Wednesday, February 24, 2010

Chatroulette raises concerns for parents -- if their kids have webcams!

On Tuesday morning, ABC Good Morning America covered the new website “Chatroulette”, as written up by Brain Braiker here. The website allows someone with a webcam to be connected to random strangers for chat. The site is here.

It goes with saying that this sounds like “Russian Roulette” beyond speed dating (the kind in the movie “The Deer Hunter” maybe). But parents would be particularly concerned if minor kids did it, especially in the privacy of their rooms (if each kid has his or her own computer for homework). Just think about the recent Dateline series with Chris Hansen.

I suppose a parent could just block the site with a filter.

Kurt Eichenwald, a reporter with the New York Times, has argued that there is no legitimate reason for a kid to have a webcam at all, at least in his room (although many laptops come with them, as does mine – sorry, it’s not on right now, so you can’t see me!) His news story from Dec. 19, 2005 about Justin Berry is still worth studying, link here.

Monday, February 08, 2010

Can government control the way some employees self-publish? Where CIA and previous COPA trial make dots to connect!

This posting may be a little strange: what could a CIA Publications Review Board possibly have to do with COPA? If anything, this argument folds on itself, showing how everything connects to everything else, and how difficult it is to make rules to protect public interests narrowly enough.

Remember that in 2004, the Supreme Court, in its most recent ruling on COPA (before the 2006 trial in Philadelphia) had written (Cornell law link here):
“When plaintiffs challenge a content-based speech restriction, the Government has the burden to prove that the proposed alternatives will not be as effective as the challenged statute.”

Judge Reed echoed that in paragraph 46 of his COPA ruling (see March 22, 2007 on this blog).

What seems less clear is whether government would run into constitutional issues if it restricted a class of people (for example employees of a particular agency) from using some specific form of self-publication at all, across the board, as an additional layer of security or protection of confidentiality or of classified materials. The “free entry” model for Internet self-publishing and blogging could be the most vulnerable, not for the content it publishes, but for the unsupervised and unbounded nature of the risk of the method of distribution. On its face, this does not sound like a “content-based” restriction because no particular content would be removed; instead no content at all could be self-published without supervision on the web. Perhaps a rule like this would have specific fine points: material could be published if it had pre-approval, if it was limited to a private friends’ list and not available to robots (as if government could count on Facebook or social media companies to help make confidentiality policy indirectly), or if the writer had been able to procure media perils insurance, or some combination of these. Or possibly the writer would pass a test showing understanding of confidentiality or have all of his writing debriefed in one session.

There is something like this in existence now, the CIA Publications Review Board. The CIA discusses how it works at this link. The piece is called “Reviewing the Work of CIA Authors: Secrets, Free Speech, and Fig Leaves”, by John Hollister Hedley. He opens in a na├»ve tone, “Business is brisk, as a growing number of former CIA employees seek to become published authors”.

The focus of the article is on books and articles published in a conventional manner through major publishers, not self-publishing. However, at first, the implication would be that a CIA employee or even former employee could not publish anything at all, not even on a personal blog, without preapproval of every posting, an impractical burden. However, in the middle of the article, Hedley writes:

“CIA regulations explain that the review requirement applies to "all writings and scripts or outlines of oral presentations intended for nonofficial publication, including works of fiction, which contain any mention of the CIA, intelligence data or intelligence activities, or material on any subject about which the author has had access to classified information in the course of his or her employment.”

The implication is that a blog posting that is totally unrelated to the CIA employee’s work would not require review. As a matter of epistemology, however, it would be hard for an employee to know for sure that there is no possible connection to his work, given the possibility of steganography, and the pervasive meaning of “connect the dots”. Presumably other security and defense related agencies (NSA, military service branches, etc) would have similar rules, and they could apply in civilian non-defense agencies where confidentiality is an unusually sensitive matter (as with Census).

