October 9, 2024

Archives for March 2009

A "Social Networking Safety Act"

At the behest of the state Attorney General, legislation to make MySpace and Facebook safer for children is gaining momentum in the New Jersey State Legislature.

The proposed Social Networking Safety Act, heavily marked-up with floor amendments, is available here. An accompanying statement describes the Legislative purpose. Explanations of the floor amendments are available here.

This bill would deputize MySpace and Facebook to serve as a branch of law enforcement. It does so in a very subtle way.

On the surface, it appears to be a perfectly reasonable response to concerns about cyberbullies in general and to the Lori Drew case in particular. New Jersey was the first state in the nation to pass Megan’s Law, requiring information about registered sex offenders to be made available to the public, and state officials hope to play a similar, pioneering role in the fight against cyberbullying.

The proposed legislation creates a civil right of action for customers who are offended by what they read on MySpace or Facebook. It allows the social network provider to sue customers who post “sexually offensive” or “harassing” communications. Here’s the statutory language:

No person shall transmit a sexually offensive communication through a social networking website to a person located in New Jersey who the actor knows or should know is less than 13 years of age, or is at least 13 but less than 16 years old and at least four years younger than the actor. A person who transmits a sexually offensive communication in violation of this subsection shall be liable to the social networking website operator in a civil action for damages of $1,000, plus reasonable attorney’s fees, for each violation. A person who transmits a sexually offensive communication in violation of this subsection shall also be liable to the recipient of the communication in a civil action for damages in the amount of $5,000, plus reasonable attorney’s fees, or actual damages…

The bill requires social network providers to design their user interfaces with icons that will allow customers to report “sexually offensive” or “harassing” communications:

A social networking website operator shall not be deemed to be in violation … if the operator maintains a reporting mechanism available to the user that meets the following requirements: (1) the social networking website displays, in a conspicuous location, a readily identifiable icon or link that enables a user or third party to report to the social networking website operator a sexually offensive communication or harassing communication transmitted through the social networking website.

Moreover, the social network provider must investigate complaints, call the police when “appropriate” and banish offenders:

A social networking website operator shall not be deemed to be in violation … if … (2) the operator conducts a review, in the most expedient time possible without unreasonable delay, of any report by a user or visitor, including investigation and referral to law enforcement if appropriate, and provides users and visitors with the opportunity to determine the status of the operator’s review or investigation of any such report.

Finally, if the social network provider fails to take action, it can be sued for consumer fraud:

[I]t shall be an unlawful practice and a violation of P.L.1960, c.39 (C.56:8-1 et seq.) [the state Consumer Fraud Act] for a social networking website operator to fail to revoke, in the most expedient time possible without unreasonable delay, the website access of any user or visitor upon receipt of information that provides a reasonable basis to conclude that the visitor has violated [this statute]”

So what’s the problem? It’s not a criminal statute, and we do want to shut down sex offenders and cyberbullies. How could anyone object to this proposed measure?

First, the proposed law puts a special burden on one specific type of technology. It’s as if the newfangledness of social networking—and its allure for kids—have made it a special target for our fears about sex offenders and cyberbullies. No similar requirements are being placed on e-mail providers, wikis, blogs or the phone company.

Second, it deputizes private companies to do the job of law enforcement. Social network providers will have to evaluate complaints and decide when to call the police.

Third, it’s the thin edge of the wedge. If social network providers have to investigate and report criminal activity, they will be enlisted to do more. Today, sex offenders and cyberbullies. Tomorrow, drug deals, terrorist threats and pornography.

Fourth, this raises First Amendment concerns. Social network providers, if they are called upon to monitor and punish “offensive” and “harassing” speech, effectively become an arm of law enforcement. To avoid the risk of lawsuits under the Consumer Fraud Act, they will have an incentive to ban speech that is protected under the First Amendment.

Fifth, the definitions of “offensive” and “harassing” are vague. The bill invokes the “reasonable person” standard, which is okay for garden-variety negligence cases, but not for constitutional issues like freedom of speech. It’s not clear just what kinds of communication will expose customers to investigation or liability.

If the bill is enacted, MySpace and Facebook could mount a legal challenge in federal court. They could argue that Congress intended to occupy the field of internet communication, and thus pre-empt state law, when it adopted the Communications Decency Act (CDA), 47 U.S.C. § 230(c)(1).

The bill probably violates the Dormant Commerce Clause as well. It would affect interstate commerce by differentially regulating social networking websites. Social networking services outside New Jersey can simply ignore the requirements of state law. Federal courts have consistently struck down these sorts of laws, even when they are designed to protect children.

In my opinion, the proposed legislation projects our worst fears about stalkers and sex predators onto a particular technology—social networking. There are already laws that address harassment and obscenity, and internet service providers are already obliged to cooperate with law enforcement.

Studies suggest that for kids online, education is better than restriction. This is the conclusion of the Internet Safety Technical Task Force of State Attorneys General of the United States, Enhancing Child Safety and Online Technologies. According to another study funded by the MacArthur Foundation, social networking provides benefits, including opportunities for self-directed learning and independence.

Possible Opportunity for Outstanding Law Graduates

We are constantly looking for scholars of digital technology and public life to join us at the Center for Information Technology Policy. We’ll be making several appointments soon, and look forward to announcing them. Meanwhile, I wanted to highlight a possible opportunity for graduating law students who have a strong scholarly interest in cyberlaw (reflected in student notes or other publications) and who find themselves in a position to pursue a research project over the coming months.

A growing number of law firms are pushing back the start dates for graduating law students who they have hired as new associates. In some cases, the firms are offering stipends to pay for these new hires to do public interest or academic work in the months before their start dates.

