Letter to Representative Bob Franks regarding H.R. 3508


June 4, 1996

Representative Bob Franks
429 Cannon House Office Building
Washington, DC 20515

Dear Representative Franks:

We are writing to commend your efforts to protect children's privacy. We are pleased that you have begun a process to put these important issues at the center of the political debate. We believe, however, that the solutions recommended in your bill, -- the "Children's Privacy Protection and Parental Empowerment Act" (HR 3508) -- particularly as they relate to the exchange of information on the Internet, will not only increase the collection of information about children in certain circumstances but will also criminalize behavior in a vast array of unintended situations, thereby compromising the free flow of information online.

With the rising popularity of the Internet and commercial online services, concerns regarding the vulnerabilities of unsupervised children's activities online must be addressed. Indeed, although the Internet offers children unprecedented and important new educational and recreational opportunities, the medium also may offer access to inappropriate material, or exposure to unfair marketing or information collection practices. Solutions to these problems must be carefully analyzed and should take into account both the unique nature of the Internet, as well as the multitude of First Amendment and privacy rights at stake for all who seek to read, communicate, and associate with others in the online environment. In fact, the Federal Trade Commission (FTC), whose responsibility it is to police the existence and proliferation of unfair or deceptive advertising and information practices has scheduled hearings for June 4 and 5 to look at these very issues as they apply to the Internet.

Because your bill was drafted to apply to all media we are concerned that its application in the Internet context may lead to unintended consequences. We ask that you examine, together with the FTC, the unique qualities of the Internet and the problems that result from regulating activity at the information publisher or Web site operator end.

In its application to the Internet, the Children's Privacy Protection and Parental Empowerment Act is both over-inclusive, covering virtually all who participate in the Internet, and ineffective, in that it leaves substantial loopholes for those who engage in the behavior at which the bill is targeted.

The term "personal information," the basic regulatory target of the bill, is defined in such as way that it may include nothing more than an electronic mail address which by its nature, gives no indication of the age or physical location of a user. Furthermore, the term "list broker," is drafted to cover any entity which exchanges personal information in the course of its operation. The vast majority of World Wide Web site operators, as well as anyone who operates a listserv, mailing list or other information distribution mechanism, all collect, store, and may well exchange, email addresses. Then, unless Web site operators obtain parental consent before collecting information, they risk criminal penalties for violation of section (a)(4).

The difficulty in compliance is two-fold. First, information providers on the Internet have no way of distinguishing children from adults. In fact, compliance with the bill could well lead to an increase in the collection of information about children and adults, only compounding privacy risks. Even with the imposition of an unacceptably intrusive national ID system (a system that none of us support), it would still be essentially impossible for an information publisher or Web site operator to establish the age of the user visiting the providers site. Second, the requirement to disclose the source of personal information about children to parents creates unclear new obligations on Internet information providers. In fact, many of the information providers who would be covered by your bill do not keep track of the source of their information and thus may not have the ability to comply with the statute. Compliance with this section could well lead to an increase in the overall collection of personal information about Internet users, thereby compounding privacy risks.

Imposed identification procedures applied to the World Wide Web under the threat of criminal penalties would limit all Internet users' ability to read, speak, receive information and interact online under constitutionally-protected conditions of anonymity. Further, requiring parental consent in all instances or requiring providers to disclose information to parents collected from children fails to acknowledge the distinction between young children and teenagers and their rights under the Constitution.

Finally, section (a)(6) which criminalizes any distribution or receipt of personal information where the receiver has knowledge or "reason to believe that the information will be used to abuse the child or physically harm the child" is well-intentioned, but potentially so broad as to cover anyone who receives and discloses personal information about a child. The bill establishes no clear standard of care or level of knowledge necessary to meet this requirement, leaving everyone on the Internet in doubt about whether or not they may be violating this new crime. Schools and organizations who publish directories as well as newspapers who publish the identity of a child in a news story could be subject to prosecution because they had "reason to know" that the information may end up in the possession of bad actors.

Given all of these difficulties in applying your bill to the Internet, and given the importance of addressing children's privacy issues, we suggest that examination of alternatives is in order. Empowering parents to protect their children's privacy with existing technological tools and fair information practices by the industry will help ensure that the Internet continues to grow and thrive for both commercial and noncommercial endeavors. For example, software already on the market such as Cyberpatrol, as well as industry-standard technologies such as the Platform for Internet Content Selection (PICS) enable people -- including parents and their children -- to restrict access to sites which practice objectionable marketing and information collection techniques.

At present, PICS technology, along with other innovative products, allows parents to filter and block-out materials that contain objectionable content or block access to sites with inappropriate or abusive marketing practices. Current technology can enable parents to: The Internet community is already considering extensions to the PICS specifications which will enable individual users and parents to block the transmission of their personal information to Web sites they visit and to express a preference about how and to what extent they are willing to have personal information reused. PICS, Cyberpatrol and other technologies can help eradicate the deceptive and inappropriate practices your bill seeks to address without compromising the rights of users or content providers.

Several of us have had the opportunity to talk with you and your staff about this legislation. We appreciate your willingness to discuss these issues and look forward to working with you in this important area in the hopes that technological alternatives combined with better industry practices and much more narrowly crafted legislation will help protect this nation's children in the online world, consistent with First Amendment and privacy principles.

Sincerely,

The Center for Democracy & Technology

The Electronic Frontier Foundation

People For the American Way Action Fund

Voters Telecommunications Watch


Back to the CDT Children's Privacy Issues Page
 Back to the CDT Home Page