A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology
(1) CDT Reports Calls Pennsylvania Blocking Law Unconstitutional and Unsound
(2) Background on the Penn. Web Blocking Law
(3) Laudable Goals, Serious Constitutional and Technical Problems
(4) Request Filed for Records of Undisclosed Web Site Blocking
The Center for Democracy and Technology released a major report calling unconstitutional a recent Pennsylvania law that forces Internet Service Providers (ISPs) to block access to numerous web sites without adequate court oversight. The report's release coincides with a request under Pennsylvania's right-to-know law seeking records of the Attorney General's previously undisclosed demands to block web sites pursuant to the law.
The CDT report - entitled "The Pennsylvania ISP Liability Law: An Unconstitutional Prior Restraint and a Threat to the Stability of the Internet" - analyzes a 2002 Pennsylvania law that forces ISPs to block access to any web site deemed "child pornography" without notice to the site's publisher and without any opportunity to challenge the determination. ISPs are required to block the sites even if they do not host the content and have no relationship whatsoever with the publishers of the content. The Pennsylvania Attorney General has since gone even further, bypassing the law's inadequate court procedures to simply demand by letter that sites be blocked. The report argues that the statute, which blocks access to sites that are wholly innocent, is an unconstitutional restriction on speech, blocks access to sites that are wholly innocent.
CDT's report is available at http://www.cdt.org/speech/030200pennreport.pdf.
Passed in early 2002, the Pennsylvania ISP Liability Law imposes potential liability on ISPs for child pornography available on the Internet, even if the ISPs are not hosting the offending content and have no relationship whatsoever with the publishers of the content. Essentially, the law makes any ISP doing business in Pennsylvania potentially liable for content anywhere on the Internet.
Under the law, the state Attorney General or any county district attorney can apply to a local judge for an order declaring that (a) certain content on the Internet is probably child pornography, and (b) the content can be reached through the services of a specified ISP. The entire court proceeding occurs with the participation of just the government, with no prior notice to the ISP or the web site owner required, and no notice after the hearing to the web site owner. This kind of proceeding contrasts with typical court proceedings that require notice to parties and an opportunity for both sides to be heard.
Under the law, a judge does not make any final determination that the challenged content is child pornography; instead, the judge needs only to find that there is "probable cause" evidence of child pornography. Based on this determination, the state Attorney General notifies the ISP in question. The ISP then has five days in which to block all access to the specified content, or else face criminal liability.
Critically, the ISP Liability Law imposes potential criminal liability for content that is rely "accessible through" an ISP's or access provider's service. The law lacks any requirement that the ISP have any connection to or responsibility for the content (such as if the content were created by the ISP or one of the ISP's customers). Instead, the potential liability is created simply because - as with any Internet service provided by any ISP - someone in Pennsylvania can reach content located anywhere on the Internet.
While acknowledging the grave nature of the problem of child pornography, CDT's report details the serious problems - both legal and technical - inherent in the law and the Attorney General's actions:
The magnitude of over-blocking under the Pennsylvania law is demonstrated in a separate report - also released this week - by Benjamin Edelman of the Berkman Center for Internet & Society at the Harvard Law School. In that report, Edelman finds that more than two-thirds of all .COM, .NET, and .ORG web sites share their IP addresses with at least fifty other web sites. Any blocking order aimed at one of those web sites under the Pennsylvania law would block all fifty (or more) sites, even if those sites are wholly unrelated to the targeted web site.
In light of these findings, the effect of the law is like stopping mail delivery for an entire apartment building because one tenant is accused of wrongdoing. The law will prevent many Internet users around the country from accessing hundreds or perhaps thousands of innocent web sites, with no notice or explanation whatsoever.
Benjamin Edelman's report, entitled "Web Sites Sharing IP Addresses: Prevalence and Significance," was released by Mr. Edelman this week, and is available at http://cyber.law.harvard.edu/people/edelman/ip-sharing/.
In conjunction with the release of its report, CDT has also assisted in the filing today of a Pennsylvania "Right to Know" Request to the Attorney General, demanding that he disclose the hundreds of web sites that he has blocked since the law went into effect. Professor Seth Kreimer of the University of Pennsylvania Law School, with CDT as counsel, submitted the "open records" request seeking all orders and notices served pursuant to the law on ISPs by the Attorney General's office.
Under Pennsylvania's open records system, the Attorney General must produce the requested documents within ten days. CDT will post the response on our Web site when we receive it.
Detailed information about online civil liberties issues may be found at http://www.cdt.org/.
This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_9.06.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 9.06 Copyright 2003 Center for Democracy and Technology
