Age-verification technology is still too weak to be required legally

Nicole Perlroth sums up the difficult state of age verification online in the Monday June 18 New York Times, “Business Day”, in the article “Big Hurdle in Verifying Ages Online”.

The issue was central to the COPA litigation a few years ago, and on the surface, if Facebook really were successful with intended age verification (so far unexplained) for minors in “Family accounts”, it could bring back arguments to look at COPA again. The article notes that Facebook now has nine times as many members as in 2008, when it competed with Myspace. 

But the most promising ideas (webcam-related retinal or perhaps fingerprint scanning, or lie detection interviewing) are just in development.  Other ideas, like use of credit cards, were found very wanting during the COPA trial in 2006.

A national ID system, like that in South Korea of other countries, could solve the problem, but is objectionable in the US because of privacy concerns.  But a national system, perhaps tied to the USPS NCOA system, could also be useful in preventing identity theft and fraud.  There is always a trade-off between privacy and security.

The link for the story is here.

Should "Cloud" and anti-virus products regularly screen images' digital fingerprints against known CP databases?

A 2009 story on CNET about child pornography and viruses (link) discussed on the Internet Safety blog Nov. 11, 2009, suggests that Cloud computing services implement technology to compare “hash marks” or “digital fingerprints” of known illegal images (as identified, for example, by the National Center for Missing and Exploited Children), to prevent some illegal images from being uploaded.

This sounds a bit like the fingerprinting and watermarking advocated by the ICRA a few years ago as a way of voluntary content labeling to protect minors on the Internet, as litigated in COPA (struck down in 2007).  Since ICRA’s budding system no longer exists, the value of this British group’s ideas might have been lost.

Connect the dots, if you will.  Could anti-virus companies also check digital fingerprints of images against the NCMEC database as standard procedure, as a way of making sure that home users don’t unwittingly download illegal materials, or have them downloaded by viruses, especially in a P2P environment?

I have not heard of this technology being available, at the home or office computer level.  But maybe it should be.  If it were, would it be a legal responsibility for home users to implement it, and would legal standards of proof in c.p. prosecutions change?

State laws protecting minors may result in downstream liability for websites hosting ads (Backpage v. Washington State)

Backpage.com, owned by the Village Voice, is challenging a Washington State law which would make a website criminally liabile for hosting ads for inappropriate activity with minors.  Specifically, a website accepting ads for sexual activity would have to take "reasonable" steps to ensure that the parties placing the ads are not minors.

The problem is downstream liability -- a website may have no practical way to verify ages, without an operation requiring a lot of economic scale.

The law might run afoul of Section 230 of the 1996 Telecommunications Act. On the other hand, the law appears restricted to ads, which makes it much narrower than was, say, COPA.

Anderson Cooper is discussing the matter June 7 on CNN on his AC360 program.

CNN has an editorial by Douglas Rushkoff opposing state laws like this, saying even CNN could be liable if a visitor's comment amounted to an illegal ad.  Here is the link.

ABC News has a story about the challenge to the law by Backpage, (website url) here.   On June 5, a federal judge placed a restraining order on the state law.

Tracy Clark-Flory has a story about HB 6251 on Salon here, and notes that the law only requires an "attempt" at age verification -- a concept that we know failed with COPA.  Salon was a COPA plaintiff. 

Facebook's plans to allow under-13's to use site under "family access" and achieve COPPA compliance stirs controversy

Stories are circulating that Facebook is considering some sort of “family plan” to allow minors under 13 to join Facebook with all their activities monitored by parents.

Parental approval would presumably satisfy the requirements of COPPA, the Children’s Online Privacy Protection Act of 1998 (link in terms of the possibility of collecting information about minor users.

  

Talk has suggested that Facebook will sell family service as a way for extended family members to stay in touch with the kids.  But some experts feel that Facebook can’t replace the value of interactions in the physical world, or even with older, more mundane operations online (like email). 

PC Advisor UK has a perspective by David Daw on that question here. 

The original Wall Street Journal story (Monday) by Anton Troiavoski and Shayndi Raice is here. 

There is another practical question, of course, that we know well from COPA, whether there’s an effective way to screen users who lie about ages with some sort of adult-id system.  But it’s possible to imagine a future where biometrics (like retina scans) could change the game on that question. 

The whole adult-ID concept was shot down by COPA litigation, but at one time was regarded as a way to invalidate an even older law, the CDA (Communications Decency Act of 1996).