If an agency told “individual contributor” employees that they could not post at all, that could cripple their speech opportunities during employment and later in life. Courts might find that this amounted to an eventual implicit content-based restriction on free speech, even though it starts out as a restriction on distribution (use of free entry). Agencies could try other means, such as debriefing employees or interviewing them to make sure they understand confidentiality requirements and oaths and possible penalties in depth.

When COPA was tried, social media were relatively new, and there has been little said as to whether it could have been applied to Myspace or Facebook. But social media place some emphasis on meeting people for networking purposes, and “publishing” within a somewhat private list, with privacy standards in flux and determined by the companies, not government. It’s possible to disclose confidential information within this environment, and it’s possible to pass on HTM material also, even though that environment was not a primary concern of COPA. Government employees haven’t, as far as I know, been asked to submit their personal emails or chats for review (what about tweets?), so there seems to be some level of common sense in prospective review of anything an employee in a sensitive position could “publish”.

Update: Feb. 17, 2010

The USDA (Department of Agriculture) has a similar page, called baldly "Pre-Publication Review" here. See the text in red on the first enclosed link (about indirect targeting). But again, logically, the pre-pub review requirement exists for "any material intended for public release that might be based in any way on information you learned through your access to classified information." Note that the USDA policy has much more discussion about the "dangers" of the Internet per-se from search and aggregation than does the CIA page. The sublink below says this about aggregation:

"DoD guidelines also require that judgments about the sensitivity of information take into account the potential consequences of "aggregation." The term "sensitive by aggregation" refers to the fact that information on one site may seem unimportant, but when combined with information from other web sites it may form a larger and more complete picture that was neither intended nor desired. In other words, the combination of information from multiple web sites may amount to more than the sum of its parts. Similarly, the compilation of a large amount of information together on one site may increase the sensitivity of that information and make it more likely that site will be accessed by those seeking information that can be used against us."

Many other federal government agencies, including NASA, refer to this DoD-related page or a similarly worded page.

The National Security Agency (NSA/CSS) has a similar page here. The policy includes Internet postings. But it also says "Publications about gardening, cooking, sports, crafts, etc. do not need to undergo pre-publication review if the only association with the NSA/CSS is the author's current or former affiliation with the Agency: Reminder: Pre-publication review is a lifetime responsibility. Your responsibility does not end when you end your association with NSA/CSS." The potential problem with the "gardening" clause is the "slippery slope": in the public policy world, things are more connected than we realize!

However, a government agency that designs a pre-pub policy carelessly could (unintentionally, perhaps) lock out employees or contractors, even former and departed, from ever having their own Facebook pages, even with privacy settings.

Wednesday, February 03, 2010

Can possessors of c.p. or other illegal materials be ordered to pay restitution (for mere possession)?

The New York Times has an intriguing story by John Schwartz today (Wednesday, Feb.3) about a new legal initiative: making those who “merely” possess, but did not produce, child pornography, help pay civil financial restitution to victims. The link for the story is (web URL) here.

A victim with surname Amy is suing to demand that everyone who possessed a copy of an illegal image of her pay restitution until a claim of $3.4 million is settled.

George Washington University law professor Jonathan Turley has a blog entry relating the story of a former Pfizer executive to pay $200000 for possessing an image of a woman taken when she was a minor. The blog entry is here.

(I have reviewed books on Internet law, reputation and privacy by another GWU professor, Daniel Solove, on my books blog.)

Turley writes “it stretches personal accountability to a breaking point. …, The extension of the definition of victim could lead to liability without limitation. Presumably, anyone watching porn movies with an underaged character or in possession of a magazine with such a picture could be similarly faced with restitution demands. Prosecutors could threaten targets with financial ruin under such theories — forcing guilty pleas to other offenses. Restitution is generally limited to the direct victims of the defendant’s actions.” He also makes analogies to how this could set a precedent in other areas, such as owners of pawn shops when they receive stolen property (although that was a major concern with a crime spree in Montgomery County MD which was solved in 2008 when an alert pawn shop operator called police).