New Law Could Turn ISPs Into Child Porn Cops
Posted Oct 16th, 2008 05:50 PM by Mark Kernes
- The Bush administration has spent much time and effort searching out ways to sidestep constitutional prohibitions against illegal search and seizure, and when it comes to stamping out child pornography, it seems to have found a new one.
The PROTECT Our Children Act of 2008, S. 1738, signed into law this week by President Bush, would allow Internet Service Providers (ISPs) to compare the "hash mark" - the unique digital signature - of each image file (even video) or document passing through its system with a list of the hash marks of known child porn images, and to report any hits to the FBI or other appropriate government agency.
To aid in this effort, Brilliant Digital Entertainment has come up with a gadget known as CopyRouter, which ISPs could place in their data stream. According to an article
on msnbc.com, CopyRouter's function is to compare the hash mark of each file passing through the ISP's computer system with the federal government's list, but it also takes the further step of blocking any child porn files it detects and substituting a file provided by law enforcement which warns, "The material you have attempted to access has been identified as child pornography." The hardware also has the capability of reporting the attempt to access the kiddie porn to the feds, together with the IP address of the file's intended recipient.
CopyRouter uses "deep packet inspection," which MSNBC describes as a "controversial new technology" which can detect hash marks in real-time as the data is flowing through the system. Brilliant Digital claims that its unit can detect the hash mark even of an encrypted file by tricking the system into providing an unencrypted file for comparison with the hit list.
Now, if it were simply the ISP itself that decided to use CopyRouter or some other child-porn detection software or hardware, and it made its users aware that it intended to scan all files flowing through its system, that would not present any constitutional problems. But there are a few flies in the ointment.
For one thing, there's recently been pressure applied, mainly by New York Attorney General Andrew Cuomo, for ISPs to block their users' access to child porn sites. In fact, Cuomo has established a public website listing ISPs that have cooperated with his effort ... and those who haven't. And while S. 1738 allows ISPs to obtain copies of the government's child-porn hash list, that list is actually maintained by the National Center for Missing and Exploited Children (NCMEC), a private corporation which composes the list based on hash mark information it receives from law enforcement agencies. Moreover, Brilliant Digital's Michael Speck told MSNBC that CopyRouter wouldn't present ISPs with any legal problems "because the list of banned files would be managed by the law enforcement agency, not handed over to the private companies. CopyRouter would consult that list, but at arm's length from the companies."
And that's where the problems come in. For one thing, if the ISP does its snooping on the sly, without informing its customers, that's clearly an invasion of privacy - and if it did so at the request of some government agency, that's a Fourth Amendment violation, since it would be a warrantless search - and it's unclear whether Cuomo's attempts simply to browbeat ISPs into performing the searches constitutes a similar violation. Further, since NCMEC, a quasi-governmental entity, prepares the official hash list based on information supplied by actual government agencies, ISPs' use of that list just might be another Fourth Amendment violation, even without the government directly being a part of the search.
Brilliant Digital thinks it can get around these problems because its CopyRouter doesn't look at the document itself, just its hash mark, and although Speck claimed that CopyRouter would be a "neutral middleman, not sharing information with the ISP or law enforcement," the company's slideshow promoting the product says that, "Any hits here will generate a 'red' report, which will be routed to the police collector server ONLY. These reports contain full IP information." How the fact that S. 1738 now allows ISPs to take possession of the government's hash mark list would affect either the ISP's or Brilliant Digital's culpability under the Fourth Amendment is unclear. Worse, the new law makes it a felony for ISPs to fail to report to law enforcement any files it knows to be child porn, with fines for failure to do so ranging up to $300,000 per incident. And rest assured, NCMEC intends to press ISPs to use its hash list to target files exchanged over their servers.
Also, the Center for Democracy and Technology (CDT) has expressed concern over what it sees as prior restraint of speech if an ISP blocks files based on the hash list.
"You can't declare speech, or images, illegal without judicial proceedings," CDT's John Morris said. "That creates enormous First Amendment problems. You can't have an agency or outside firm acting as judge and jury on these images... As horrible as child pornography is, and it is horrible, you still have to follow the Constitution."
Interestingly, Morality In Media (MIM) also objects to the law - because it doesn't go far enough.
"If S. 1728 comes up for a vote, it will pass easily because Congress can't do enough to curb sexual abuse of children," wrote MIM president Robert Peters in a press release. "But if Congress is ready to spend hundreds of millions of additional dollars to curb sexual abuse of children, why doesn't it also spend several million to fight 'adult' obscenity?"
Might have something to do with that $850 billion Wall Street bailout Congress just passed ...