NCMEC. So while Chris’s nationalization proposal might well be the ideal solution, it hasn’t happened yet—nine months later to the day, and it’s probably not high on the Obama administration’s list of czarist reforms.

But simply by ordering NCMEC to comply with FOIA, the Lazaridis court could, with the stroke of a pen, bring accountability to NCMEC’s law enforcement functions. The legal question is simple: Does NCMEC qualify as an “agency,” which FOIA defines as an “authority of the Government of the United States?”

If so, NCMEC must not only respond to requests for certain of its “records,” but it must also follow a rule-making process akin to that required of federal agencies when they make policy decisions, offering the public appropriate notice and the opportunity to comment on proposed regulations—instead of, say, threatening Internet companies behind closed doors (sometimes the same companies that later make generous donations to NCMEC) or cutting deals with state attorneys general.

It turns out that this is not a new issue. Federal courts have had to decide whether a number of quasi-governmental entities qualify as “agencies” over the years, especially given the trend towards privatization over the last three decades. Some organizations, like the Smithsonian Institution, have decided to comply with FOIA even though courts have held that they’re not required to do so. NCMEC could have allayed all these concerns years ago by doing the same thing, but absent a change in management at the organization, it seems only a court order will force the organization to open its “black box” of decision-making to public inquiry.

In a number of other circumstances, courts have required nominally private organizations to comply with the federal FOIA or its state equivalents. A thorough (if dated) treatment of this issue can be found in the 1999 law review article, Privatization and the Freedom of Information Act: An Analysis of Public Access to Private Entities Under Federal Law by Craig Feiser, Florida’s deputy solicitor general and an adjunct at FSU Law. Feiser explains:

When Congress amended FOIA in 1974, it added section 552(f)(1) and broadened the definition of “agency” to include entities not explicitly mentioned under the APA, but which “perform governmental functions and control information of interest to the public.”

In deciding whether a private organization qualifies as an agency subject to FOIA, courts have considered two factors.

One factor asks whether the entity has substantial independent authority in performing a function of the government, making it the functional equivalent of the government. The other factor asks whether the government substantially controls the entity’s day-to-day operations or organizational framework. In using either factor, the court is essentially asking to what degree the entity is performing a government function. In one case, the government is pulling nearly all of the strings; in the other case, the entity is making decisions independently for the government.

Financially, NCMEC is largely a creature of government: 70% of NCMEC’s $42 million budget in 2007 came from the government. But as Feiser notes, funding does not always mean control. Government control over NCMEC’s internal decisions is unclear. Indeed, the very lack of government control over an organization essentially regulating the Internet and imposing criminal sanctions that could follow convicted “sex offenders” for life would by itself be an enormous problem.

But given what NCMEC actually does, it obviously qualifies as an “agency” subject to FOIA under the “functional equivalence factor,” which as Feiser explains,

basically represents the opposite situation from the control factor. Here, the entity is functioning independently, but making decisions for the government, as opposed to having its decisions made by the government. In effect, it is the functional equivalent of the federal government, and, therefore, it should be an “agency” under the FOIA.

I’ll be watching the Lazaridis case closely, hoping that the court sees NCMEC for what it is: a private organization tasked with implementing not just any government function, but the enforcement of laws against the most vulnerable victims in society. Absent such a recognition, NCMEC will continue to grow into an unaccountable regulator for the Internet.

Today, the only public oversight of NCMEC required by law is the requirement that NCMEC (like any non-profit with federal tax-exempt 501(c)(3) non-profit status) file a Form 990 each year disclosing basic information about its finances. That report does not list NCMEC’s donors, because donors have a First Amendment right to remain anonymous, but a more transparent organization would, like my own think tank, at least identify its major donors. The 2006 and 2007 Form 990s do reveal a few interesting things, though, about what NCMEC does with its budget (70% of which comes from the taxpayer):

• NCMEC’s CEO, Ernie Allen, was paid $359,191 plus $411,636 in benefits in 2006 (PDF p. 46) and $409,821 plus $426,540 in benefits in 2007 (PDF p. 19), for a total of $1.6 million in two years (roughly $800,000/year);
• Not counting Allen, NCMEC spent $778,564 on its top five highest-paid employees in 2006 ($155,713/employee), and $875,657 in 2007 ($175,131/employee) (PDF p. 10 in both);
• 31% of NCMEC’s 2006 revenues and 35% of its 2007 revenues went to salaries (PDF pp. 1 & 2 in both); and
• NCMEC had 104 employees paid over $50,000 in 2006 (PDF p. 10) and 116 in 2007 (PDF p. 10).

I’d be reluctant to suggest that anyone at NCMEC was more interested in money than in protecting children, but if given the choice, we’d all prefer to do well while doing good. So if Allen were smart, he’d realize that a court order subjecting NCMEC to FOIA might be the best of all possible worlds: Requiring real accountability would neutralize calls for nationalizing NCMEC, allowing the organization to continue operating as a non-profit that can pay quite a bit better than the Federal civil service. Even the Senior Executive Service, for agency heads, maxes out at a measly $177,000/year.

Of course, if NCMEC’s records and decisions to regulate the Internet were subject to FOIA, the organization might not be able to… “convince” the Internet companies it essentially regulates to write large checks to NCMEC. But even this tax-hating libertarian would be hard-pressed to argue against funding the enforcement of laws against child pornography, abduction and exploitation with taxpayer dollars.

As the grandson of an FBI agent, whose framed credentials hang in a place of pride in my office (stamped “RETIRED” after his 25 years of loyal service), I can’t help but wonder how many more agents the FBI could employ to combat child porn with an extra $1.6 million/year in funding (the salary of Allen and NCMEC’s top-five highest paid employees). It seems that FBI agents today make roughly $48,000-87,000/year. Let’s call it an average of $67,500 and throw in 20% for overhead. That works out to $81,000/year—or:

• 20 new agents for what NCMEC is paying its top six employees; or
• 368 new agents for the $29.82 million NCMEC received in government support in 2007.

I’m sure the solution is far more complicated than simply hiring more FBI agents, and that NCMEC does much good work in the service of a noble cause. But until NCMEC is either nationalized as a direct arm of law enforcement or made significantly more accountable as a private organization, we won’t really have any way of knowing whether the money being spent on NCMEC is being spent in the most effective manner possible to deal with the problems of child pornography, abduction and exploitation. We also won’t know whether draconian alternatives to direct enforcement ( e.g., hiring more FBI agents) like network-level filtering mandates are truly necessary, despite their unintended consequences for the free speech and privacy rights of law-abiding Internet users.