If you happen to be in the overlap between these two groups—a cyber-inclined graduating law student, with support from your firm to do academic work in the coming months—then you should know that CITP may be a logical home for you.

This is part of our larger openness, in general, to externally supported research fellowships. Under the right circumstances, we can provide an intellectual home, complete with workspace and Princeton’s excellent scholarly infrastructure, for exceptional researchers who have a clear project in view and who have a continuing affiliation with their long-term employer (in this case, the law firm).

If you want to know more, feel free to contact me.

Adam Thierer on the First Amendment Twilight Zone

Thursday’s lunch talk here at CITP was by my co-blogger Adam Thierer of the Progress and Freedom Foundation. Adam is a leading voice in the debate over online free speech, with a particular focus on how to protect children from harmful online material while preserving First Amendment freedoms. In his lunch talk, Adam focused on the implications of technological convergence for First Amendment law. Traditionally, we’ve had completely separate regulatory regimes and constitutional standards for different media technologies—broadcast, cable, satellite, and Internet. The courts have repeatedly struck down efforts to censor the Internet. In contrast, in cases such as FCC v. Pacifica, the Supreme Court has given Congress and the FCC free rein to censor the airwaves. Adam calls broadcasting’s second-class citizenship the “First Amendment Twilight Zone.”

Adam argues that the premise at the heart of these precedents—the idea that “broadcast,” “cable,” and “Internet” are distinct categories that can be regulated differently—is rapidly being undermined by technological progress. There are far more ways to get content than in the past, and it’s far more difficult to draw clear distinctions among them. As technologies converge, the question is whether the law will converge with it? And more importantly, if the law converges, which direction will it go? Will the Internet be subject to the more censorious standards of broadcast television? Or will Internet-based replacements for broadcast television enjoy the same robust protections as online content does today?

Adam has made a screencast of his presentation, in which he answers these questions and more. It’s a great talk and I encourage you to check it out:

Fingerprinting Blank Paper Using Commodity Scanners

Today Will Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, Alex Halderman and I released a paper, Fingerprinting Blank Paper Using Commodity Scanners. The paper will appear in the Proceedings of the IEEE Symposium on Security and Privacy, in May 2009.

Here’s the paper’s abstract:

This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.

Viewed under a microscope, an ordinary piece of paper looks like this:

The microscope clearly shows individual wood fibers, laid down in a pattern that is unique to this piece of paper.

If you scan a piece of paper on an ordinary desktop scanner, it just looks white. But pick a small area of the paper, digitally enhance the contrast and expand the image, and you see something like this:

The light and dark areas you see are due to two factors: inherent color variation in the surface, and partial shadows cast by fibers in the paper surface. If you rotate the paper and scan again, the inherent color at each point will be the same, but the shadows will be different because the scanner’s light source will strike the paper from a different angle. These differences allow us to map out the tiny hills and valleys on the surface of the paper.

Here is a visualization of surface shape from one of our experiments:

This part of the paper had the word “sum” printed on it. You can clearly see the raised areas where toner was applied to the paper to make the letters. Around the letters you can see the background texture of the paper.

Computing the surface texture is only one part of the job. From the texture, you want to compute a concise, secure “fingerprint” which can survive ordinary wear and tear on the paper, such as crumpling, scribbling or printing, and moisture. You also want to understand how secure the technology will be in various applications. Our full paper addresses these issues too. The bottom-line result is a sort of unique fingerprint for each piece of paper, which can be determined using an ordinary desktop scanner.

For more information, see the project website or our research paper.

Government Online: Outreach vs. Transparency

These days everybody in Washington seems to be jumping on the Twitter bandwagon. The latest jumpers are four House committees, according to Tech Daily Dose.

The committees, like a growing number of individual members’ offices, plan to use Twitter as a new tool to reach their audience and ensure transparency between the government and the public.

“I believe government works best when it is transparent and information is accessible to all….” [said a committee chair].

I’m all in favor of public officials using technology to communicate with us. But Twitter is a tool for outreach, not transparency.

Here’s the difference: outreach means government telling us what it wants us to hear; transparency means giving us the information that we, the citizens, want to get. An ideal government provides both outreach and transparency. Outreach lets officials share their knowledge about what is happening, and it lets them argue for particular policy choices — both of which are good. Transparency keeps government honest and responsive by helping us know what government is doing.

Twitter, with its one-way transmission of 140-character messages, may be useful for outreach, but it won’t give us transparency. So, Congressmembers: Thanks for Twittering, but please don’t forget about transparency.

(Interestingly, the students in my tech policy class were surprised to hear that any of the digerati had ever Twittered. The students think of Twitter as a tool for aging hepcat techno-poseurs. [Insert your own joke here.])

Meanwhile, the Obama team is having trouble transitioning its famous online outreach machinery into government, according to Jose Antonio Vargas’s story in the Washington Post:

WhiteHouse.gov, envisioned as the primary vehicle for President Obama to communicate with the online masses, has been overwhelmed by challenges that staffers did not foresee and technological problems they have yet to solve.

Obama, for example, would like to send out mass e-mail updates on presidential initiatives, but the White House does not have the technology in place to do so. The same goes for text messaging, another campaign staple.

Beyond the technological upgrades needed to enable text broadcasts, there are security and privacy rules to sort out involving the collection of cellphone numbers, according to Obama aides, who acknowledge being caught off guard by the strictures of government bureaucracy.

Here again we see a difference between outreach and transparency. Outreach, by its nature, must be directed by government. But transparency, which aims to offer citizens the information they want, is best embodied by vigorous activity outside of government, enabled by government providing free and open access to data. As we argued in our Invisible Hand paper, many things are inherently more difficult to do inside of government, so the key role of government is to enable a marketplace of ideas in the private sector, rather than doing the whole job.