Internet Child-Protection Bill Raises Too Many Questions

2-24-2009 National:

Are you a child molester? I know I'm not. And yet U.S. Sen. John Cornyn and Rep. Lamar Smith apparently think that there's a pretty good chance we both are. They've introduced bills that would require Internet service providers to keep customer records for two years. The law presents all kinds of creepy potential for abuse, and I don't see any reason to believe that it will be a cost-effective way to reduce the problem of molestation.

The Texas Republicans last week jointly introduced the Internet Safety Act of 2009. The law sets a sentence of up to 20 years, plus fines, for financial transactions that facilitate child pornography, and fines and imprisonment of up to 10 years for ISPs facilitating child pornography.

So far, so good. There's no reason to believe that stiffer penalties will do anything to deter child molesters. If a little prison time and a lifetime of public stigma won't stop someone from committing a crime, a lot of prison time probably won't do anything, either. However, I certainly can't argue with putting child molesters in prison.

The problematic section of the law requires service providers to keep records for at least two years, identifying the people temporarily assigned network addresses.

One problem with the law is that it's sufficiently broad that it could include anyone providing a Wi-Fi hotspot -- even your neighborhood coffeeshop. The way the law is written, even private, residential hotspots might be required to keep these records. Got a Wi-Fi hotspot in your living room? You might be required to keep two years of records on how it's used.

Also, the law lacks specifics on what the penalty for failure to keep those records should be.

The proposed law comes as the government is trying to get Internet companies to limit the amount of data they retain. Now, Cornyn and Smith are trying to reverse that effort, in a dubious attempt to protect children.

The law is scary for Internet service providers -- it creates a threat of criminal liability for the provision of routine services such as e-mail. How long would Google (NSDQ: GOOG) and Microsoft (NSDQ: MSFT) continue to provide free e-mail service if they knew their executives could go to jail for failing to keep adequate records?

Smith's explanation of the justification for the law seems facile. In an op/ed in the Dallas Morning News, he writes: "How many times have we seen TV detectives seek call logs of a suspect in order to determine who he has been talking to? What if the telephone companies simply said to the detectives, 'Sorry, we get rid of that information after 24 hours?'"

We ought not to be basing criminal law based on what we see on television. We ought to base it on assessment of risks in real life, not on TV.

Moreover, existing law already includes provisions that allow the police to get access to information from ISPs, said Sidney Rosenzweig, visiting fellow at the Progress and Freedom Foundation, a think tank that studies digital policy.

Current government regulations do not require ISPs to retain data about subscribers except on a case-by-case basis, Rosenzweig said.

"Instead, the government can send a letter to an ISP to tell them to retain the information for 90 days," he said. "This buys the government enough time to get a subpoena or a warrant. ISPs are not currently required to retain information unless they are actually requested to do so by the government."

How widespread is child predation online? Smith doesn't say. He cites a three-year-old case that resulted in 27 arrests worldwide, and another case involving a two-year-old girl where the predator wasn't caught after the Internet service provider purged the record. But here's what Smith isn't saying: The 27 arrests occurred without his new law. And he doesn't cite any reason to believe that the ISP records would have helped arrest the predator of that two-year-old girl.

Smith said in a statement that law enforcement officials have received reports of 600,000 images of graphic child pornography online, but only 2,100 of these children have been identified and rescued. What's the source of these figures? Again, Smith doesn't say.

Trading child porn over the Internet is an awful crime -- but if the best Smith can come up with is a three-year-old case involving 27 people -- out of all the billions of people who use the Internet -- that suggests that this is a rare crime, one where imposing new regulatory requirements on the Internet service industry is unwarranted.

As for those 600,000 images: Are those images of 600,000 separate children, or multiple pictures of the same child? And how, precisely, would tracking IP addresses of people accessing the Internet help catch the children? If a pervert downloads child pornography, that doesn't mean he knows, or is likely to know, any information that would help rescue the child portrayed in the image, any more than a person downloading legal, adult porn knows the real names of the models, photographers, or where the photos were taken.

Similarly, Conryn cites as evidence of the need for the law the fact that 90,000 sex offenders were kicked off MySpace earlier this month. But how many of those sex offenders were convicted of crimes involving children? And how many of those sex offenders were using MySpace to troll for victims, as opposed to keeping up with music and friends and other lawful MySpace uses?

Still, even if the law is imperfect, shouldn't we pass it? Even if it saves one child, isn't it worthwhile?

No.

The law would create massive databases of private information, and from what we've seen in data leaks of credit card information, financial information, and medical records, any massive database of private information has the potential for abuse.

How, precisely, will knowing that a particular user connected to the Internet at an particular time help catch sex predators? As far as I can see, sex predators get found either when responding to a government sting, or when a computer serviceperson finds a stash of porn on the predator's hard disk.

The bill would put additional expenses on the backs of ISPs to store and manage customer records.

And, finally: It's a red herring. It distracts us, as a society, from the more significant risks posed to children.

Danah Boyd, a researcher at Microsoft Research New England, blogged about this eloquently when the MySpace news came out a couple of weeks ago. Rather than doing needle-in-the-haystack searches of Internet users to catch child predators after they strike, it's better to stop the crimes in the first place, by helping children stop engaging in dangerous, self-destructive behavior, on the Internet and in real life, says Boyd, a Fellow at the Harvard University Berkman Center for Internet and Society.

Boyd wrote her doctoral dissertation on how youth use social media. She finds that kids who are preyed on by adults aren't tricked or forced into it. The kids seek out inappropriate and dangerous situations knowingly, because they're psychically wounded. Help the kids, and predators lose their supply of victims.

She asks, "Why are we so obsessed with the registered sex offender side of the puzzle when the troubled kids are right in front of us? Why are we so obsessed with the Internet side of the puzzle when so many more kids are abused in their own homes? I feel like this whole conversation has turned into a distraction. Money and time is being spent focusing on the things that people fear rather than the very real and known risks that kids face. This breaks my heart." ..News Source.. by Mitch Wagner