The 463: Inside Tech Policy

Check out the the registered sex offender page below:

Now take a quick glance at this MySpace page ...

Well then, quite clearly, this Texas sex offender has set up shop on MySpace.

And, yesterday, CNET's Elinor Mills (whom I like and respect) ran a story about the "independent research" that fingered the social networking sex offender above:

In carrying out his research, (the private investigator) said he ran a list of 40,000 registered sex offenders against more than 2 million MySpace member pages. He came up with nearly 12,500 likely matches. After comparing the MySpace member photos with mug shots on a registered offender database, Rambam found 100 confirmed matches and said he would have found more if he had continued the research...

..."Based on the number of hits we're getting as a percentage of genuine MySpace users we believe that there are anywhere from 3,000 to 39,000 sex offenders on MySpace," Rambam said on Friday.

But, wait. Look closely. And, consider this about the cornerstone piece of evidence so prominently displayed on CNET:

--Why would anyone use a mugshot as their profile picture -- let alone a sex offender trying to use a social network to lure victims? And, especially one as unappealing as this one? Is this the one digital photo of himself that this guy has access to?

--This profile claims that he'd like to meet "your daughter." Really? That is supposed to appeal to people like, um, your daughter? Just like claiming that he is a bi swinger who "likes kids"?

--Scientologist, too? That knocks the possible population to less than one percent.

--And, why would he list his weight and height accurately but fudge his age by almost a decade? Is the thinking here that a 78-year-old just wouldn't have the same pull with a minor as a 68-year-old?

--As noted in the piece, the investigator who did this research was working on behalf of a lawyer currently in a legal battle with MySpace.

Certainly stupider and more brazen acts have been done. So, there is a possibility that this is a true match. And, if so, it's a bad thing and, regardless of the investigative source, it's good that he's weeded out of the system.

But, it makes you go hmmmm, indeed, when this is the exemplar of research that is currently being reviewed by several state attorney generals.

UPDATE: The investigator, Steven Rambam, writes into the comments below and says, among other things:

I am the Investigator that is the subject of your slightly snarky comments.

While I certainly understand a cynical attitude - I am similarly afflicted - you should have done a bit more careful analysis.

As Michael Carter points out, the Myspace page was posted during 2007. As I do not own a magic time machine, I am not capable of falsifying 2 year old myspace pages (which seems to be what you are implying). (BTW, Michael, we did find dozens of myspace.com pages for current and active accounts.)

Fair enough: So I also note in the comments:

It actually never crossed my mind that you or anyone associated with you would have posted this page in 2007 (and, I noticed that date, too). My guess is that, if it is not "real", the page was created by some joker with too much time on their hands. I'll happily make this more clear on the post, itself.

My issue with this is not the body of your research, but that this particular page was used as the exemplar of it.

PFF Senior Fellow Adam Thierer wrote the book on online child protection, so who better to give insight on today's long-awaited MySpace/Attorney General agreement to create protections for kids using the News Corp site.

And, no really, Adam did write the book. (You can download "Parental Controls and Online Child Protection: A Survey of Tools and Methods" here.)

Before we get to the Q&A, here is a brief overview/opinion of the agreement courtesy of NYT's Brad Stone:

Among the dozens of measures MySpace has agreed to take, the social network will let parents submit the e-mail addresses of their children, so the company can prevent anyone from using that address to set up a profile. It will also set the profiles of all 16 and 17-year-olds to private, so only their established online friends can visit their pages - essentially creating a “closed” section for users under age 18.

MySpace also promises to hire a contractor to identify and delete pornographic images on the site. And the company will take charge of an Internet safety technical task force to develop an age and identity verification tools for social networking sites.

Now, to Adam...

Q: Why is today’s AG/MySpace announcement significant? What about this tells you that this will be more substantive than the veritable “blue ribbon committee” that peaks at launch?

The agreement is significant because it represents a sensible step forward in terms of online safety. Indeed, many of the principles in the agreement could form a potential model “code of conduct” that other social networking sites could adopt. That is important because (a) it really could help keep kids safer online; and (b) it will help us avoid the specter of government regulation of the Internet and others forms of digital communication.

The agreement with the AGs is especially notable for what it does not include: age verification mandates. The call for an Internet Safety Technical Task Force to study online safety methods and identity authentication tools is a sensible alternative to the rush to mandate age verification, which some AGs have been advocating vociferously over the past two years.

Hopefully the task force will provide critical examination of the issue and not simply begin with pre-ordained conclusions about the wisdom or effectiveness of online age verification techniques and technologies. At the press conference announcing the agreement, however, Attorneys General Roy Cooper of North Carolina and Richard Blumenthal of Connecticut seemed to imply that that the goal of the task force would be to develop and implement a full-blown age verification system for the Internet. “We are going to find and develop online identity authentication tools,” said AG Cooper. And AG Blumenthal reiterated an argument he made ad nauseum last year that, “if we can put a man on the moon,” then we ought to be able to verify the ages of people before they go online.

But it’s just not that simple. As I argued in a lengthy PFF study last year entitled, “Social Networking and Age Verification: Many Hard Questions; No Easy Solutions,” there are no silver bullet age verifications solutions. Online authentication is a complicated, multi-faceted technical issue. And, even assuming we could find a way to make it work, there are many other considerations that must be taken into account, such as the burden it might impose of freedom of speech or individual privacy.

The danger, therefore, is that the AGs have a pre-ordained conclusion and that they will either stack the deck on the task force with age verification advocates or pressure the task force to adopt mandatory age verification without thoroughly studying the issue. Again, that would be a serious mistake and it would also likely give rise to legal challenges.

Q: What other companies are critical to making the Internet Safety Technical Task Force successful? And, as far as you know, was their consideration to having them involved prior to this announcement?

If the task force does go forward, it needs to be a balanced panel of experts and include other social networking players, such as Facebook. This shouldn’t just be a MySpace thing.

Q: While this obviously is targeted towards collaborations with state law enforcement, what do you think the DC impact will be of the Internet Safety Technical Task Force?

Some AGs have tried to get the federal government involved in the effort to regulate social networking sites, but so far nothing has come of that. Ironically, if anyone was going to take the lead in terms of social networking regulation, it should be the federal government—not the states—since the Internet is not a local medium or platform. In fact, that’s one of the reasons why the AGs have wisely not pursued any formal legal action against MySpace thus far; they know it would likely be struck down as an unconstitutional burden on what is clearly interstate commerce.

Of course, the last thing I want is more federal Internet meddling and silly bills like the Deleting Online Predators Act (DOPA) that are completely counter-productive. If the feds get involved at all, it should be in terms of education and awareness building about sensible online safety efforts and parental empowerment tools. They should adopt an “educate first” approach to the issue. But I have a sneaking suspicion that, to the extent they do get involved, they will once again take the “regulate first” approach.

Today the San Jose Mercury News completed an excellent series on the current cybercrime state-of-affairs, and the picture they paint isn't pretty. The problems are getting worse, it's costing us billions and, yet, there (still) is basically no governmental leadership to do much about it.

Worst of all, I would assume that most readers of this blog are now doing a collective palms-up shoulder shrug as you say, "What's new?"

From today's piece:

Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention and determination to combat the cyberthreat, a Mercury News investigation reveals.

"The U.S. government has not devoted the leadership and energy that this issue needs," said Paul Kurtz, a former administration homeland and cybersecurity adviser. "It's been neglected."

Even as the White House asked last week for $154 million toward a new cybersecurity initiative expected to reach billions of dollars over the next several years, security experts complain the administration remains too focused on the risks of online espionage and information warfare, overlooking the international criminals who are stealing a fortune through the Internet.

"They're still not taking cybercrime seriously enough," said former administration cybersecurity adviser Marcus Sachs, now at Verizon Communications, reflecting the views of several former White House officials.

And, the Administration isn't the only target for blame. From a sidebar story on cybercrime legislation...

Congress has either failed to pass bills or sent ineffective legislation to the president. Agencies have shied away from imposing regulations. Leaders have not bothered to make sure computer users understand the problem - if the officials themselves even comprehend the threats.

"Overall, I was amazed at the lack of knowledge, not only among presidential staff, but at the Cabinet level, and the Senate and House," McAfee Chief Executive Dave DeWalt said after meeting in the summer with senators, Congress members and Cabinet secretaries about information security.

The threats aren't easily grasped: U.S. Rep. Zoe Lofgren, D-San Jose, whose district includes much of Silicon Valley, is one of Capitol Hill's most Internet-savvy legislators. Yet even Lofgren, when asked in August if she knew what a botnet is, responded only with, "Sort of." Her spokesman said most other members of Congress likely could not even make that claim.

The Merc has lots of cool/helpful graphics to illustrate the issue and features videos of several key players including Congresswoman Zoe Lofgren. Part I is here and Part II is here.

Our friends at StopBadware.org have taken their fight against badware in a new direction, this time by calling out some of the web services providers that are hosting large numbers of sites in StopBadware.org's Website Clearing House.

Every generational divide worth its salt needs Footloose-like legislation to legitimize it. The Millennial's vs. Boomers battle can already count the much discussed original Deleting Online Predators Act (DOPA) and its current offspring that exists in a Senator Ted Stevens bill (cue chortles).

But all the action isn't and won't be in DC. State legislators have proven particularly adapt at stoking fears about new applications of technology. Case and point is a Georgia bill introduced in late January that would mandate that minors first have parental permission to have a social networking page and then allow Mom and/or Dad to have access to their personal profile page.

This not only means that they would be able see what everyone else would be able to see on someone's MySpace page, but, with access to the profile page, parents would see incoming personal messages.

One 14-year-old Georgian, sums up the bill nicely in the Atlanta Journal Constitution:

In our DOPA update today, we did miss one notable politician who is not afraid to play off of the Mark Foley page scandal to take hits on social networking sites.  It's this years best known Indie pol, Joe Lieberman, who recently said....

A funny thing happened along the way to making MySpace child predator fears a campaign issue.

You remember the Deleting Online Predators Act (DOPA)?  The bill that passed 410-15 in the House and would effectively ban minors use of (at the very least) social networking sites and chat rooms from federally funded schools and libraries?

It was supposed to be a big tenet of the so-called House Republican suburban agenda.  After doing a Nexis search, it clearly isn't.   We couldn't find a single reference from a campaigning congressional candidate about the supposed evils of social networking.

There is an obvious two word reason for this:  Mark Foley.

The page scandal certainly put the nail in the already closed coffin of the bill getting introduced in the Senate before Congress closes.  It also means that Republican House member raising the specter of Internet-enabled child predating might be just a little awkward.

USA Today reports:

Despite the rise of social networking sites such as MySpace, a smaller percentage of young people are being sexually solicited online than five years ago...

...The long-awaited report, to be released Wednesday (click here for a PDF of the report) is the only national study of its kind. It is by the University of New Hampshire's Crimes Against Children Research Center, which surveyed 1,500 children ages 10 to 17 last year and compared findings with a similar group five years earlier.

About 13% (3.2 million) said in 2005 that they had received an unwanted request to engage in sexual activity or conversations in the previous year from either adults or other children. Five years earlier, it was 19%.

The writing on the wall

Silicon Valley woke up yesterday, rubbed it's collective eyes and looked at a pretty big number.  It wasn't YouTube's valuation or the number of parties that Valleywag attended the previous night; it was this:  410 to 15. 

Four-hundred-and-ten members of the House of Representatives said, yes, let's pass the Deleting Online Predators Act (DOPA) -- covered here and here at The 463 in May -- and keep sites like MySpace and Facebook from minors in schools and libraries that receive a form of federal funding.  Fifteen said perhaps we should focus on the criminals and not a communications medium.

The tech community (at least those who blog and comment on blogs) seem to be shocked by this result. (Old-school media has ignored it).  Consider TechCrunch.  It's probably the most well-read blogs that focuses on the emerging Web 2.0 companies.  Consider its reaction today:   

Yesterday...

Several large technology companies, including Google Inc. and eBay Inc., announced support yesterday for stronger federal regulations to protect consumer privacy on the Internet.

Twelve companies formed an advocacy group, the Consumer Privacy Legislative Forum, to lobby for greater protection of private information, and several members testified yesterday before a House subcommittee.  (Washington Post)

Thoughts (after the jump):